Posted on: 23rd April 2018
Not another post about GDPR! But in all seriousness, there has been so much confusion surrounding this topic that we felt like we needed to do an article to see if we could possibly help anyone who is confused.
So, we will try and sum this up as quickly and easily as possible:
⚪ If you are doing business to business marketing (legal entity Ltd, LLP etc) and you are e-mailing an enquiries@, info@ address, crack on. PECR suggests this is legitimate interests and because there is no personal data in the email address (providing there is also no personal data in the body of the email) this example doesn’t even reach GDPR.
⚪ If you are doing business to business marketing and you’re sending to a named contact, such as John.Smith@examplecompany.com – PECR says this is legitimate interests, GDPR mirrors what PECR outlines, but make sure you’ve done a GDPR balancing test to be sure it does fall within the lawful basis of legitimate interests.
Document, then crack on. However, ensure that when you collected the persons e-mail address you gave them the choice to easily opt-out of marketing and ensure you give them that chance to opt out of every subsequent e-mail you may send them. If they do opt-out, don’t e-mail them anymore. Simple.
⚪ If you have existing customers (individuals as opposed to businesses) who have; bought a product or service from you in the past, have put goods in their shopping basket on your website, or negotiated with you for your services etc. (and you gave them an option to opt-out of marketing when they gave you their details) – then this will be classed a soft opt-in and is lawful. You can crack on.
⚪ If the individuals you are marketing to aren’t existing customers and are more like cold prospects, PECR already advised you needed consent to send marketing e-mails to them. The issue now is that under GDPR, this consent needs to be much clearer and less ambiguous than it was previously.
This can all be found on the ICO website using this link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/
Links below to ICO are for reference regarding the points made in this article.