Will GDPR Affect B2B?
The General Data Protection Regulation (GDPR) came into effect in May 2018 and is the current legislation governing data protection across the EU. GDPR was created to regulate the processing of personal data. Personal data is any information relating to an identifiable, living person, whilst processing includes the storing, transferring, and use of personal data. Business data is treated differently than personal data under the GDPR, therefore the restrictions placed on business-to-business (B2B) correspondence are not the same as those placed on business-to-consumer/customer (B2C). Many businesses' daily operations include both B2B and B2C transactions, so it is important to recognise how these different sets of contacts must be treated in order to ensure your business is operating within the law at all times.
Will GDPR Affect B2B?
Yes. Whilst GDPR 's reach is focussed upon personal rather that business data, it is still vital to understand GDPR and its applications to your organisations' communications and processing strategies. This is because many organisations and businesses still process personal data, e.g. email addresses and payment card information. Additionally, B2B marketers are allowed to send marketing emails to business email addresses without specific consent as long as there is a legitimate interest. Legitimate interest means a valid reason for businesses to process personal data and can be claimed if the following criteria are met:
- Processing is a clear benefit to your business
- There is only a small impact on the privacy of your data subjects
- Individuals would reasonably expect your business to use their personal data in this way
- You don't want to bother people with a consent request when they are unlikely to object
When consent has not been explicitly obtained, you must give recipients an opt-out option and include a link to your privacy notice. The privacy notice should inform data subjects (those whose personal data you hold) how their data will be handled and processed.
Will GDPR Affect B2C?
Yes. GDPR has renovated the way in which B2C companies can market to their consumers. You cannot retain or process customer data if they do not give active, informed consent to join your mailing list or to receive further correspondence. B2C differs from B2B as data subjects must actively opt-in rather than being given the option to opt-out after correspondence has already begun. Sole traders and some partnerships fall under the B2C umbrella, despite their business identity. They must be treated with B2C restrictions accordingly. Some businesses struggle to differentiate B2C customers from B2B customers so, remember, many personal email addresses can be recognised through common endings such as "@hotmail", "@gmail" or "@btinternet".
Why is it Important to be GDPR Compliant?
Data protection compliance is monitored by the Information Commissioner's Office (ICO) in the UK. The ICO are capable of issuing fines of up to €20 million or 4% of your annual turnover, whichever is greater, for data breaches. As well as hefty fines, a data breach could stain the reputation of your organisation. If you struggle to differentiate B2B contacts from B2C contacts then a fool proof method of remaining GDPR compliant is to treat them all with B2C restrictions. This would involve obtaining active consent from all contacts, and may well be best practice for many organisations.