GDPR and Cold B2B Email

GDPR And Cold B2B Email Marketing – The Facts

Many businesses that have acquired new B2B customers and clients thanks to email outreach campaigns will be wondering about GDPR and cold B2B email marketing.

Let’s separate fact from fiction and look at the actual wording of the new EU ePrivacy law.

What Is GDPR and the ePrivacy Regulation?

The General Data Protection Regulation (GDPR) was created to align the data privacy laws across all EU countries.

The GDPR regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU. It doesn’t apply to the processing of personal data of deceased persons or of legal entities.

GDPR doesn’t apply to the processing of personal data of legal entities.

GDPR and Cold B2B Email Marketing

Before we address the question of whether a businesses still use cold email marketing to sell to other businesses, let’s look at how the EU Commission describes the overall legal framework:

The ePrivacy Directive and the General Data Protection Regulation provide the legal framework to ensure digital privacy for EU citizens. The European Commission has reviewed the Directive to align it with the new data protection rules.

Common EU rules have been established to ensure that personal data enjoy a high standard of protection everywhere in the EU. Currently, the two main pillars of the data protection legal framework in the EU are the ePrivacy Directive (Directive on Privacy and Electronic communications), and the General Data Protection Regulation, adopted in May 2016.

The EU General Data Protection Regulation ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organisations that collect and manage your personal information must also protect it from misuse and respect certain rights.

What’s The Difference Between GDPR And The ePrivacy Regulation?

As the team at Digiday point out:

The core difference is that cookie use is central to the ePrivacy regulation, which is why it’s known as the “cookie law.” Businesses in Europe must get explicit consent to use cookies and provide clear opt-outs to users under the proposed new law. Meanwhile, the GDPR regulates the general handling of personal data.

The regulation takes on all the privacy and data definitions that were introduced within the General Data Protection Regulations, and then works to clarify and enhance these definitions.

Can A Business Still Use Cold B2B Email Marketing?

In all the discussion around GDPR and the ePrivacy Regulation, a key point that tends to be forgotten is that the privacy law is intended to protect individual citizens, not businesses.

GDPR is intended to protect individual citizens, not businesses.

In fact, the EU even declares: “The proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private life and open up new opportunities for business.

The EU working parties responsible for introducing the new regulation recently noted that the wording is still quite loose when it comes to cold email.

This is because it appears that the ePrivacy Regulation leaves it up to the individual countries within the EU to decide whether cold B2B email (‘unsolicited commercial communications’) should be opt-in or opt-out.

GDPR And Cold B2B Email Marketing - The Facts

An Example Country For GDPR And Cold B2B Email Marketing – The UK

The GDPR is a pan-EU coverage but, at the UK level, the PECR apply – the Privacy and Electronic Communications Regulations (the full title is The Privacy and Electronic Communications (EC Directive) Regulations 2003.

These regulations are derived from European law and implement European Directive 2002/58/EC, also known as ‘the e-privacy Directive’.

Regarding business-to-business texts and emails in the UK, the Information Commissioner published guidelines on cold B2B marketing outreach which includes the following sections:

142. These rules on consent, the soft opt-in and the right to opt out do not apply to electronic marketing messages sent to ‘corporate subscribers’ which means companies and other corporate bodies eg limited liability partnerships, Scottish partnerships, and government bodies. The only requirement is that the sender must identify itself and provide contact details.

The rules on soft opt-in and the right to opt out do not apply to marketing messages sent to companies and other corporate bodies.

144. Corporate subscribers do not include sole traders and some partnerships who instead have the same protection as individual customers. If an organisation does not know whether a business customer is a corporate body or not, it cannot be sure which rules apply. Therefore we strongly recommend that organisations respect requests from any business not to email them.

Sole traders and some partnerships have the same protection as individual customers.

145. In addition, many employees have personal corporate email addresses (eg [email protected]), and individual employees will have a right under section 11 of the DPA to stop any marketing being sent to that type of email address.

Every outreach program these days will have automated unsubscribe as a basic part of the service.

How To Do Cold B2B Email Marketing Post-GDPR

With all the GDPR focus on personal data protection, you need to ensure that your email marketing campaigns to businesses remain in-line with the usual cold email marketing basic requirements, such as:

  • An easy and obvious opt-out mechanism
  • Accurate sender field
  • Relevant subject line
  • Legitimate physical address listed
  • Treat sole traders and individual business owners (usually the ones with the gmail or yahoo email addresses) as no-go areas.
  • Instantly remove people who opt-out.

Of course, seek independent legal advice should you have in-depth questions or want to take specific action.

More Reading

Want to know more about GDPR and cold B2B email marketing?

Check out Article 16 on unsolicited communications from the Regulation itself.

EU Working Party’s response to the uncertainty in the language, particularly around Section 43 (a) on unsolicited communications.

Brightest Minds