To ensure ongoing
What does GDPR mean?
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. Contrary to some beliefs, GDPR has already been finalised and the law for nearly 23 months. It comes into direct force on 25th May 2018 when everyone has to comply.
GDPR replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Brexit will not affect the new regulation as the Secretary of State for the Department of Culture Media and Sport has confirmed GDPR will apply from May 2018.
How will GDPR affect my business?
The GDPR applies to organisations processing and holding personal data within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Personal data means any information that can be used to directly or indirectly identify the person. This could be anything from a name, computer IP address, bank details or location data.
Depending on the severity of non-compliance, companies can expect to be fined up to 2% of annual global turnover or €10 million (whichever is highest) for failing to comply with GDPR. For more serious data breaches, companies can be fined up to 4% of annual global turnover or €20 million. Importantly these rules now apply to both controllers and processors.
What changes are happening at Marketscan?
We have been keeping up-to-date with
One of the key areas that affect us and our clients is related to email marketing. Even though email marketing is currently governed by the Privacy and
New expanded guidance on the lawful basis for processing has recently been published by the EU’s Article 29 Working Party. The Working Party includes representatives of the data protection authorities from each EU member state.
Part of our email feed includes sole traders and partnerships which are licensed to Marketscan for
With immediate effect, we are withdrawing this part of the feed from our UK database, Megabase, to ensure we continue to comply with GDPR. However, we still hold one of the largest, legally-compliant
Who can I email?
Licensed data (bought-in) data
An email address at work is personal data, whether that email address is a corporate one or that of an employee of a sole trader/partnership. The Data Protection Act now and the GDPR from 25th May 2018 will apply to the processing of the email address. The difference between sole traders/partnerships and corporates comes when you look at PECR.
PECR deals with gaining permission to send marketing by email. The general rule is that you must gain prior consent to send a marketing email. However, in a B2B environment, there is an exemption for employees of corporates, and you can send a marketing email to these individuals without their prior consent.
Confusion often arises over the meaning of B2B marketing in relation to email campaigns. In an email environment, B2B marketing does not include sole traders and partnerships. You need to gain consent for your organisation and your products/services in order to email sole traders and partnerships, as these are treated in the same way as consumers. Be very careful not to get caught out by this when licensing
In summary, email addresses of corporate employees can be licensed for
Employees of corporates must be given the option to easily unsubscribe or opt-out from receiving email marketing.
The product or service being promoted can be purchased by the recipient in a professional capacity.
The sender must identify itself and provide contact details.
The emails supplied by Marketscan for
Existing customers and prospects
1) Corporate bodies
Any existing customer OR prospect that is a corporate body (a limited company, public limited company, limited liability partnership or government departments) could be emailed using the legitimate interest route.
When emailing a corporate, you must a) give them the option to easily unsubscribe from receiving further communications, b) the product or service being promoted must be able to be purchased by the recipient in a professional capacity and c) you must identify your company and provide contact details.
It is also good practice, and good business sense, to keep a ‘do not email’ list of any businesses that object or opt out, and screen any new marketing lists against that.
Further guidance on legitimate interest and whether it’s right for your business can be found on the ICO’s website.
2) Sole traders and partnerships
There are 2 options for emailing sole traders and partnerships (ie. a non-corporate body):
A) You can email existing customers if they bought a similar product from you in the past and didn’t opt out from marketing messages when you gave them that chance. This is known as the ‘soft opt-in’ but does not apply to non-commercial promotions (eg. charity fundraising or political campaigning). You must include an opt-out or unsubscribe option in each message and you must identify your company and provide contact details.
B) You can email existing customers OR prospects if they have specifically consented to receiving emails from you – for example, by ticking an opt-in box. You must include an opt-out or unsubscribe option in each message and you must identify your company and provide contact details.
Who can I call?
You can continue to cold call corporates and sole traders/partnerships provided the telephone numbers have been suppressed against the Telephone Preference Service (TPS) and the Corporate Telephone Preference Service (CTPS) registers every 28 days as well as any in-house suppression files you hold. You need to always offer them the opportunity to opt out of future calls.
Our online Telephone Checker can flag your data for matches against TPS and CTPS.
Who can I mail by post?
You can send postal mailings to corporates and sole traders/partnerships. There is a misconception that postal mailings to businesses (including sole traders and partnerships) have to be matched against the Mailing Preference Service. They don’t, just ensure the data has been matched against any in-house suppression files you hold.
What about email data I have already licensed from Marketscan?
If you have a data licence for email marketing with us that has not yet expired, and you wish to continue emailing any sole traders/partnerships that you have licensed from us, then you can continue to do so in the same way up until 25th May 2018.
Post 25th May 2018, if you want to continue emailing the sole traders and partnerships in a list whose licence has not expired, then they must be contacted to gain consent for your business. Information on how to obtain consent can be found on the ICO’s website.
We can help you identify the sole traders and partnerships in the list you originally licensed from us at no extra charge, where the licence is still current.
We also have a number of different partners we work with that can help you gain the necessary consents through telephone verification.
For further information please contact your Account Manager or call us on 01243 786711 or email us at email@example.com.
*Source: John Mitchison, Director of Policy & Compliance, DMA
Marketscan – Great Data Properly Regulated