GDPR

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a regulation by which the UK and the EU intend to strengthen and unify data protection for all individuals within the UK and EU. This is likely to have some impact on Business to Business (B2B) Direct Marketing practices. The regulation came into effect on 25 May, 2018 and will apply in the UK after the UK leaves the EU.

So what are the regulations for B2B emails sent to business addresses and to individuals at UK/EU businesses after 25 May 2018?

Limited Companies, PLCs, LLPs, NGO’s and Government Bodies

According to the Direct Marketing Association (DMA) which is the most reliable source of information about GDPR, it will still be legal to email to business addresses and to email addresses of named individuals at UK companies and other organizations without their consent after 25 May 2018 provided the recipient is given an opt out from receiving further email, the email contains the senders Business Name and Address and other legalities are observed.

Therefore from 25 May 2018 in accordance with GDPR we only included email addresses at the Domains of Limited Companies, Limited Liability Partnerships, Public Limited Companies, NGO’s or Government Bodies. (If such organisations or individuals use a free type email addresses such as Gmail, Yahoo, Hotmail etc or an email addresses at telecoms services such as BT, Virgin, Talktalk etc these types of emails are NOT included in any of our UK or EU Lists.)

Sole Traders and Ordinary Partnerships

After 25 May, 2018 it is not acceptable under GDPR to email Businesses that are Sole Traders or Ordinary Partnerships. Therefore after 25 May all such email addresses were removed from all of our UK/EU Lists.

Consent/Opt In Lists

As mentioned an opt in is NOT required when emailing to Organisations, Limited Companies and other Corporates.

If you are offered “opt in” lists containing details of Sole Traders or Consumers then please note that under GDPR prior consent is no longer a general “opt in”. For a List to be described as “Opt In” VERY specific permission relating to very specific products and very specific suppliers must have been given. The ticking of a box is specifically mentioned in GDPR as not being a sufficient ‘opt in’ under the new regulation.

APC does not offer opt in Lists and advises buyers to beware of false or misleading claims if offered so called “Opt in” Lists relating to Sole Traders and Partnerships for use after 25 May 2018 although to reiterate; an opt in is NOT required when emailing to Organisations, Limited Companies and other Corporates provided other GDPR details such as including the senders Name and Address and offering an opt out from receiving further email messages as well as other legalities are observed.

Conclusions

Email addresses of corporate employees can be used for third party email campaigns. Legitimate interests would be used to process this personal data as long as all the following criteria are fulfilled:

A corporate is defined as a limited company, public limited company, limited liability partnership or government departments and can be emailed without prior consent (eg. John.Smith@limitedcompany.co.uk).

Employees of corporates must be given the option to easily unsubscribe or opt-out from receiving email marketing.

The product or service being promoted can be purchased by the recipient in a professional capacity.

The sender must identify itself and provide contact details and all other related legalities must be observed.

This guidance should not be construed as legal advice; it is being provided in good faith for informational purposes only. If in doubt please consult with your legal adviser for application to your own business practices.