Is the GDPR applicable in a (pure) B2B Context ?
On Tuesday, 6th December, we had our second client workshop about the GDPR. The diverse audience included retailers, manufacturers in the food and beverages industry, franchise networks, IT, healthcare and financial sector companies as well as invitees from national and European federations active in retail and distribution.
There were diverging views on the way in which the GDPR and ePrivacy Directive (which is also due to be replaced by EU regulation) will apply in a (pure) B2B context. It seems clear that prior informed consent is the sole basis for B2C e-mail marketing. However the current text of the (draft) ePrivacy Regulation is ambiguous as to whether a distinction can be drawn between corporate email addresses and individual email addresses. Nevertheless, ‘named’ corporate B2B data (e.g. firstname.lastname@example.org) is clearly personal data and should therefore be processed in line with GDPR. B2B marketers will therefore need to make a choice between using Consent, the so called ‘soft opt-in’ where there is an existing client relationship, or Legitimate Interest for their electronic communications.
Perhaps recital 47 to the GDPR which states (amongst other things) that ‘processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest’ will provide some useful guidance. One thing is for sure the GDPR is yet to reveal all of its secrets !