A recent conversation with a client caused some confusion over the current rules when it comes to business to business (B2B) marketing and the GDPR. Specifically, they were concerned about the rules regarding sending emails and making phone calls.
They had been led to believe that they could only send such emails if they were to a generic email address, such as “info@emailaddress.co.uk’ and not an identifiable email such as ‘firstname.lastname@emailaddress.co.uk’.
So, I rang the ICO helpline to seek clarification. The lady I spoke to confirmed that under current data protection regulations a business can send unsolicited marketing emails to specifically named people with job titles in the business. They can also phone these individuals in the course of business, providing they are not listed on the Telephone or Corporate Telephone Preference Services (TPS & CTPS) see below.
This is because, under the GDPR, these people are regarded as being ‘Corporate Subscribers’ and not ‘Individuals’, and so they do not come under the category of ‘personal data’.
Dos and don’ts of B2B emails and telemarketing
The ICO helpline also confirmed that you can send unsolicited emails providing that:
- You make it clear who and what your business is called and what you do.
- If the person you have contacted asks to be taken off your mailing list (unsubscribes), you must adhere to that, straight away.
- You should not send marketing messages to sole traders or individuals without their consent as these do come under the jurisdiction of ‘personal data’.
- If you are targeting ‘partnerships’, you should use your own judgment as to whether you think they are ‘individuals’ are ‘corporate’ subscribers.
- If you want to make phone calls to corporate subscribers, whether as part of a data cleaning exercise or for telemarketing/telesales purposes, you must check their business numbers against the TPS and CTPS registers and not call them if they are listed on either register.
- Any requests to be taken off your mailing list should be acted upon straight away, but also added to a suppression file, so that these people/businesses are not re-added in the future by mistake (i.e. if you deleted them off the database, you wouldn’t have a record of them on the system, so they could be inadvertently added in the future).
The ICO also pointed me in the direction of the Direct Marketing Guidance booklet, in which the B2B section which relates to texts and emails can be found in paras 142 – 145. The rules surrounding B2B phone calls are covered under section 126 in the same booklet.
The ICO will soon be releasing its new Direct Marketing Code of Conduct (although they have not said when this will be). A copy of the draft documentation, which was put out for consultation earlier this year, can be found here.
The rules surrounding B2B marketing and GDPR continue to be a lot simpler than for business to consumer marketing (B2C). Firms who are targeting individuals with their services need to tread very carefully and make sure they have the individual’s consent to send them marketing information before embarking on any campaigns.
