Business Email: This is the first part in the email deletion series and concerns B2B relationships. GDPR text is ambiguous as to whether a distinction can be drawn between corporate email addresses and individual email addresses. Is it still possible to opt-out with a corporate email address?
Currently, the only difference between B2C (consumer email) and B2B (business email) marketers is in connection with email and text marketing to employees of corporate organisations. For any B2B marketing communications, the content must be about products/services which are relevant to the recipient’s job role.
At the moment, when dealing with sole traders or partnerships, rules governing B2C marketing will apply to B2B marketers for email and SMS: you will need to opt-in consent. For direct mail and telephone, you need to offer an opt-out. When emailing and texting, you do not need prior consent or an opt-in from an individual.
Until recently, B2B marketers believed that this market practice would remain unchanged. GDPR did not differentiate between B2B and B2C data. It was thought that the Privacy and Electronics Communication Regulation (PECR) would continue to be the binding legislation.
The question is: is Business-to-Business email classified as personal data?
The answer to this question is dependent on who you ask. The Direct Marketing Association commented that:
“When dealing with employees of corporates – that is, limited companies, LLPs, partnerships in Scotland and government departments – the rules for telephone and direct mail are the same, opt-out. When emailing or texting, you do not need the prior consent/opt-in from the individual. You can therefore send them a marketing email/text as long as you provide an easy way to opt out of future communications from you.”
Conversely, the Data Protection Network gave the following advice:
“Named corporate B2B data (e.g. [email protected]) is personal data and would have to be processed in line with GDPR. B2B marketers would therefore need to make a choice between using Consent or Legitimate Interests for sending electronic communications.”
The Data Protection Network’s advice is more relevant for a company targeting sole traders, who can be treated as individuals. These businesses can only be emailed after acquiring specific consent or have bought from you and did not opt-out of further communication.
It is important to note that GDPR will not stray too far from PECR. B2B relationships are distinguished from B2C relationships under GDPR via “electronic communication services”. For B2B the UK Parliament and legislation will be responsible for implementing the protection for business-oriented companies.
Despite who the targeted consumer of a business is, communication needs to be transparent: it is made clear whom it is from and it is made easy to opt-out from business email in the future.
For a b2b relationship, it is not necessary to delete business’ emails or personal data, although it is important to keep an eye out for government legislation regarding GDPR business protection.