Building up a marketing database for your business takes a lot of time and effort. Since 1998, the laws on data protection and usage have been settled but that’s about to change and you need to make sure that your business is ready.
In this article, we will take a look at what these changes mean for your business and what you need to do differently in order to comply with these new rules.
What does GDPR stand for?
GDPR is short for “General Data Protection Regulation”. It is an EU law that was passed in April 2016 and it will come into force on the 25th of May 2018.
Customer data I already have
A common question that is being asked by business owners is “does the GDPR mean we need to get up to date consent from everybody in our marketing database?” The answer to this question is “yes” and “no”.
If you want to email someone within a limited company for B2B marketing, you can essentially carry on as you are now.
The big change is on email marketing to sole traders, partnerships, and consumers, even if they are existing customers or someone who has made an enquiry about what you sell but who has not bought from you yet.
Recital 171 of the GDPR reads: “it is not necessary for the data subject to give his or her consent again if the manner in which the consent has been given is in line with the conditions of this Regulation, so as to allow the controller to continue such processing after the date of application of this Regulation”
The guidelines say that for pre-GDPR marketing consent to be valid, it must be “unambiguous and demonstrable”. We recommend that, if you have any doubt at all on this, you obtain new and GDPR-proof consent from your customers to avoid being caught out.
You will be able to contact sole traders, partners, and consumers on account queries, for chasing up invoices, and so on however, but unless you have specific marketing opt-in consent, you won’t be able to email them for marketing purposes.
What about lists I want to buy in?
There are new rules covering marketing using bought-in lists of email contacts.
If a person can be identified from a business email address, under GDPR, this will be considered as personal data and therefore within the scope of the regulations. That business may be a limited company, a sole trader, or a partner within an unincorporated partnership.
With B2B marketing however, you can still send emails to employees of limited companies or public sector organisations without needing their prior consent. That means that data brokers and data owners can sell these details to you and that you are legally entitled to email these people.
The content of the emails must be business-related and, if a purchase is made, the purchase is made by the business for the benefit of the business. For example, public liability insurance could be marketed by unsolicited email to B2B recipients but not household insurance.
When you send to the lists, you must identify who you are, provide your contact details, and a free-to-use opt-out system so that, if they no longer wish to hear from you, they can let you know.
For sole traders and partners, it’s different. These types of email addresses will no longer be legitimately available for sale from list brokers or owners. List brokers and owners can no longer compile lists of sole traders or partners with a “generic consent” to receive marketing from companies not specified during the opt-in process – GDPR now effectively bans this “generic consent”.
If anyone offers you data like this, politely decline.
Rules regarding telesales, fax, and postal marketing lists are largely unaffected.