Legitimate interest: a ‘get out of jail free’ card for B2B Marketers?

< Back to article list

The latest updates to the General Data Protection Regulation (GDPR) have major implications for B2B marketing.

The GDPR has always stipulated that a ‘legitimate interest’ to communicate with an individual could constitute an acceptable alternative to express consent or opt-in. The issue was they had provided minimal guidance as to what would be considered a legitimate interest.

As a result, fake news and scaremongering has been rife for the past year, whipping up fears of businesses losing 90% of their marketable database, and no longer being able to do any outbound marketing. For a considerable time, we planned to use only consent as the basis for communicating with our database, but we are now adjusting our position in line with the latest guidance from the ICO.

Legitimate interest as the basis for B2B communications

In a B2B context, a commercial interest (intending to sell a product or service) will be considered a valid legitimate interest under the GDPR. In short, this means that B2B electronic marketing communications, which includes outbound telemarketing, will be permitted within the following parameters:

  • It only applies to ‘corporate subscribers’ (employees of incorporated/limited companies, limited liability partnerships and government/local authority institutions)
  • It must be based on a relevant and appropriate relationship (for example, with an employee of a business who would benefit from your product or service)
  • It must not conflict with opt-outs or unsubscribes

Legitimate interest can be applied to some segments of your database and consent to others, as long as this is documented in your privacy policy. For instance, you may choose to use legitimate interest as your legal basis for processing your existing data and use a consent basis for gathering and processing new data. Crucially, you cannot switch your legal bases once GDPR has come into force, so you must choose carefully.

When can’t legitimate interest be applied?

There are two instances where legitimate interest cannot be used as a basis to process data: in the case of marketing to individual subscribers, and in cases where stricter e-marketing rules apply.

Individual subscribers
Legitimate interest does not apply to individual subscribers (employees of sole traders and unincorporated partnerships/charities), or those not affiliated with a business (using ISP email addresses such as Gmail and Hotmail). In this instance you must use consent as your legal basis, which means you must have explicit opt-in before you may contact the individual for marketing purposes.

It’s important to check your list for individual subscribers. UK businesses could, for example, check against the Companies House registrar of companies (which can be downloaded free of charge). If the company is not listed here, the contact would be classed as an individual subscriber. For directories in other EU countries, check out this list on the website.

If the subscriber in your database is using a Gmail, Hotmail or Yahoo account and does not have a company name on their contact record, you should consider only communicating to them if you have express opt-in.

E-marketing laws
Currently, each EU country has its own legislation for electronic communications that supersedes GDPR, based on the 2002 European e-Privacy Directive. Many EU countries’ e-marketing legislations require opt-in consent for B2B communications. Not abiding by a country’s e-marketing legislation renders the legitimate interest basis invalid, and companies will be at risk of fines under GDPR.


Country Group Countries
Group 1 Estonia, Finland, France, Hungary, Latvia, Luxembourg, Portugal, Slovenia, Sweden, United Kingdom
Group 2 Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Greece, Ireland, Lithuania, Malta, Netherlands, Norway, Romania, Slovakia, Spain
Group 3 Cyprus, Italy, Poland
Group 4 Germany

Based on Field Fisher EU E-Marketing Requirements Nov 2017

What does legitimate interest mean for my marketing activities?

Legitimate interest may at first seem like the get out of jail free card B2B marketers have been hoping for, but if you’re dealing with countries within the EU and with database contacts that may be classed as individual subscribers, proceed with caution.

Legitimate interest only applies to corporate subscribers. Some EU countries still require opt-in consent under their e-marketing rules.

You need to either choose legitimate interest or consent as your basis for processing data. And once you’ve made this decision there’s no switching.

The takeaway

Get guidance from your DPO or legal team. Ultimately, it is a business decision whether your company will pursue legitimate interest or not, and it is up to them to write your privacy policy to reflect the stance your company is taking.

Given the complexity of interpreting and applying the ICO’s guidelines, it’s no surprise that many companies are choosing to play it super safe and implement one blanket policy of requiring express opt-in for all subscribers – across the whole of the EU and in some cases beyond. See our step-by-step guide if you’re planning on taking this approach.

However, for those keen to maximize their marketable database through the use of legitimate interest, rigorous data governance combined with the careful configuration of marketing technology is required to ensure data is lawfully processed.