Rules for B2B Marketing using Emails and Text:
Sole traders and some partnerships are treated as individuals, so you can only email or text them if they have specifically consented, or if they bought a similar product from you in the past and didn’t opt out from marketing messages when you gave them that chance. You must include an opt-out or unsubscribe option in the message.
You can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body). However, it is good practice, and good business sense, to keep a ‘do not email or text’ list of any businesses that object or opt out and screen any new marketing lists against that.
You may also need to consider the GDPR if you are emailing employees at a corporate body who have personal corporate email addresses (e.g. email@example.com).
What about B2B Marketing live calls?
You can call any business that has specifically consented to your calls – for example, by ticking an opt-in box.
You can also make live calls to any business number that is not registered on the Telephone Preference Service (TPS) or the Corporate TPS (CTPS), but only if they haven’t objected to your calls in the past and you are not marketing claims management services (calls for this purpose require consent).
You should remember that some businesses (sole traders and some partnerships) register with the TPS, and others (companies, some partnerships and government bodies) register with the CTPS. For business-to-business calls, you will therefore need to screen against both the TPS and the CTPS registers, as well as your own ‘do not call’ list.
The rules on automated calls are stricter. You must not make an automated marketing call – that is, a call made by an automated dialling system that plays a recorded message – unless the business has specifically consented to receive this type of call from you. General consent for marketing, or even consent for live calls, is not enough – it must specifically cover automated calls.
The GDPR highlights some processing activities where the legitimate interests’ basis is likely to apply:
- processing employee or client data;
- direct marketing; or
- intra-group administrative transfers.
The recitals say that legitimate interests ‘may’ apply to these processing activities, but this does not mean these activities will always be a legitimate interest or it automatically gives you a lawful basis for processing. You still need to apply the three-part test to demonstrate that it does apply in the particular circumstances.
|Marketing method||Is legitimate interests likely to be appropriate?|
|‘Live’ phone calls to TPS/CPTS registered numbers||✘|
|‘Live’ phone calls to those who have objected to your calls||✘|
|‘Live’ phone calls where there is no TPS/CTPS registration or objection||✓|
|Automated phone calls||✘|
|Emails/text messages to individuals – obtained using ‘soft opt-in’||✓|
|Emails/text messages to individuals – without ‘soft opt-in’||✘|
|Emails/text messages to business contacts||✓|
Can you use legitimate interests for Business to Business contacts?
Yes, it is likely that much of this type of processing will be lawful on the basis of legitimate interests, but there is no absolute rule here and you need to apply the three-part test.
You are still processing personal data when you are using and holding the names and details of your individual contacts at other businesses. You must have a lawful basis to process this personal data.
You can consider using legitimate interests as your lawful basis for such processing. However, you need to identify your specific interest underlying the processing and ensure that the processing is actually necessary for that purpose.
Assuming you can meet these first two parts of the three-part test, you also need to consider the balancing test. You may find it is straightforward as business contacts are more likely to reasonably expect the processing of their personal data in a business context, and the processing is less likely to have a significant impact on them personally.