You are here:
Common Questions about the EU GDPR

  • Do you want to generate more sales leads?
  • Do you know how to generate more leads from your website?
  • Do you need to generate more sales leads online in general?

Common Questions about the EU GDPR

Are you unsure what the EU GDPR means for your B2B marketing data?

Get your common questions answered here.


UPDATED: 06/03/2018

By now most of us in the B2B marketing world have heard of the GDPR. Yet, many of us still don’t know exactly what the GDPR means. So we wanted to just recap on some of the most common questions we’ve been asked and have the answers you need.  


Since we penned the content below, there has been a signification update to the E-Privacy Regulation and PECR, that you will want to pay attention to if your are a B2B Marketer.

If you are looking to process (sending marketing communications) using ‘consent’ then the below applies. HOWEVER, with the update/amendment to the E-Privacy Regulation/PECR in December 2017, you can now use ‘legitimate interest’ as the reason for processing (sending marketing communications) your B2B data.

Find out more in our latest blog post: and also download a copy of our latest resource which clarifies this stance: The Fog Clears on GDPR.

The below was published in November 2016


Below is our informed interpretation of the EU General Data Protection Regulation and its effect on B2B email marketing. This page is designed to help you better understand the legal terms you will find in the GDPR, although we would encourage you to read the text for yourself to see exactly how it applies to your business.

Here are some of the most common questions we have received from our clients around the GDPR, along with their answers. If you have any other questions, please get in touch and a CommuniGator marketing automation expert will be happy to advise you.

Every now and then, we’d like to send you information that delivers, develops and promotes our products and services that are relevant to you. Submitting your details tells us that you’re OK with this and you also agree to our privacy policy and cookie policy. You can, of course, opt out of these communications at any time!

1. How does the right to be forgotten work in principle?
If an individual exercises their right to be forgotten, the data controller must take reasonable steps to inform all parties in the supply chain who are processing the subject’s personal data about the erasure. However, unsubscribing or opting-out from marketing communications is different from the right to be forgotten. In the case of an individual no longer wanting to receive direct marketing communications, an organisation should retain their personal data information as long as necessary in an ‘unsubscribe’ file, making sure all parties in the supply chain are aware.

The right to be forgotten doesn’t mean you have to delete your existing suppression files either. These will still be required to make sure you do not contact those people that have asked you not to get in touch, and is a separate requirement. This means organisations will be able to retain customer information to contact them about safety or product recall concerns even if that customer has exercised the right to be forgotten.

2. How does the right to data portability work in practice?
The right to data portability only applies where the data processing is based on content, carried out by automatic means and the data subject has provided the information. In practice, it will only apply to cases where the customer switches providers, such as social media services or utilities.

3. What about Subject Access Requests?
Individuals have the right to obtain the personal data held about them free of charge the first time. For any further copies, organisations can charge a ‘reasonable fee’. Organisations are also within their right to refuse to answer a subject access request if it is malicious in nature.

4. Will the EU GDPR be applicable to legacy consent of customers?
As far as we are aware, the EU GDPR WILL NOT be applicable to legacy consent of customers. We would suggest reconfirming their consent to be on the safe side or check with the Information Commissioner’s Office for further guidance.

5. What does “retaining data for as long as it is relevant” actually mean? 
This principle is a storage limitation principle in the new regulation. The ICO has produced guidance on the current principle here.

6. How frequently would you suggest consumer consent should be refreshed, if at all? 
As far as we are aware, you do not necessarily have to get refreshing consent, but you do have to offer subjects the opportunity to opt out. The ICO will be publishing new guidance on this soon.

7. Will digital tracking techniques need to be more transparent now? 
Clarity and transparency of consent are a highlight of the new regulation. We would recommend that you are as clear and open as possible about what you will do with personal data. This includes digital data such as cookies.

8. What is the required language for the opt-in messaging?
The ICO’s guidance says “The crucial consideration is that the individual must fully understand that their action will be taken as consent, and must fully understand exactly what they are consenting to. There must be a clear and prominent statement explaining that the action indicates consent to receive marketing messages from that organisation (including what method of communication it will use). Text hidden in a dense privacy policy or in ‘small print’ which is easy to miss would not be enough.”

9. How will the GDPR changes impact B2B marketers compared to B2C marketers in terms of email?
The difference is going to be small. This is because B2B data can be viewed as personal data as it identifies an individual, i.e. a business email or phone number that relates to an individual is considered personal data. B2B contacts will be treated the same as B2C if personal data is involved.

10. How does consent apply to purchased data lists, will we now need to seek opt-ins for cold call lists in B2B?
No, companies will not have to make calls or seek opt-ins for cold call lists in B2B. Only email and SMS will require opt-in consent.