We update our blog with regular posts to keep you up to speed on the world of B2B data.
Posted on 16/10/2019 at 10:30By Corpdata
Since May last year most of us have developed a degree of familiarity with GDPR, and the rest won’t be far behind.
Brexit is still the accelerating vortex of uncertainty that it is, and the ambiguity surrounding the EU’s next
legislative foray - the ePrivacy Regulation - could leave even the most stoic of marketers feeling a little uneasy. Add to this the fact that the ICO is beginning to bare its teeth, handing out fines worth hundreds of millions of pounds to businesses. Whilst large fines remain rare (so far); it’s highly likely that many businesses have fielded questions, complaints and now have ongoing issues regarding GDPR. Now a year on people are much more aware of GDPR and the need to manage the risks properly.
So it may come as a surprise to many, that in the B2B business list industry, some list owners don’t appear to have adapted their data collection and supply methods, which we think could leave marketers with real exposure. It’s never been more important to understand the regulations, and understand and conduct proper due diligence when sourcing any list for marketing.
So let’s have a look at the B2B data landscape, recap the basics, and examine some of the likely legislative outcomes, so you can stay compliant.
Firstly, a quick recap of the prevailing law affecting marketing activity in the UK right now, which falls into two main categories;
The basis upon which an organisation may communicate with individuals - these regulations govern citizens’ right not to be disturbed or monitored. Currently the EU’s 2002 ePrivacy Directive (amended 2009) is the prevailing law. To comply with this, the UK government implemented The Privacy and Electronic Communications (EC Directive) Regulations 2003 - more commonly known as PECR.
The basis upon which an organisation may collect, store, and process a person’s data. Here, the EU’s GDPR applies directly as written.
For marketing, both pieces of legislation are pertinent. As it stands, PECR allows marketers to send marketing messages to business people, provided that they have consent, or are able to justify processing data on the basis of Legitimate Interest (as defined by the GDPR). In today’s privacy-first environment, unsolicited emails are becoming less prevalent, but they still play an important part of the marketing mix.
There are, of course, plenty of ways to build your B2B marketing database, including trade shows, working with your sales team, and asking for consent as part of telemarketing activity. of course, you can licence lists from legitimate data services suppliers who maintain compliant repositories.
In all cases, it’s essential that certain criteria are met, including;
As we’ve already mentioned, the UK ICO has handed out some hefty fines in the last few weeks, but it should be noted that none represent the maximum 4% of global turnover allowed by the GDPR. Industry commentators have long predicted that the ICO would focus on major organisations to make examples of - and few come bigger than the likes of British Airways or Marriott hotels, both of which suffered notable data breaches.
The ICO has certainly established itself as a credible regulatory body, but is seemingly not out to prove a point to all organisations. Other notable enforcement action it has taken has usually been to deal with negligence or deliberate breach of the law, and penalties have been much lower.
The organisation is seemingly well aware that a nudge in the right direction is often the best course of action, especially after its recent admission that its own website wasn’t complying with privacy regulations. To quote Franklin D. Roosevelt, “speak softly, and carry a big stick”.
Initially, the EU had hoped that a new ePrivacy Regulation (ePR) would be ready for implementation at
the same time as GDPR, but the Council of the EU didn’t reach agreement in time for that to happen.
Essentially, this is still the case. Most recently, the EU council met in June, and briefly discussed the ePR,
but no significant progress was made - there are still many issues that’ll require clarification.
For B2B marketers, the standout revelation of the draft text was that it makes no distinction between
B2B and B2C communications. Without clarification, this would likely outlaw “cold” contact - the process
of gathering (or deducing) individuals’ contact information, before sending them unsolicited marketing
messages. Such communication would require consent from the recipient, as is already the case in B2C
It’s important to note that the implementation of the GDPR has already brought about some changes to
PECR, even though PECR itself hasn't (yet) changed. This particularly concerns various definitions, most
notably that of Consent. This new definition means that often, where consent had been gathered using
(what would now be considered) non-compliant means, that data can no longer be processed for
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Article 4 (11), GDPR.
The ePR was being progressed as part of the Romanian Presidency of the Council of the EU. In accordance with EU rules, that presidency came to an end in June, so the new president state is Finland. It isn’t clear how much of a priority ePrivacy is for Finland. Additionally, having recently selected a new president, the EU parliament is due to appoint a new European Commission - which doesn’t sit until November 2019.
The bottom line is that we don’t have a timeline. That said, at this point, it’s highly unlikely that the regulation (in whatever form it finally takes) will be adopted before at least 2021. Thereafter, there may also be an implementation period similar to the introduction of the GDPR, though where GDPR required wholesale reconsideration of Data Protection practices for all organisations, the ePR changes are likely to be easier to accommodate - so may phase in more quickly.
An update to the UK’s 1998 data protection laws was always going to be essential, and GDPR does a pretty good job of reshaping how organisations approach personal data. Hardly surprising then, that the UK government has already committed to transposing the GDPR into UK law, come what may.
Whether the UK does leave the EU or not, it’s highly likely that our privacy laws will be equivalent, if not identical. This for a number of reasons, but primarily because of the fact that any UK organisations wishing to sell products or services in the EU would need to comply fully with the GDPR in order to do so. For future trade agreements, the EU, in relation to its own citizens, has the power to determine that a 3rd party country’s data laws have “Adequacy”, but such a determination would only be possible where UK law is deemed the same, or stronger than EU law.
So what now?
Don’t panic! In all likelihood, very little will change in the next few years. Thereafter, it’s certainly a significant risk that cold B2B email, and maybe more will no longer be possible. To mitigate this risk, we suggest adjusting your marketing strategy
We make sure your Corpdata marketing data remains safe to use for all your DM campaigns during your list license period. Doing so benefits us both.
We have a unique way that we update any contact preference changes to make sure that we are both seen to respect the wishes of the individuals within any marketing list we supply. So if you license a list from us you’ll receive an update every two weeks.
We consider our GDPR update processes as being one key part of maintaining the safety of our lists. We also realise that some clients may benefit from gaining updates with more precise timing. That’s why we’ve developed a GDPR Update API (or application programming interface for the less technically minded).
You will need some technical expertise but once set up your system requests any updates you need from our system. Using our API avoids the manual downloading and opening of files, no manual transferring of information, no manual storing within your archives. It’s automated to make sure data collection and integration process just happens with little effort or opportunity for something to go wrong.
If you want to explore how our GDPR Update API automatically updates your live list all you have to do is to speak with your account manager.
|SEE US AT
|Festival of Enterprise
|23rd & 24th October
|North West Expo
|National Sales Conference
|South West Expo
Corpdata can help your direct marketing deliver the results you need by choosing the right channel. During October any qualifying orders* for Corpdata business lists will entitle your Company to receive the perfect little something to give your office a 24 inch smarter picture.
For more information visit: