In the discussion below, we are limiting B2B contacts to those employed by Local Authorities, Housing Associations, Government Departments and Limited Companies or Corporations. Sole traders and partnerships are to be treated as B2C contacts.
For some time, many B2B marketeers thought they would be unaffected by GDPR as it did not explicitly reference B2B (or B2C). The rules relating to B2B (and B2C) marketing are described in another regulation, the Privacy and Electronics Communications Regulation (PECR, aka the ePrivacy Directive). In this regulation B2Bmarketeers can use a soft opt-in approach for subscribers. However, PECR is also being overhauled and in its place, a new e-Privacy Regulation will be implemented that will tie into GDPR.
Although still at a draft stage, the new e-Privacy Regulation contains key points relating to electronic communications that will affect B2B (and B2C) businesses. The regulation will now include instant and social messaging, VOIP, web-based email and the Internet of Things (IoT), which will be covered by the same laws as phone calls, email and SMS. Users are to be provided with simple opt-in/opt-out cookie consent choices and this is expected to be via their browser settings. However, the draft explicitly prohibits making consent to tracking a prerequisite to using a website or service (with some exceptions). The B2B soft opt-in (sending marketing messages to existing customers) from the previous PECR will remain but has been slightly limited. The draft states:
“It is reasonable to allow the use of e-mail contact details within the context of an existing customer relationship for the offering of similar products or services” (Section 33)
Also, whilst PECR allows for soft opt-ins during “negotiations of a sale”, the new Regulation demands that email contact be limited to “the context of the sale of a product or service.” (Article 16)
In addition, the Information Commissioner’s Office (ICO) has stated that “If you are a private-sector organisation, you can process personal data without consent if you have a genuine and legitimate reason (including commercial benefit) unless this is outweighed by harm to the individual’s rights and interests.” This is from the ICO GDPR consent guidance document, which is worth reading
The Direct Marketing Association (DMA) has interpreted the ICO statement as: “The EU Commission’s proposal does not require opt-in consent for B2B email marketing to corporate subscribers, although as a general rule consent will be required for sending electronic marketing to consumers but marketers must ensure that staff members of corporate subscribers are able to easily unsubscribe/opt-out from receiving electronic marketing.”
Whilst we have tried to simplify this issue, it is a complex situation and you should seek professional legal advice to see how this is going to affect you.
By Roger Sutton