I’ve been looking for a good description of what GDPR (General Data Protection Regulation) means to B2B marketers and finally came across a session given by UK technology profiler Rhetorik. There have been a number of issues that have muddied the waters, making it difficult to provide much more than general rules. Amongst the issues are a focus on the implications to consumer marketers, the lack of a general law that spans the EU, and an emphasis on rumors and fears about what will happen to firms that fail to comply with the regulation.
Rhetorik Data Protection Officer Samantha Magee noted that GDPR covers how and why companies hold and protect data. It is focused on internal processes rather than external communications, and is channel agnostic.
In around 18 months, the EU will pass uniform ePrivacy legislation which covers external communications in member countries. Until then, rules will remain fragmentary. For example, Opt-in or Opt-out protocols differ by country with the UK amongst the more liberal countries:
For the moment, GDPR has given teeth to local regulations. In the UK, the PECR (The Privacy and Electronic Communications Regulations of 2003), overseen by the Information Commissioners Office (ICO), remains the applicable regulation for consumer, single trader, and small partnership communications. It was drafted after the European Directive 2002/58/EC, otherwise known as the or ‘e-privacy Directive’, was implemented in 2002.
There are six bases for communicating with clients and prospects, all of which have equal weight: Consent, Contract, Legal Obligation, Vital Interest, Public Task, and Legitimate Interest. Of these, Consent (e.g. opt-in) and Legitimate Interest are the most common for B2B marketers. Support and service departments would most likely be covered under contractual relationships.
“Legitimate Interest aims to provide a solid and lawful basis upon which commercial communication can occur, allowing marketers to promote their products and services to a targeted and well defined audience,” said Magee. “At its heart, is the desire to ensure that commercial practices and communications are relevant to the individual, offering the assurance that high standards of care are applied and that their essential privacy” rights are considered of the utmost importance.”
Part II continues with a discussion of the UK PECR law and additional details on Legitimate Interest.