For every UK business selling and marketing to other businesses and relying to some extent on email for this process, the big question being asked is:
Do I really have to opt-in my whole email marketing database by May 2018?
and, surprise, surprise, you can find the answer you want very easily whether you want that answer to be yes or no!
The Direct Marketing Association, who should know a thing or two about GDPR says this:
The only difference between B2C and B2B marketers now is in connection with email and text marketing to employees of corporate organisations. When dealing with sole traders or partnerships, the rules governing B2C marketing will apply to B2B marketers so the general position for email and sms will be that you will need opt-in consent. For telephone and direct mail, you need to offer an opt-out.
When dealing with employees of corporates, that is limited companies, LLPs, partnerships in Scotland and government departments, the rules for telephone and direct mail are the same, opt-out.
However when emailing or texting, you do not need the prior consent/opt-in from the individual. You can therefore send them a marketing email/text as long as you provide an easy way to opt-out of future communications from you.
For any B2B marketing communications, regardless of channel, the content must be about products and/or services that are relevant to the recipients’ job role.
This situation will not change under GDPR. These rules for email and text messages come under the Privacy & Electronic Communications Regulations (PECR) and this will not be affected by the implementation of GDPR.
While this statement seems pretty clear, it does rely on PECR, not GDPR for the right to carry on emailing. And here lies the issue because the UK’s Privacy and Electronic Communications Regulations (PECR) will be replaced with a new ePrivacy Regulation along side GDPR. Now, the Data Protection Network points out:
The text [for the new ePrivacy Regulation] is ambiguous as to whether a distinction can be drawn between corporate email addresses and individual email addresses. For example, will it still be possible to use opt-out for the former? The text can be read that member states will be able to make a provision for this under national law. However, even if this exemption holds, named corporate B2B data (e.g. firstname.lastname@example.org) is personal data and would have to be processed in line with GDPR. B2B marketers would therefore need to make a choice between using Consent or Legitimate Interests for sending electronic communications. It is hoped that as the text goes through the committee process there will be more clarity on this.
So, on one hand the DPA says that you can carry on emailing without prior consent to B2B email addresses as long as you offer them an opt out and as long as you don’t email sole traders and partnerships, but other bodies suggest the basis on which this advice is offered (PECR) will be amended before GDPR comes into force, requiring you to gain consent or rely on Legitimate Interest.
This article explains the PECR / e-Privacy issue well – so well that it sounds as confused as we are.
9 months to go and there is still no clarity for marketers on whether to discard their valuable B2B email databases or not. What a mess!!
Now the image at the top of this post starts to make sense…