In light of the EU GDPR, many B2B marketers don’t understand when to use ‘Consent’ as a ‘legal basis.’ Our Co-Founder and CEO, Richard Hibbert, explains.
GDPR in B2B Marketing
In the week running up to the GDPR launch date (25th May 2018), I received a lot of emails from B2B organizations asking for my consent to receive their marketing communications – all in the name of EU GDPR compliance. Of course, the simplest way to stay on top of GDPR changes and queries is through GDPR compliance software.
The GDPR does not actually require B2B organizations to use ‘Consent’ as a legal basis for electronic marketing to their business contacts, even though they will be processing personal data.
B2B marketing professionals need to understand that the key regulations governing electronic marketing messages in the UK are “The Privacy and Electronic Communications Regulations” (PECR).
PECR for Businesses
PECR sits firmly alongside the EU GDPR, and states that as long as you provide a convenient method for “Opting Out,” it is perfectly legitimate for the business to make marketing calls, and send emails, texts, and faxes to business contacts, without prior ‘Consent.’
So, where does GDPR fit in?
Well, under GDPR, if we send electronic communications, we are processing “Personal Data.” For this to be legal, we must do two things: a) identify a legal basis; and b) be transparent – as well as, of course, comply with the rest of the regulation.
Recital 47 of the regulation states:
“The processing of personal data for direct marketing purposes may be regarded as carried out for a ‘legitimate interest.’”
This means we do not require “Consent” as the legal basis.
The second part of the regulation we need to consider is transparency. Article 14 states that governing “Information to be provided where personal data have not been obtained from the data subject.” Here, the regulation lists information that must be communicated to the direct marketing recipient as part of the communication, such as the ‘purpose for processing’ and ‘legal’ basis.
So, there we have it: ‘Consent’ does not have to be the ‘legal basis’ for B2B direct marketing.
Of course, this does not mean obtaining affirmative consent isn’t morally sound, but taking this approach could mean losing the right to communicate with a significant portion of your contact database, as many people will not provide their consent.
Is this what you really want?
Luckily, there is an alternative approach!
Our GDPR compliance software, or GDPR Suite, can help you navigate the world of GDPR and marketing consent in a way that still keeps your list of subscribers and prospects up! Take a look at the complete GDPR Suite tools.
About Richard Hibbert
Richard is responsible for the SureCloud vision, strategy, and execution. Richard also oversees the continuous innovation of the SureCloud Platform and advises enterprises on GRC practices.
Previously, Richard held executive positions at UK, European and North American tech companies, where he led sales, marketing, and market development functions.
Connect with Richard on Linkedin.
SureCloud provides Governance, Risk & Compliance (GRC) applications and Cybersecurity solutions that give our customers certainty – of risk management/compliance, cybersecurity, and reliable answers today and tomorrow.
Established in 2006, SureCloud is headquartered in the United Kingdom and has offices in the United States. SureCloud has more than 400 customers throughout the UK and US from the Retail, Financial Services, Government and other sectors.
This article does not constitute legal advice, and I recommend that readers seek legal clarification before acting. This is only my personal interpretation of most B2B Marketers understanding of ‘Consent’ as a “legal basis” for electronic marketing to their business contacts under GDPR.
Please feel free to comment with your own interpretations.
Data Privacy Management Capability