This only applies to B2B contacts, all B2C together with sole traders and members of a partnership can only be contacted via ‘Consent’.
At the time it looked as though the Information Commissioners Office (ICO) was offering a broad hint that this would be workable by stating:
“If you are a private-sector organisation, you can process personal data without consent if you have a genuine and legitimate reason (including commercial benefit), unless this is outweighed by harm to the individual’s rights and interests.” This is from the ICO GDPR consent guidance document, which is worth reading.
The Direct Marketing Association (DMA) were quick to provide very direct guidance:
“The EU Commission’s proposal does not require opt-in consent for B2B email marketing to corporate subscribers, although as a general rule consent will be required for sending electronic marketing to consumers but marketers must ensure that staff members of corporate subscribers are able to easily unsubscribe/opt-out from receiving electronic marketing.”
In the interim the DMA have been working with ISBA and Bristows to produce a very detailed document outlining a formal approach to using Legitimate Interest as a basis for email marketing. The document says that is has been welcomed by the ICO and as such could presumably be taken as a valid mechanism to proceed with.
However, whilst the GDPR provides the overall framework under which data protection and privacy will be governed, the more detailed ePrivacy regulation provides specific information regarding all forms of electronic marketing, including email marketing. The ePrivacy Regulation will replace the current PECR regulations in 2018, possibly coming into force alongside the GDPR.
In the last fortnight however some of this has been brought back into the spotlight by political wrangling in Brussels. The European Parliament voted to accept the report of one of its committees as the basis of moving forward with ePrivacy. The report in question specifically allows only ‘Consent’ as the legal basis for all electronic marketing, ie. both B2B and B2C. As the DMA article in the link above notes however this still needs to be debated between the Parliament and the Council of Ministers and further twists and turns are likely in the coming months.
As always in the world of GDPR and associated regulation the best advice we can offer is to visit the ICO website and in particular the data protection reform section. The ICO has also recently published details of a phone service dedicated to helping small businesses prepare for the GDPR.
By Roger Sutton