GDPR and B2B marketing; will you be starting again from scratch in May 18? | DMA

Filter By

Show All
X

Connect to

X

GDPR and B2B marketing; will you be starting again from scratch in May 18?

I’ve been hearing some scary stuff lately, from businesses saying (or should that be praying) that GDPR will never happen, to those who are bracing themselves for a day one scenario. The polar views have one thing in common; lack of understanding of what needs to be done to comply. In this blog, I will not attempt to give you a rundown of the whole regulation, but I will concentrate on B2B direct marketing only.

And not all direct marketing either; just one question, “do I need consent under GDPR?”.

This is the most common question that I am being asked and I suspect the cause of “head in sand” or “head in hands” for many people.

I’ll get straight to the point, for many businesses, not much has changed between the current law and the new one with regards to direct marketing. Under the current regulations, many businesses process the personal data for the purposes of direct marketing under conditions relating to “legitimate interests” in the Data Protection Act 1998. Which you can rely on as long as you are not prejudicing the rights of the individual. What this has tended to mean in practice, is that if you have a legitimate relationship with the individual and you don’t process data in a way that is unrelated to that relationship (or unexpected to that individual), you can usually rely on that condition.

Which is what many B2B marketers have done (whether they realise it or not). So long as you stop processing someone’s data for direct marketing if they ask you, you are pretty much there. I acknowledge there are other rights too, but I am purposely sticking to the most relevant points in this context, to aid clarity. Under the GDPR, it is a similar situation, in fact the regulation specifically cites “direct marketing” as an activity that maybe considered as a “legitimate interest” of a business.

However, there are two main differences between then and now, firstly the extra detail relating to information required and secondly the presentation of the opt out right.

Information: This is a key requirement; the individual MUST be able to understand what personal data of theirs you process. They need to know why you process it and what your legal basis for doing so is. If that legal basis is “legitimate interest”, explain what that “legitimate interest” is. This will be contained in your privacy notices (or privacy policy), which should be clear and concise. The Information Commissioners Office produces some good GDPR guidance on privacy notices.

Opt out: This is a key right under the current regulations, as well as under GDPR. The main difference in GDPR, is that you need to bring that right to the attention of the individual, in information that is prominently displayed and away from any other information. In a nutshell, that means if you are gathering data that you intend to use for direct marketing, you’ve got to let the person know they can object.

To comply in the future, it’s possible to redesign your data collection processes to meet the needs of the new regulations, but what about your existing data, do you need to do anything with that?

Unfortunately, if your existing data is not compliant with GDPR by May 2018, you will need to stop using it. I imagine that there are not many businesses that would choose to bin their legacy marketing data, but there is a choice. Acting to bring your data up to GDPR compliance should be a top priority now and this is what you need to do;

Step 1: Audit your marketing data. Find out what personal data you have got, where it is and what you use it for.

Step 2: Decide if the use to which you put the data, would be reasonably expected by the data subject themselves (based on your relationship with them) and you might be able to use “legitimate interest”.

Step 3: Update your privacy notice (privacy policy) in line with the ICO’s recommendations on privacy notices.

Step 4: Communicate with the people on your database, informing them of the new information available relating to how you process their data and clearly give them the opportunity to object. The opportunity to object, must be prominently displayed and away from any other information. This can be achieved through any channel you have consent to market to the person. This could be via email or direct mail, but you must keep a record of who has been sent what and when. There might be the argument to suggest that once is enough, but the more times you communicate this message between now and May 18, the more GDPR compliance you will be able to demonstrate.

This isn’t a comprehensive piece of advice on the application of privacy law, you can’t hope to do that in a blog. What I’ve tried to do here is set out the stall for using “legitimate interest” as the legal basis for processing marketing data. The Information Commissioner’s own advice, regarding choosing the legal basis for processing, is that if you are finding “consent” too difficult to achieve, then it may not be the most appropriate basis. For many B2B direct marketers, I believe legitimate interest is the most appropriate basis.

So, if your business is one of those that can claim legitimate interest as the basis for processing your marketing data, get your head out of your hands (or out of the sand) and get ready for GDPR.

For those businesses that need to use consent as the legal basis for processing, I’m afraid, that’s another story entirely.

Hear more from the DMA

Please login to comment.

Comments

Related Articles

As the year races forward, financial services marketers and CRM professionals face significant shifts that demand a re-evaluation of strategies. Here are the approaches currently topping the agendas of financial services marketers.

iStock-1481095189.jpg

As the use of third-party cookies fades away, personalisation is getting a makeover. Companies are now using their own data and AI to offer more relevant, consent-based experiences that meet customer expectations for both privacy and personal touch. Find out more in the latest Customer Engagement: Future Trends report.

Customer Engagement: Future Trends Report 2024

With the UK charity sector experiencing its first income decline in eight years, marketers had to get creative. Find out in the latest report which strategies proved to be most successful.

ce23-Report-web-image-template.png

UK’s retail landscape is evolving rapidly, with Customer Data Platforms (CDPs) at the forefront, helping retailers to intimately understand their customers.

customer data platforms.jpg