What lawful basis do you use for Business to Business marketing communications? Should this change to meet the requirements of GDPR? Have you not considered it before? Guidance that the ICO released at the end of March on the use of the lawful basis ‘Legitimate Interest’ helps.
At the end of March, the ICO released detailed guidance
on the use of the lawful basis ‘Legitimate Interest’ for the collecting, storing and processing of personal data. The guidance includes a section on ‘Use for marketing activities’
For those of you who used this lawful basis under the DPA 1998, the main change under GDPR concerns the requirements for accountability and transparency.
If you haven’t considered this before then read on, and also read the guidance and documents in the links provided.
If this applies to you then this article also relates to whether or not you need to seek ‘Consent’. Consider the other lawful bases first (legitimate Interest being one of them).
Email address of a person within a business
You may well find that for many of your business contacts you can look at using ‘Legitimate Interest’ as the lawful basis (as in you do not need to seek consent) for sending direct marketing e-communications. The balance test mentioned on the first page of the ICO guidance is key, including:
• Would the individual receiving your email think it is reasonable?
• Take a step back and ask yourself if they would be surprised to get your email?
Clients and prospects you are actively engaged with will not be surprised or think it is unreasonable to receive communication about the products/services they have purchased or expressed interest in. The basis of ‘Legitimate Interest’ can be used.
For other business to business contacts you have been e-marketing to for a while you could also use ‘Legitimate Interest’ as your lawful basis. Check by undertaking a Legitimate Interest Assessment (LIA) using one of the many templates available.
Note – take care how you word an email in Business to Business marketing communications, especially in an initial email. Their email address includes ‘personal data’ whether it is firstname.lastname@example.org or email@example.com or other variants. If you make the communication too personal then it might be viewed as failing the balance test and hence require consent from the individual. Avoid using words such as ‘personally’, (as in a phrase such as ‘I would like to personally invite you ..’).
Private email addresses (hotmail, gmail, yahoo etc):
Sending marketing emails to these email addresses falls into the business to consumer communication category and, should you wish to include them, you need to delve further into the Privacy and Electronic Communications Regulations (PECR
) which have been in place for a number of years as well as undertaking a LIA. You can look at using ‘soft opt-in’ as the basis for using Legitimate Interest when communicating with clients who have provided their personal email address. Where this does not apply, you will need to get, and manage, ‘consent’.
Suggestion: Search for all such email addresses in your CRM system and either delete them or work out how to engage on a business basis using their business email address. Look out for Sole Traders or Partnerships who use personal email addresses for business purposes as part of this task.
LinkedIn and other social media platforms
Just because a person has linked/followed you on one of these platforms does not mean that you can automatically add them to your marketing email list. You will need to get their permission to do so. How you get this will determine whether you use ‘Legitimate Interest’ or ‘Consent’ as the lawful basis.
If you are not sure where a contact came from, treat them in the same way as the suggestion for Private Email addresses above. Work out if you wish to re-engage with them or remove them from your mailing list.
Your resulting mailing list might be lower on quantity but will be higher in quality.