The new General Data Protection Regulation (GDPR) comes in to force on the 25th May.
Those not complying with the rules will be faced with heavy fines, so as a business, you need to make sure you are prepared. Take a look at https://www.eugdpr.org/ for a full list of rules and regulations.
We recently ran a webinar alongside GDPR expert Mark Gracey focusing on what is needed to become GDPR compliant and how the new rules impact B2B lead generation. You can download a recording of this here!
We received lots of questions as a result of the webinar and so will answer your questions in this post:
Can I use B2B email addresses that I source from a third-party data provider? According to GDPR, as long as I have a legitimate interest it’s fine, but PECR seems to restrict the ability to email and SMS this type of data.
If your data is strictly B2B and you don’t have sole traders, then it’s the PECR rules that tell you what you can and can’t do. If they opt out, then you need to honour the opt out. Be careful of legitimate interest and make sure you follow those rules.
You must be able to demonstrate that it is in your interest to process the data. There are three hoops, so make sure there is no other lawful basis that this goes against. You need to ensure that there is no harm to the rights and privacy of those data subjects.
We have hundreds of thousands of individual leads in our database that are B2B and in our industry, and so we send them lead generation emails. Do we now need consent? We have acquired this data through public forums such as LinkedIn and Indeed.
If they are strictly B2B, then that is fine. But if you are taking data from public domains, be careful you are not targeting individuals.
The PECR rules allow you to use B2B data without consent, so continue to collect that data and market to them, but just be aware of brand reputation – you don’t want to become known for spamming.
Can you not seek consent via email before 25th May?
Seeking consent via email is still technically a form of marketing, and so you cannot do this. If you need consent for marketing then you need to look at seeking consent with directly sending an email. However, if your mailing list has not complained previously about your marketing tactics, then you will more than likely get away with emailing them for consent before GDPR kicks in.
Do B2B have to ask for opt ins, if they download an eBook for example, or are they automatically opted in?
No, they don’t, as long as you can demonstrate that your eBook is created for B2B then this is fine. Just be careful of any sole traders downloading as you will need consent from them.
Can we retarget or market to prospects based upon business name only as opposed to using specific names and emails?
Yes, consent is not needed as it is not personal data. The PECR rules state that a business contact has the opportunity to opt out and if they do then you must honour that.
How do you ensure suppliers are GDPR compliant?
Search the company online. A lot of businesses are releasing a GDPR statement, so keep an eye out for that.
What happens if you have an email for someone in a B2B context but it’s actually their personal email rather than their business one?
The regulations don’t necessarily differentiate the type of email address from the use of it. As long as you are clear in context (that it is strictly B2B), you will be fine. If in doubt, don’t use it.
Who is liable for sending the communications? If we are a marketing agency and send emails to the 3rd party who send it on our behalf, then who is liable if it is in breach of the law?
If you have collected the data and decide how it will be used then you will be liable if there is an issue. But, if the 3rd party makes an error then they will be liable. You need to ensure that you have acted properly and in line with regulations.
If you scan a badge at a B2B event, do you need delegates to opt in and sign up?
As long as they are not sole traders, then you are okay to email the data. Just make sure they are aware when scanning their badge as to what you are going to do, and ensure that they are businesses rather than individuals.
If someone hands out a business card, does this count as consent?
Yes, giving a business card out is a form of consent. However, if they could be a sole trader, make sure they are aware what will happen as a result of exchanging business cards.
If a sole trader has a generic email address can we still email them?
Yes, if it isn’t easily identifiable as an individual that is fine.
Will there be a GDPR compliance accreditation?
There may be possibility of the UK government or ICO introducing something, but GDPR doesn’t require it.
If you would like further information on GDPR, then download our webinar recording for more key information!
Or if you have unanswered questions and would like some more information about us and how we can help you, then email us at firstname.lastname@example.org.