With the enforcement date (25th May, 2018) of GDPR (General Data Protection Regulation) approaching, it’s necessary for all the B2B email marketer carefully reexamining about the data they obtaining their marketing strategies. There are many interpretations about this regulation which have arose countless discussions. This article answered the most common questions that we have received in the months regarding GDPR.
How should the B2B email marketers handle the data that they have for the future marketing campaign?
This question is general, and summarized all the questions the we have received. But before answering that, we need to understand the “data” that involved in the GDPR. The GDPR will mainly provide protection for “personal data”. So what is the “personal data” under GDPR? In GDPR, the term corresponding is this:
“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Article 4: Definitions )
Then that brings to the question: Is “Professional Emails” “Personal data”?
In GDPR, there are no specific terms that clearly distinguish the professional emails from the other. But according to the term above, the “personal data” defines the identification of one natural person. An email address is unique, and it can indicate to a specific living individual. If you already know the recipient name of this email address, which is in most of the cases for B2B marketing campaign, this email address is “personal data” of this recipient.
That been said, there are for sure, exceptions. For instance, this email address: firstname.lastname@example.org. There is no obvious direction which individual in GetEmail.io is currently using this email address. In addition, everyone can learn online that getemail.io is not a one-man company. In this case, the email address is not the personal data.
So we have clarified that, the next question is: How should the B2B marketers process “personal data”?
“‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” (Article 4: Definitions )
The data management rule is strict in GDPR. All the actions regarding processing personal data must under a “lawful basis”.
“processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)” (Article 5: Principles relating to processing of personal data)
Furthermore, what is the lawful way for B2B marketers to process the personal data? Since sending emails is a mean to process “Personal data” according to GDPR, Do B2B marketers must obtain the permission to send B2B cold emails?
“Processing shall be lawful only if and to the extent that at least one of the following applies:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.” (Article 6: Lawfulness of processing)
These are the relevant parts from the GDPR documents. Many recipients always claim that the B2B email marketers must not send them cold emails because that action is unsolicited. However, according to the corresponding articles above, the consent is only one of the lawful conditions. As long as the purpose of the email is legitimate.
“Legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller.”
“The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” (Recitals 47)
For instance, if a marketer of a consultancy try to reach out to other marketers/researchers for promoting his/her marketing analysis tool, this action is out of legitimate interest, and those recipients might eventually become clients of this consultancy.
However, those kind of direct marketing approach has to provide the recipients a easy way to opt out if they don’t want to receive these emails from now on or not interested in the products/service anymore, even though in the beginning they had given you the permission to send, according to GDPR:
“The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent” (Article 17: Right to erasure (‘right to be forgotten’))
Is GetEmail.io Legal After the enforcement of GDPR?
GetEmail.io process the data in a legitimate intention. The algorithm only searches the data which people publicly shared online, and agreed other party to view. The results of searching are mainly professional emails for B2B use. So resource of the data; process of the data; and the service that we provide to our clients are 100% legal and comply with GDPR.
-Professional emails of a specific prospect is indeed, personal data, and personal data need to be handle under lawful basis according to GDPR;
-Consent is not the seul, nor obligatory condition for processing personal data; You can still send the B2B mails to cold prospects with legal intention;
-GetEmail.io is legal after the enforcement of GDPR.
Official Journal of the European Union, “General Data Protection Regulation”, 4th May 2016, avaliable online from: https://gdpr-info.eu/
Information Commissioner’s Office, “Guide to the General Data Protection Regulation”, 21st November 2017, avaliable online from: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/
Mihaela Jucan, “Expert GDPR QA: The material scope of personal data and legal implications”, 23rd March 2017, avaliable online from: https://www.itgovernance.eu/blog/en/expert-gdpr-qa-the-material-scope-of-personal-data-and-legal-implications/
Deborah Betteridge, “B2B marketing and the GDPR”, 6th December 2016, avaliable online from: https://dma.org.uk/article/b2b-marketing-and-the-gdpr
Philip Brining, “What is Personal Data?”, 20th April, 2016, avaliable online from: http://www.dataprotectionpeople.com/what-is-personal-data/
Phil Lee, “Re-consenting to marketing under GDPR?”, 6th November, 2017, avaliable online from: http://privacylawblog.fieldfisher.com/2017/re-consenting-to-marketing-under-gdpr/
Olivier Proust, “CNIL publishes guidance for data processors”, 26th October, 2017, avaliable online from: http://privacylawblog.fieldfisher.com/2017/cnil-publishes-guidance-for-data-processors/
Kingpincomms, “What will the GDPR mean for B2B marketing professionals?”, avaliable online from: http://kingpincomms.com/wp-content/uploads/2017/04/Kingpin_GDPR-eBook-20172-002.pdf
Ruth Boardman et al., “The UK Government publishes its Statement of Intent for Data Protection Bill and GDPR” 8th August 2017, avaliable online from: https://www.twobirds.com/en/news/articles/2017/uk/uk-government-publishes-its-statement-of-intent-for-data-protection-bill-and-gdpr
Matt Burgess, “GDPR will change data protection – here’s what you need to know”, 7th November 2017, avaliable online from: http://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018
Iain Lovatt, “Will GDPR change B2B marketing?”, 20th July 2017, avaliable online from: https://www.bluesheep.com/blog/how-will-gdpr-affect-b2b-marketers
Marketing Manager GetEmail.io