GDPR Guide for B2B Sales and Marketing professionals
Download this practical GDPR Guide for B2B Sales and Marketing professionals. Find out what you can and can not do under GDPR and how it will impact your day to day activities.
This guide is now available on request, drop us and email or give us a call and we'll send it to you. While the GDPR is now two years old every element of it is still as relevant.
Below is an example of the type of response that we have used with our clients to a GDPR subject access request.
Our responsibility to act within all legislation, including GDPR, is taken very seriously.
On the basis of your response, we have immediately suppressed any further communication after this email. We will delete your records from both the email platform and Google Docs within 21 days.
Your details were found via: LinkedIn
When: June 2018.
The personally identifiable information that we have processed is: name, job role and corporate email.
The corporate email address was created using standard email format. first.last@domain
We do not use email addresses associated with LinkedIn profiles because of the risk of these emails being personal.
Your data was processed in line with GDPR, following a three-point Legitimate Interest test and this is the legal basis on which we sent the communication.
Your data is held in Google Docs and the email platform.
Your first name and email address were processed to send the communication.
I will explain the legal basis of why you were contacted.
GDPR makes no distinction between a personal email address and a business email address. However, UK law does, it is this differentiation that allows organisations to still email businesses. This is because PECR, which is the regulation of the electronic communications that has been in place for many years and last updated in 2015, is not replaced by GDPR or the 2018 Data Protection Act in the UK and allows for contact without consent.
However, GDPR does introduce legislation that means that outreach emails can only be sent under certain circumstances and that this communication needs to still be compliant.
There area number of lawful basis for sending email, including but not limited to consent, the lawful basis we have used to send business to business email which is Legitimate Interest. Currently, this allows for business to business emailing where the recipient has not given consent to processing providing a legitimate interest test has been carried out and passed, and the sender recognises and respects the rights and freedoms of the recipient, such as responding to their request and actioning the request.
From the ICO Guidelines
“142. These rules on consent, the soft opt-in and the right to opt-out do not apply to electronic marketing messages sent to ‘corporate subscribers’ which means companies and other corporate bodies eg limited liability partnerships, Scottish partnerships, and government bodies. The only requirement is that the sender must identify itself and provide contact details."
- Which we have done.
“145. In addition, many employees have personal corporate email addresses (eg firstname.lastname@example.org), and individual employees will have a right under section 11 of the DPA to stop any marketing being sent to that type of email address.”
- Which we have done.
And the ICO Guidance on PECR
"Although the Data Protection Act 1998 (DPA) only protects individuals, PECR apply to any direct marketing by phone, fax, email or other electronic means. This means that PECR protects companies and other corporate bodies from unwanted marketing, as well as protecting individuals.
However, there are different rules for marketing to corporate bodies and marketing to individuals. PECR place fewer limits on marketing to corporate bodies – but there are still limits."
"The rules on marketing by email or text are different. The only obligation on the organisation sending the email or text is that they must not conceal their identity, and must provide contact details.
There is no right to opt-out, or to register with a preference service. However, it is still worth asking an organisation to stop sending you marketing emails or texts. Most organisations will not want to waste resources or risk their reputation by sending unwanted messages.
Individual employees with personally identifiable work email addresses (eg email@example.com) can, however, make a written request to stop receiving marketing emails under s11 of the DPA. Organisations must then stop using that email address for marketing purposes within a reasonable period."
- Which we have done.