The most significant piece of European data privacy legislation in the last twenty years – the General Data Protection Regulation (GDPR) – is now in effect.
GDPR aims to “harmonise data privacy laws across Europe” and to “protect and empower all EU citizens’ data privacy”. It will apply to all businesses, organisations, enterprises – you name it – that process the personal data of individuals residing in the EU, regardless of where theirbusiness is.
And for you, as a B2B data reseller, GDPR will have an impact on how you operate.
Penalties for non-compliance are severe. Any business, organisation or enterprise found in breach of GDPR could face hefty fines of up to 2% of annual global turnover or €10 million (whichever is higher), and in the most extreme cases, it could be doubled to 4% of global annual turnover or €20 million.
GDPR just can’t get out of the headlines at the moment, and for every business it’s a really, really hot potato; chances are that you have been nursing a GDPR headache for the last two years since its conception!
But here’s the thing, it’s not all doom and gloom.
There’s a lot of GDPR information online; some of it useful, some of it dubious, and a lot of it entirely confusing.
So, rather than trawl the web looking for information that may or may not help you, here’s the long and short of it.
You can still send emails
Firstly, unlike B2C marketers, B2B marketers are less exposed to the new regulatory requirements due to the Privacy and Electronic Communications Regulations (PECR).
PECR restricts unsolicited marketing by phone, fax, email, text or other electronic message – but different rules apply for marketing to corporate bodies as opposed to marketing to sole traders and some partnerships. The rules are stricter for emailing the latter, and you will need their specific consent (through a very clear positive action, such as ticking a box) before you can send them a marketing message.
However, where you are sending emails to ‘corporate subscribers’ – e.g. a company, Scottish partnership, limited liability partnership or government body – you don’t need consent as you can make use of the ‘legitimate interest’ legal basis for your marketing activity.
For example, if you have a legitimate business interest as to why you are emailing a corporate, perhaps to share more relevant content around the services you provide and what they are interested in, then you do not need to acquire their consent. Just carry out a legitimate interest assessment for your audit trail (we can help with this).
This exemption does not extend to sole traders and some partnerships as they are individuals under PECR, and therefore you can only email them if they have specifically consented.
You can email existing customers who have bought a similar product or service from you in the past regardless of whether they are a corporate or not, provided they were given a simple opportunity to refuse marketing when their details were collected and if all your emails give them a clear chance to opt out of future messages.
In essence, if they are not a corporate subscriber or existing customer, you will have to gain consent.
Make sure your data provider is providing you with GDPR compliant data
Key thing for you – and your customers – is knowing whether or not the data you purchase from your data provider and sell to your customers is actually GDPR compliant.
When was the last time you asked your B2B data provider how they obtained their data? Last week? Last month? Last year? Never?
If you haven’t actually asked the question, we would advise that you do as soon as possible.
Find out how your current B2B data provider sources their data. You want to be confident that the data you use and sell on to your customers is compliant with GDPR.
Poor quality data won’t benefit your clients, so why provide it?
The thing is that any reputable data provider will be able to tell you in detail how their data is collected and what sources they use. If they can’t explain their data collection process or seem to be making it up as they go along, alarm bells should be ringing!
Your customers can continue to use bought in data for email, postal and telemarketing
Despite what you may have heard, you can still resell data from your data provider to your customers as long as your supplier can demonstrate that it complies with GDPR.
As mentioned previously, you do not need consent to email corporates under PECR and you can instead use the legal basis of legitimate interest to conduct your B2B email marketing activity. Consent is only required in instances where you are emailing non-corporates.
For B2B postal marketing, as long as you include your full company contact details and screen against any in-house suppression files, then it’s OK to send out marketing about your own products and services to any business.
For B2B marketing calls, you can make live calls to any business that is not registered on the Telephone Preference Service (TPS) or the Corporate Telephone Preference Service (CTPS). You should also screen businesses against your own “do not call” list.
Of course, all of this brings us back to our point about asking your data provider how their data is collected, processed and validated. You absolutely must ask.
For example, our Megabase, a unique reference database containing over 3 million UK business records, 4.3 million decision makers, 2.5 million telephone numbers and 1.1 million email addresses, is completely rebuilt every month using the latest verified information from 118 Information, Thomson Directories, Dun and Bradstreet, Corpdata and Companies House.
Every record within our database is subjected to a unique range of over 40 quality checks, plus thorough checking for legal compliance before delivery, meaning the data we provide you is 100% legitimate, compliant and safe to use.
If you don’t know how the data you sell on is being obtained, you’re potentially setting your client’s campaigns up to fail. Not good for them… and most certainly not good for you.
GDPR = Great data properly regulated?
GDPR is an opportunity for you as a reseller to start demonstrating the value you (and your data provider) can offer clients.
But to do so, you need a data provider you can trust – one that can deliver the high-quality compliant data that your customers need.
Ultimately, when it comes to B2B data, it’s important to work with a reputable supplier who can provide you with the high-quality data that meets your marketing needs.
So if you are going to do anything in relation to GDPR, make sure you ask your data provider how they acquire their data and whether or not that data has been verified, validated and compiled in a GDPR compliant manner.