Marketing is a necessary part of the business world, and is essential for getting word out about what your business does, normally to selected groups of people or businesses who have been identified as possibly being interested in a product or service. Despite the essential nature of marketing it does have a bad reputation, as some organisations have mistreated the spirit of legitimate pathways (looking at you soft-opt in) to marketing in the past, and due to this those pathways which were in the Data Protection Act have not made it into the General Data Protection Regulations. However there are still ways organisations can legitimately speak and sell to their customers and stakeholders – old or new. This week RiverWolf will specifically be looking at business to business marketing, which have much softer rules than business to customer.
Marketing in privacy legislation only refers to ‘direct marketing’ which is defined as “the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals”, and we will look at the words ‘direct’ and ‘marketing’ separately, as they are important to understand the full meaning. To be ‘direct’, the communication needs to be aimed at a specific individual. In practice all electronic messages such as calls, emails, text messages fall into this definition, however two major areas of marketing – unaddressed physical mailshots and most online semi-targeted adverts don’t come under this purview. The second word ‘marketing’ is important, as service correspondence, follow up conversations, and all other further correspondence with a prospective client wouldn’t count. For example if a coffee shop asked a website design company to design them a website, the follow up emails would not constitute direct marketing, despite the website company largely ‘selling’ a product and telling the coffee shop what they can do, this would be information or correspondence necessary to enter a contract. A further example would be if a coffee shop were to be on a preferential rate with the website company for 6 months, and were about to come to the end of their preferential rate and onto a normal higher rate, sending them details of other rates would not constitute direct marketing either as this would be ‘service correspondence’.
PECR and GDPR’s rules go much lighter when the marketing is business to business. You can email or text any corporate body (not including sole traders, but including companies, Scottish partnerships, LLPs, or government bodies) with marketing as long as you identify yourself and provide contact details. The recipients still have rights – especially if the address has the individuals details such as firstname.lastname@example.org. Specifically the rights the individual staff members and businesses have is the right to object to marketing, so an unsubscribe function is essential, and it is essential that it is easy to find and use (no rabbit hole link after link, register to unsubscribe, or dragon slaying to unsubscribe!). Although you do need to provide an opt-out on all communication, you do not need to specifically rely on opt in consent as you do with business to customer. You must however, keep an unsubscribed list and ensure you do not contact these people with marketing in the future.
Mythbusting conclusion: You can market to organisations without explicit opt in consent, as it is treated differently to personal contact details. However you will have to ensure you stick to the following checklist for B2B marketing:
Next week RiverWolf will be publishing Debunking GDPR Myths: Business to Customer Marketing which will take a look at B2C marketing myths. Subscribe to ensure you get the news first.