Announced just last month, the latest updates to the General Data Protection Regulation (GDPR) have major implications for B2B marketing.
The GDPR has always stipulated that a ‘legitimate interest’ to communicate with an individual could constitute an acceptable alternative to express consent or opt-in. The issue was they had provided minimal guidance as to what would be considered a legitimate interest.
As a result, fake news and scaremongering has been rife for the past year, whipping up fears of businesses losing 90% of their marketable database, and no longer being able to do any outbound marketing. For a considerable time, we planned to use only consent as the basis for communicating with our database, but we are now adjusting our position in line with the latest guidance from the ICO.
Legitimate interest as the basis for B2B communications
In a B2B context, a commercial interest (intending to sell a product or service) will be considered a valid legitimate interest under the GDPR. In short, this means that B2B electronic marketing communications, which includes outbound telemarketing, will be permitted within the following parameters:
- It only applies to ‘corporate subscribers’ (employees of incorporated/limited companies, limited liability partnerships and government/local authority institutions)
- It must be based on a relevant and appropriate relationship (for example, with an employee of a business who would benefit from your product or service)
- It must not conflict with opt-outs or unsubscribes
When can’t legitimate interest be applied?
There are two instances where legitimate interest cannot be used as a basis to process data: in the case of marketing to individual subscribers, and in cases where stricter e-marketing rules apply.
Legitimate interest does not apply to individual subscribers (employees of sole traders and unincorporated partnerships/charities), or those not affiliated with a business (using ISP email addresses such as Gmail and Hotmail). In this instance you must use consent as your legal basis, which means you must have explicit opt-in before you may contact the individual for marketing purposes.
It’s important to check your list for individual subscribers. UK businesses could, for example, check against the Companies House registrar of companies (which can be downloaded free of charge). If the company is not listed here, the contact would be classed as an individual subscriber. For directories in other EU countries, check out this list on the gov.uk website.
If the subscriber in your database is using a Gmail, Hotmail or Yahoo account and does not have a company name on their contact record, you should consider only communicating to them if you have express opt-in.
Currently, each EU country has its own legislation for electronic communications that supersedes GDPR, based on the 2002 European e-Privacy Directive. Many EU countries’ e-marketing legislations require opt-in consent for B2B communications. Not abiding by a country’s e-marketing legislation renders the legitimate interest basis invalid, and companies will be at risk of fines under GDPR.
|Countries||Existing prospects/new contacts||Customers (past and current)|
|Estonia, Finland, France, Hungary, Latvia, Luxembourg, Portugal, Slovenia, Sweden, United Kingdom||Opt-out||Opt-out|
|Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Greece, Ireland, Lithuania, Malta, Netherlands, Norway, Romania, Slovakia, Spain||Opt-in||Opt-out|
|Cyprus, Italy, Poland||Opt-in||Opt-in|
Based on Field Fisher EU E-Marketing Requirements Nov 2017
What does legitimate interest mean for my marketing activities?
Legitimate interest may at first seem like the get out of jail free card B2B marketers have been hoping for, but if you’re dealing with countries within the EU and with database contacts that may be classed as individual subscribers, proceed with caution.
Legitimate interest only applies to corporate subscribers. Some EU countries still require opt-in consent under their e-marketing rules.
You need to either choose legitimate interest or consent as your basis for processing data. And once you’ve made this decision there’s no switching.
Given the complexity of interpreting and applying the ICO’s guidelines, it’s no surprise that many companies are choosing to play it super safe and implement one blanket policy of requiring express opt-in for all subscribers – across the whole of the EU and in some cases beyond. See our step-by-step guide if you’re planning on taking this approach.
However, for those keen to maximize their marketable database through the use of legitimate interest, rigorous data governance combined with the careful configuration of marketing technology is required to ensure data is lawfully processed.