Rhetorik: What Does GDPR Mean for B2B Marketing? (Part II)

Yesterday, I presented a discussion of Legitimate Interest as the basis of GDPR communications.  For B2B companies in the UK, the 2003 PECR (The Privacy and Electronic Communications Regulations of 2003) law is often applicable when assessing GDPR and Data Privacy:

GDPR and Data Privacy under UK PECR and Non-PECR scenarios (Source: Rhetorik)
GDPR and Data Privacy under UK PECR and Non-PECR scenarios (Source: Rhetorik)

The PECR discusses soft opt-ins for individuals, sole traders and some partnerships, but not B2B.  The ICO states that “the term ‘soft opt-in’ is sometimes used to describe the rule about existing customers. The idea is that if an individual bought something from you recently, gave you their details, and did not opt out of marketing messages, they are probably happy to receive marketing from you about similar products or services even if they haven’t specifically consented. However, you must have given them a clear chance to opt out – both when you first collected their details, and in every message you send.  The soft opt-in rule means you may be able to email or text your own customers, but it does not apply to prospective customers or new contacts.”

Legitimate Interest also applies to data licensing relationships and marketing partnerships.  If personal data interest is maintained for a specific purpose (e.g. Technology Sales), data licensing and sharing needs to be kept within the original scope.

Legitimate Interest and Consent also apply within a company.  Data maintained for one product line may not be usable for others, particularly if the firm spans multiple sectors.

The UK Direct Marketing Association published guidance on the subject of Legitimate Interest helping make sense of Article 6.1.f:

“Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

And Recital 47:

“The legitimate interests of a controller, including those of a controller to which the Personal Data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.”

Once the basis of holding personal data is met, companies have additional conditions to meet around transparency (notification and the right to object), data minimization (Is there a legitimate interest in collecting all of the fields? How long is data retained?), and reasonable expectation (limited impact to personal and private life; ensuring data accuracy).

For individuals who opt out, firms must retain suppression lists to prevent the re-collection of personal information.  The suppression list should be the minimal information required to ensure the individual is not added back into the marketing database at a later date.  With B2B, the list may simply be name and email.

The GDPR also sets out expectations which are relationship specific:

  • Suspects – legitimate interest, reasonable expectation, transparency
  • Prospects – reasonable expectation; consent
  • Clients – contract, legitimate interest, reasonable expectation, data minimization, transparency

Part III of Rhetorik’s presentation discusses GDPR myths and applicable laws across Europe.


GDPR Article 6.1
GDPR Article 6.1

Rhetorik: What Does GDPR Mean for B2B Marketing?

I’ve been looking for a good description of what GDPR (General Data Protection Regulation) means to B2B marketers and finally came across a session given by UK technology profiler Rhetorik.  There have been a number of issues that have muddied the waters, making it difficult to provide much more than general rules.  Amongst the issues are a focus on the implications to consumer marketers, the lack of a general law that spans the EU, and an emphasis on rumors and fears about what will happen to firms that fail to comply with the regulation.

Rhetorik Data Protection Officer Samantha Magee noted that GDPR covers how and why companies hold and protect data.  It is focused on internal processes rather than external communications, and is channel agnostic.

In around 18 months, the EU will pass uniform ePrivacy legislation which covers external communications in member countries.  Until then, rules will remain fragmentary.  For example, Opt-in or Opt-out protocols differ by country with the UK amongst the more liberal countries:

Opt-in / Opt-out workflow by country (Source: Rhetorik)
Opt-in / Opt-out workflow by country (Source: Rhetorik)

For the moment, GDPR has given teeth to local regulations.  In the UK, the PECR (The Privacy and Electronic Communications Regulations of 2003), overseen by the Information Commissioners Office (ICO), remains the applicable regulation for consumer, single trader, and small partnership communications.  It was drafted after the European Directive 2002/58/EC, otherwise known as the or ‘e-privacy Directive’, was implemented in 2002.

There are six bases for communicating with clients and prospects, all of which have equal weight: Consent, Contract, Legal Obligation, Vital Interest, Public Task, and Legitimate Interest.  Of these, Consent (e.g. opt-in) and Legitimate Interest are the most common for B2B marketers.  Support and service departments would most likely be covered under contractual relationships.

“Legitimate Interest aims to provide a solid and lawful basis upon which commercial communication can occur, allowing marketers to promote their products and services to a targeted and well defined audience,” said Magee.  “At its heart, is the desire to ensure that commercial practices and communications are relevant to the individual, offering the assurance that high standards of care are applied and that their essential privacy” rights are considered of the utmost importance.”


Part II continues with a discussion of the UK PECR law and additional details on Legitimate Interest.

Rhetorik Extends its UK/Irish NetFinder Service

Job Function Searching in Rhetorik NetFinder
Job Function Searching in Rhetorik NetFinder

UK Technology Sales Intelligence vendor Rhetorik released an enhanced version of its UK and Irish NetFinder service. The revised edition covers over 40,000 corporate and public-sector sites. The service doubled its technology buyers to 215,000 and increased its technology coverage five-fold including enhanced install data on cloud, enterprise and vertical industry applications, system software and middleware applications.

The Rhetorik database tags over 10,000 products from 6,000 vendors and maintains over 150 technology categories. Data coverage spans 164 biographic, firmographic, and technographic variables including email, phone, revenue, employees, line of business, and site-level technographics. All contacts are GDPR compliant and 92% contain emails.

“Rhetorik has adapted its policies and procedures to upgrade DPA regulatory standards to meet GDPR requirements,” said the firm. “While monitoring closely progress on the e-Privacy legislation, Rhetorik follows best-practice processes as set by PECR – Privacy and Electronic Communication Regulation. We have implemented clear and easy to follow procedures for individuals to be informed and manage their own Business Card Data. We keep access to all B2B information secure and protected.”

Data is gathered through a combination of automated means and editorial research.

Over the past year, Rhetorik has partnered with the European Market Intelligence Group (EMIG) and CNCData to provide European and AsiaPac coverage. The EMIG coverage spans 14 countries, 180,000 companies, and one million contacts. The CNCData partnership delivers over two million contacts and 1.2 million companies across 23 AsiaPac countries.

Rhetorik, which has provided technology intelligence for over two decades, underwent a management buy-out last summer. At the time, CEO Meredith Amdur, set a goal of expanding their “data gathering and analytics capabilities to create new products for technology sales and marketing professionals worldwide.”