Choose your topics

The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
The Simple Way to Combat Phishing

SureCloud Cybersecurity Practice Director Luke Potter shares his tip to stay ahead of attackers phishing for your downfall.

Penetration Testing
See Yourself in Cyber With Janhavi Deshpande

See Yourself in Cyber With Janhavi Deshpande - SureCloud

Cyber Security
Vector (7)
Data Privacy, GRC

Why are B2B Marketers asking for consent in the name of GDPR?

Why are B2B Marketers asking for consent in the name of GDPR?
Written by

Richard Hibbert

Published on

30 Oct 2018

Why are B2B Marketers asking for consent in the name of GDPR?


In light of the EU GDPR, many B2B marketers don’t understand when to use ‘Consent’ as a ‘legal basis.’ Our Co-Founder and CEO, Richard Hibbert, explains.


GDPR in B2B Marketing

In the week running up to the GDPR launch date (25th May 2018), I received a lot of emails from B2B organizations asking for my consent to receive their marketing communications – all in the name of EU GDPR compliance.  Of course, the simplest way to stay on top of GDPR changes and queries is through GDPR compliance software.


The GDPR does not actually require B2B organizations to use ‘Consent’ as a legal basis for electronic marketing to their business contacts, even though they will be processing personal data.


B2B marketing professionals need to understand that the key regulations governing electronic marketing messages in the UK are “The Privacy and Electronic Communications Regulations” (PECR). 


PECR for Businesses

PECR sits firmly alongside the EU GDPR, and states that as long as you provide a convenient method for “Opting Out,” it is perfectly legitimate for the business to make marketing calls, and send emails, texts, and faxes to business contacts, without prior ‘Consent.’


So, where does GDPR fit in? 


Well, under GDPR, if we send electronic communications, we are processing “Personal Data.” For this to be legal, we must do two things: a) identify a legal basis; and b) be transparent –  as well as, of course, comply with the rest of the regulation.


Recital 47 of the regulation states: 

“The processing of personal data for direct marketing purposes may be regarded as carried out for a ‘legitimate interest.’” 


This means we do not require “Consent” as the legal basis. 


The second part of the regulation we need to consider is transparency. Article 14 states that governing “Information to be provided where personal data have not been obtained from the data subject.” Here, the regulation lists information that must be communicated to the direct marketing recipient as part of the communication, such as the ‘purpose for processing’ and ‘legal’ basis.


So, there we have it:  ‘Consent’ does not have to be the ‘legal basis’ for B2B direct marketing. 


Of course, this does not mean obtaining affirmative consent isn’t morally sound, but taking this approach could mean losing the right to communicate with a significant portion of your contact database, as many people will not provide their consent. 

Is this what you really want? 

Luckily, there is an alternative approach!


Our GDPR compliance software, or GDPR Suite, can help you navigate the world of GDPR and marketing consent in a way that still keeps your list of subscribers and prospects up! Take a look at the complete GDPR Suite tools


About Richard Hibbert 

Richard is responsible for the SureCloud vision, strategy, and execution. Richard also oversees the continuous innovation of the SureCloud Platform and advises enterprises on GRC practices.


Previously, Richard held executive positions at UK, European and North American tech companies, where he led sales, marketing, and market development functions.

Connect with Richard on Linkedin.


About SureCloud

SureCloud provides Governance, Risk & Compliance (GRC) applications and Cybersecurity solutions that give our customers certainty – of risk management/compliance, cybersecurity, and reliable answers today and tomorrow. 


Established in 2006, SureCloud is headquartered in the United Kingdom and has offices in the United States. SureCloud has more than 400 customers throughout the UK and US from the Retail, Financial Services, Government and other sectors.



This article does not constitute legal advice, and I recommend that readers seek legal clarification before acting. This is only my personal interpretation of most B2B Marketers understanding of ‘Consent’ as a “legal basis” for electronic marketing to their business contacts under GDPR.  


Please feel free to comment with your own interpretations.

Data Privacy Management Capability