We use cookies to improve your online experience. For information on the cookies we use and for details on how we process your personal information, please see our cookie policy and privacy policy. By continuing to use our website you consent to us using cookies. Continue

Will GDPR Affect B2B?

Compliance Knowledge Base | GDPR

Posted by: Lauren Hockley Published: Wed, 15 Aug 2018 Last Reviewed: Wed, 15 Aug 2018
Will GDPR Affect B2B?

The General Data Protection Regulation (GDPR) came into effect in May 2018 and is the current legislation governing data protection across the EU. GDPR was created to regulate the processing of personal data. Personal data is any information relating to an identifiable, living person, whilst processing includes the storing, transferring, and use of personal data. Business data is treated differently than personal data under the GDPR, therefore the restrictions placed on business-to-business (B2B) correspondence are not the same as those placed on business-to-consumer/customer (B2C). Many businesses' daily operations include both B2B and B2C transactions, so it is important to recognise how these different sets of contacts must be treated in order to ensure your business is operating within the law at all times.

Will GDPR Affect B2B?

Yes. Whilst GDPR 's reach is focussed upon personal rather that business data, it is still vital to understand GDPR and its applications to your organisations' communications and processing strategies. This is because many organisations and businesses still process personal data, e.g. email addresses and payment card information. Additionally, B2B marketers are allowed to send marketing emails to business email addresses without specific consent as long as there is a legitimate interest. Legitimate interest means a valid reason for businesses to process personal data and can be claimed if the following criteria are met:

  • Processing is a clear benefit to your business
  • There is only a small impact on the privacy of your data subjects
  • Individuals would reasonably expect your business to use their personal data in this way
  • You don't want to bother people with a consent request when they are unlikely to object

When consent has not been explicitly obtained, you must give recipients an opt-out option and include a link to your privacy notice. The privacy notice should inform data subjects (those whose personal data you hold) how their data will be handled and processed.

Will GDPR Affect B2B?

Will GDPR Affect B2C?

Yes. GDPR has renovated the way in which B2C companies can market to their consumers. You cannot retain or process customer data if they do not give active, informed consent to join your mailing list or to receive further correspondence. B2C differs from B2B as data subjects must actively opt-in rather than being given the option to opt-out after correspondence has already begun. Sole traders and some partnerships fall under the B2C umbrella, despite their business identity. They must be treated with B2C restrictions accordingly. Some businesses struggle to differentiate B2C customers from B2B customers so, remember, many personal email addresses can be recognised through common endings such as "@hotmail", "@gmail" or "@btinternet".

Accompanying Legislation

The ePrivacy Regulation (ePR) is another EU Act and was originally intended to be introduced alongside the GDPR, but the regulation was delayed. The ePR is a proposal for privacy and electronic communications regulations. The proposed regulation governs the protection of personal data and respect for private life in electronic communications and would cover subjects like the use of cookies and opt-outs.

Why is it Important to be GDPR Compliant?

Data protection compliance is monitored by the Information Commissioner's Office (ICO) in the UK. The ICO are capable of issuing fines of up to €20 million or 4% of your annual turnover, whichever is greater, for data breaches. As well as hefty fines, a data breach could stain the reputation of your organisation. If you struggle to differentiate B2B contacts from B2C contacts then a fool proof method of remaining GDPR compliant is to treat them all with B2C restrictions. This would involve obtaining active consent from all contacts, and may well be best practice for many organisations.

Get in Touch

* Required Field

Get in Touch

Get in Touch

Get in Touch

+44 (0)1509 611 019

We'd love to talk to you about how we can help. Please leave your details below and a member of our team will get back to you.

* Required Field

Get in Touch