In order for people to access your guide, you require them to complete a form asking them for their email address. Partly, this is due to the legacy of PECR – legislation which does mandate consent for B2C marketing – and partly down to businesses’ incomplete understanding of GDPR. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – eg an IP address – can be personal data. GDPR provides six legal bases for data collection, processing and storage. If you need help making your email database GDPR compliant, get in touch to see how The Marketing Eye can help. If they do not give active consent to join your mailing list or to be sent further correspondence from initial contact, then you must not retai… One way to do this is by segmenting your lists and excluding personal email addresses, such as ‘’, from your marketing emails. Done. Some are not applicable to B2B marketing – the main two lawful basis for processing personal data that apply to B2B marketing are ‘Consent’ and ‘Legitimate Interest’. See Articles 3, 28-31 and Recitals 22-25, 81-82. One sure-fire way of staying GDPR compliant is to treat your B2B and B2C contacts the same. The short answer is…yes, but you didn’t come here for the short answer. Get it GDPR compliant. With the GDPR now just over a month away, it is important you and your business are ready for the upcoming changes in the law. The IDM offers a Professional Certificate in GDPR to help you prepare. If a business email address is personal data it will fall under the scope of the Regulation. The whole point of the GDPR is to protect data belonging to EU citizens and residents. It also applies to companies who have no office or employees in the EU. By: Neal Dyer on 19th December 2017, 6 minute read. And since GDPR did not distinguish between B2B and B2C data subjects, marketeers had initially felt they were, as it were, off the hook. If you need help making your email database GDPR compliant, get in … One way to try and get around this obstacle is to ask people how many employees work at the company. Our leader in CRM and Marketing Automation, Neal is responsible for The Marketing Eye being recognised as one of the few Platinum Certified SharpSpring agencies in the UK. However, GDPR does state six legal grounds for using data: consent of data subject, where processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract, A corporate body can be a Scottish partnership, limited liability partnership or government body. Personal data. Yes. Offers goods and services in the EU (whether paid or for free), or 2. On 25 May 2018, the General Data Protection Regulation (GDPR) will come into force, and if you’re not compliant, your entire email database could be under threat from extinction… or is it? A double opt-in would be a wise addition here, such as an email asking them to confirm their subscription, but it’s not a requirement. B2C and B2B marketers both use personal data and the GDPR will apply equally to both. If your business is B2B only, you could exclude B2C contacts from receiving future marketing emails. Yes the GDPR applies to any entity that processes personal data. We’d recommend reading the ICO’s guide to PECR to learn more. You should highlight the challenges they’ll encounter if they don’t opt-in – such as not being able to read the great content you’re currently sending them! If you are interested in enhancing your CV and upskilling, browse through our wider range of marketing courses and qualifications; from one-day short courses to post-graduate diplomas. GDPR does not apply to those who process personal data of EU citizens if it is exclusive to household or personal activities. As GDPR requires the specific opt-in of your contacts before you can email them in future, you need to obtain consent at the point of the form completion - you can’t do this afterward. Monitors the behavior of people in the EU Let's see whether either of these conditions applies to your company. This means if you can identify an individual either directly or indirectly, the GDPR will apply - even if they are acting in a professional capacity. 9. In this event, IncNet will require that such party complies with the GDPR. An individual visits your website from your advert, fills in the form using their personal email address and downloads your guide. Arguably, if you could be certain your customers would never use their names and only use generic email addresses like "" the GDPR would not apply to your data. If you’d like help understanding what your business needs to do to achieve compliance, talk to us today for a GDPR audit. It’s important to note that sole traders and certain partnerships are seen as individuals. Our learning and development team will be happy to advise based on your needs and requirements. The form we’ve created needs to be edited for B2C contacts. The GDPR applies to all companies in the EU. In April 2016 the European Union officially adopted the EU General Data Protection Regulation (GDPR), a sweeping set of data privacy laws applying to nearly every organization that does business in EU countries. The Privacy and Electronic Communications Regulations (PECR) restricts unsolicited direct marketing, which includes both cold emails and cold calls. At the IDM we are passionate about educating marketers and providing resources to help advance your career. However, you must continue to give recipients the ability to opt-out of future emails and include a privacy notice to tell individuals how their data will be processed (a link to your GDPR compliant privacy policy will go down well here!). With the GDPR now just over a month away, it is important you and your business are ready for the upcoming changes in the law. Our marketing technology experts will show you how GDPR can be a game-changer! The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not, known as “extra-territorial effect.” The GDPR spells out in Article 3 the territorial scope of the law: 1. You will just need to prove that they opted-in. The GDPR does not attempt to define rules for B2B or business-to-consumer (B2C) services - the GDPR laws apply to any "personally identifiable information". Does the GDPR apply to business-to-business marketing? As GDPR applies to both business-to-consumer (B2C) and business-to-business (B2B) marketing, we’ve also included the rule differences between each below. An issue with the above examples is that sole traders and some partnerships fall under the same regulation as B2C contacts, not B2B. Let's call them Tesbury's. Did you find this blog useful? If they submit a company name along with a company email address, then you know it’s a company you’re dealing with. So this question comes down to whether it's possible to identify a specific person from their business information. A description of what they are signing up for, with a tick box to opt-in. GDPR does not apply: Since this website is not designed to serve or target residents of the EU/EEA, it need not comply with the GDPR, even if it is accessible within the EU/EEA. Further reading in the GDPR. No, the mere fact that your website is accessible in the EU does not mean that GDPR will automatically apply. Otherwise, according to Article 4 paragraph 18, you and/or your company must comply with GDPR regulations. How GDPR affects B2B marketing. Furthermore, you can’t keep their details on your database because their data is no longer relevant. What information does the GDPR apply to? The GDPR does not replace PECR. news. If you use a marketing automation system, such as SharpSpring, you can create dynamic content which means that as soon as one of your leads opts back in, they stop seeing the GDPR message, while everyone who hasn’t opted back in keeps seeing it. There are number of GDPR compliance concerning HR data as opposed to compliance obligations for customer or vendor data, i.e., business to customer (B2C) or business to business (B2B) data that make GDPR/HR compliance extremely challenging and tricky for employers. 1. If your B2C database isn’t GDPR complaint, as soon as the clock strikes midnight on the 25 May 2018, your email database is finished. Cold outreach, including cold calling, is still allowed under GDPR, but with some restrictions. Those two legal grounds are consent and legitimate interest. The GDPR may still apply where IncNet engages a data processor established in the EU to perform services for IncNet. You need to comply with both of the regulations in your B2B sales and marketing. GDPR was created to protect EU Data Subjects–any EU citizens, regardless of their physical presence in the EU. But it doesn't apply to every company in the world. Because of this size, it may be possible to send information to a 'Procurement Manager' or similar, but because there are several people who hold that post, it may not be possible to specifically identify one person. What GDPR Means for B2B Marketers . The key here is the definition of personal data under the GDPR. This was down to a U-turn from the European Commission earlier this year who decided to relax the rules around business data, in effect making it no different from the data protection rules that already exist today. Join our newsletter to find out about the latest marketing insights and industry Does the GDPR apply to B2B? GDPR is a complex topic, and although this article will help you to grasp the basics, you and your legal team will need to go through the legislation with a fine-toothed comb. You’ve fulfilled the “transaction” by sending them the guide, which means you no longer have the right to retain their details. Marketers must have a legal basis to process personal data under the GDPR. Rules on direct marketing on the EU level are regulated by the GDPR and PECR. Like the DPA, the GDPR applies to ‘personal data’. If your brand does business in the EU, offers goods or services to EU shoppers, collects data, or monitors EU data subjects, you fall within scope of the regulation. The Tesbury's procurement department is large, with several hundred people. One sure-fire way of staying GDPR compliant is to treat your B2B and B2C contacts the same. Your leads, customers, employees and anyone who’s data you process. You do not have to have a branch or a subsidiary in the European Union for the law to apply. If you have any questions about managing your marketing in a post-GDPR World check out our webinar recording here. The GDPR applies to those data processing activities that fall within both the material scope of application and the territorial scope of application. The best thing B2B marketers can do right now, is to understand GDPR and the truth about how it will affect their business. How GDPR Relates to you Personally. Sole Traders and some Partnerships do fall into this category and should be treated as B2C 3. However, the DMA’s advice is … In fact the GDPR definition of personal data is broad and includes cookies and IP addresses. The processing will fall within the material scope of application when the data processed qualifies as personal, unless one of the exceptions of Article 2.2 applies. Before we dive into the differences, let’s set the scene. Pre-GDPR law has a clear line between B2B and B2C marketing, but will this line be preserved under the GDPR, or will it be eroded? One thing we recommend is adding a GDPR message into your current emails, such as newsletters and product offerings, with a link to a form asking them to opt back in. CCPA would also apply to you if you control or are controlled by an entity that meets the above criteria and share common branding with that entity. Most B2C and B2B data used in direct marketing is personal data and so the GDPR applies in the majority of cases. All rights reserved IDM is a registered trademark. The GDPR does not generally apply to IncNet and its business activities.