Common Questions about the EU GDPR
Are you unsure what the EU GDPR means for your B2B marketing data?
Get your common questions answered here.
Below is our informed interpretation of the EU General Data Protection Regulation and its effect on B2B email marketing. This page is designed to help you better understand the legal terms you will find in the GDPR, although we would encourage you to read the text for yourself to see exactly how it applies to your business.
Here are some of the most common questions we have received from our clients around the GDPR, along with their answers. If you have any other questions, please get in touch and a CommuniGator marketing automation expert will be happy to advise you.
What you need to know
1. How does the right to be forgotten work in principle?
If an individual exercises their right to be forgotten, the data controller must take reasonable steps to inform all parties in the supply chain who are processing the subject’s personal data about the erasure. However, unsubscribing or opting-out from marketing communications is different from the right to be forgotten. In the case of an individual no longer wanting to receive direct marketing communications, an organisation should retain their personal data information as long as necessary in an ‘unsubscribe’ file, making sure all parties in the supply chain are aware.
The right to be forgotten doesn’t mean you have to delete your existing suppression files either. These will still be required to make sure you do not contact those people that have asked you not to get in touch, and is a separate requirement. This means organisations will be able to retain customer information to contact them about safety or product recall concerns even if that customer has exercised the right to be forgotten.
2. How does the right to data portability work in practice?
The right to data portability only applies where the data processing is based on content, carried out by automatic means and the data subject has provided the information. In practice, it will only apply to cases where the customer switches providers, such as social media services or utilities.
3. What about Subject Access Requests?
Individuals have the right to obtain the personal data held about them free of charge the first time. For any further copies, organisations can charge a ‘reasonable fee’. Organisations are also within their right to refuse to answer a subject access request if it is malicious in nature.
4. Will the EU GDPR be applicable to legacy consent of customers?
As far as we are aware, the EU GDPR WILL NOT be applicable to legacy consent of customers. We would suggest reconfirming their consent to be on the safe side or check with the Information Commissioner’s Office for further guidance.
5. What does “retaining data for as long as it is relevant” actually mean?
This principle is a storage limitation principle in the new regulation. The ICO has produced guidance on the current principle here.
6. How frequently would you suggest consumer consent should be refreshed, if at all?
As far as we are aware, you do not necessarily have to get refreshing consent, but you do have to offer subjects the opportunity to opt out. The ICO will be publishing new guidance on this soon.
7. Will digital tracking techniques need to be more transparent now?
Clarity and transparency of consent are a highlight of the new regulation. We would recommend that you are as clear and open as possible about what you will do with personal data. This includes digital data such as cookies.
8. What is the required language for the opt-in messaging?
9. How will the GDPR changes impact B2B marketers compared to B2C marketers in terms of email?
The difference is going to be small. This is because B2B data can be viewed as personal data as it identifies an individual, i.e. a business email or phone number that relates to an individual is considered personal data. B2B contacts will be treated the same as B2C if personal data is involved.
10. How does consent apply to purchased data lists, will we now need to seek opt-ins for cold call lists in B2B?
No, companies will not have to make calls or seek opt-ins for cold call lists in B2B. Only email and SMS will require opt-in consent.