If your inbox looks anything like ours, you know that email marketing is still alive and well years after CAN-SPAM and GDPR regulations went into effect. With new client opportunities in Europe and some of our existing clients closing on M&A activities that expanded their reach internationally, we brushed up on all things General Data Protection Regulation (GDPR) to make sure we’re following best practices when sending email campaigns across the pond to businesses in the EU and UK.
What you need to know about GDPR
GDPR, which came into effect in 2018, aims to protect individuals’ personal data and regulates how businesses collect, process, and store this information. As B2B marketers, we are most concerned with GDPR compliance surrounding emails sent to ‘corporate subscribers’. According to the Information Commissioner’s Office (ICO), corporate subscribers are email addresses of individuals at companies, corporate bodies, limited liability partnerships, Scottish partnerships, and government bodies.
Under GDPR, the rules on consent —soft opt-in and the right to opt out—DO NOT apply to emails sent to corporate subscribers. That means marketers are allowed to send emails to any person with a company email address. But that doesn’t mean you should ignore best practices or send unsolicited marketing messages, aka Spam! It’s still a good rule of thumb to state within the email why you are reaching out and what the legitimate business need is for the recipient.
The ICO emphasizes that while corporate subscribers may not be covered by certain GDPR rules, you should still respect their marketing communication preferences. If a corporate entity asks you not to send them marketing emails, well then don’t!
Important note; some employees may have personal corporate email addresses (e.g., [email protected]), which are considered personal data under GDPR. Individual employees have the right under the Data Protection Act (DPA) to stop any marketing being sent to this type of email address.
GDPR Compliance Guide
- Identify corporate subscribers correctly and distinguish them from individual customers or sole traders.
GDPR Rules DO NOT Apply:
- Corporate Subscribers: Any prospect with a company email address that falls within these business categories; companies, corporate bodies, limited liability partnerships, Scottish partnerships, and government bodies.
GDPR Rules DO Apply:
- Individual Customers: Any prospect with a personal email.
- Sole Traders: Any prospect who is a sole proprietor (i.e., freelancer or contractor) who runs their own business as an individual. It doesn’t matter if they have a business email, GDPR rules still apply.
- Include clear and accurate information about the sender and contact details in all marketing emails.
- Respect unsubscribe/do not email requests from any business, even if they are not covered by specific GDPR rules.
As you well know, we are marketers here at ODEA, not lawyers. Please consider this post a guide, not legal advice. If you are unsure about how to keep your marketing activities legit in accordance with GDPR, contact a lawyer to get definitive answers to your questions. If you’re in need of some marketing know-how, please connect with your favorite ODEA-ite.