10 things B2B marketers need to know about the GDPR and data protection
13 Sep 2017
The DMA receives many queries from the B2B marketing community around GDPR. Many are concerned that commentary around GDPR focuses on B2C marketing.
Under the current rules B2B marketers are subject to fewer regulatory requirements than B2C marketers.
This is because Privacy and Electronic Communications Regulations (PECR) focuses on protections for consumers. Marketing to corporate employees via electronic channels does not require consent under PECR.
These differences have led to confusion in the B2B marketing industry as to how they’ll be affected by GDPR.
Here are 10 things B2B marketers need to know about the GDPR:
- The GDPR applies if an organisation is processing personal data
- B2B marketers use personal data and therefore the GDPR will apply to them too
- Corporate email addresses and other contact details are personal data
- In fact the GDPR definition of personal data is broad and includes cookies and IP addresses
- The GDPR does NOT state that organisations need to obtain an opt-in consent for their marketing
- The GDPR lays out 6 legal grounds for processing personal data. All are equally valid.
- B2B marketers will be able to make use of the legitimate interest legal ground for their marketing activity in most instances.
- Legitimate interest is a subjective legal ground so an organisation must justify their activity and consider the privacy risks for data subjects
- Consent is black and white. It is a yes or a no. However, it is a robust standard which may be hard to achieve. If it is, the ICO have said legitimate interest might be the better choice.
- GDPR is the overarching framework but there are specific rules for the marketing sector from PECR, which is being revised and will become the ePrivacy Regulation in the future
The ePrivacy Regulation could potentially require an opt-in consent for B2B marketing as it is currently worded.
However, it is being debated by the EU Parliament and Council so there is a long way to go and nothing is set in stone.
In a recent meeting with a leading MEP, Marju Lauristan, responsible for the ePrivacy Regulation, DMA Group CEO, Chris Combemale, raised this very point and explained the potential damage to industry.
Marju agreed that the Parliament’s intention wasn’t to unnecessarily restrict B2B marketing.
This is a major lobbying focus for the DMA.