10 key facts you may not know about GDPR and data protection

The number of queries we now receive concerning GDPR is on the increase, which is a positive as it shows more businesses are becoming aware of it and that it’s not something that can be ignored.

There’s a lot of information on GDPR and B2C marketing which leaves many B2B marketers confused as to what their obligations are.

We have kept close to this subject for a long time and have posted a number of blogs already to keep our clients informed. The Direct Marketing Association(DMA) has just published an article specifically for B2B marketers which could be of value to marketers still confused about this subject.

Firstly, under the current rules, B2B marketers are not exposed to as many regulatory requirements as B2C marketers.

This is because Privacy and Electronic Communications Regulations (PECR) focuses on protection for consumers. Marketing to corporate employees via electronic channels does not require consent under PECR which is where a lot of the confusion has occurred.

Here are 10 key facts about GDPR as published by the DMA:

1. The GDPR applies if an organisation is processing personal data
2. B2B marketers use personal data and therefore the GDPR will apply to them too
3. Corporate email addresses and other contact details are personal data
4. In fact, the GDPR definition of personal data is broad and includes cookies and IP addresses
5. The GDPR does NOT state that organisations need to obtain opt-in consent for their marketing
6. The GDPR lays out 6 legal grounds for processing personal data. All are equally valid.
7. B2B marketers will be able to make use of the legitimate interest legal ground for their marketing activity in most instances.
8. Legitimate interest is a subjective legal ground so an organisation must justify its activity and consider the privacy risks for data subjects
9. Consent is black and white. It is a yes or a no. However, it is a robust standard that may be hard to achieve. If it is, the ICO has said legitimate interest might be the better choice.
10. GDPR is the overarching framework but there are specific rules for the marketing sector from PECR, which is being revised and will become the ePrivacy Regulation in the future

In terms of what changes, if any, are made to the ePrivacy Regulation, this is still currently being debated by the EU Parliament and Council.

The DMA said, ‘in a recent meeting with a leading MEP, Marju Lauristan, responsible for the ePrivacy Regulation, Marju agreed that the Parliament’s intention wasn’t to unnecessarily restrict B2B marketing’.