The General Data Protection Regulation (GDPR) applies to any business, organisation, or even charity handling private records of EU residents or citizens.
UK and EU data protection laws
Email marketing in the United Kingdom is governed by two main laws:
The General Data Protection Regulation (GDPR):
Under this regulation, individuals can deny companies access to their personal information. Consent, whether explicit or implicit, is crucial for GDPR compliance.
While GDPR restricts the use of an individual’s data, it allows for the storage of personal information for non-marketing purposes.
The Privacy and Electronic Communications Regulations (PECR):
Part of the EU’s ePrivacy Directive, this law protects both individuals and businesses. Direct marketing communications sent to individuals via text message or email campaign are governed by these rules.
Under the PECR, the following are regulated:
- Tracking technologies such as cookies.
- Electronic marketing techniques, such as emails and texts.
- Requirements for securing customer data.
Fundamentals of data processing
A marketing email is a form of data processing.
This means you have access to your customer’s personal information, and you are using it for your own purposes (advertising).
GDPR applies to all processing of personal data in the EU. Article 5 (1) of the UK GDPR outlines these rights.
Specifically, two GDPR principles apply to marketing emails:
- The use of transactional emails needs to be fair, legal, and transparent.
- There are a few limited purposes for which you can use your customers’ email data. Any email you send should be considered in terms of its audience and intent.
Rules differ across continents
Even though GDPR is something that all EU countries need to consider, certain countries have their own regulations relating to PECR (Privacy and Electronic Communications Regulations), as long as these meet the minimum privacy standards set forth by GDPR.
It can be challenging for businesses and data protection authorities, since some countries take a stricter stance while others are more lenient.
In B2B communications, legitimate interest is the guiding principle
With regards to B2C transactions, companies often cite Article 47 of the GDPR, in which an argument is made for the legitimate interest in contacting an individual for purposes of commercial contact.
It is often a risky area, since businesses need to demonstrate their processing meets various standards and balancing criteria.
For B2B these rules are slightly different.
The GDPR considers a product or service sale to be a legitimate interest in a B2B context.
Essentially, this means B2B electronic marketing communications, including outbound telemarketing, are allowed as long as the following conditions are met:
- Only ‘corporate subscribers’ (employees of incorporated and limited companies, partnerships, governments, and local authorities) are covered.
- The relationship should be relevant to the product or service you provide (e.g., with a business that already uses products like yours).
- There must be no interference with unsubscribing or opting out
The concept of legitimate interest is only applicable to business subscribers. Under the rules of some EU countries, opt-in consent is still required for digital marketing.
Opting out vs. opting in
In opt-in systems, the recipient needs to tick a box to subscribe to your email list, while opt-out systems allow the recipient to opt out of receiving your emails. Usually, opting out means you won’t contact them again, now or in the future.
You will encounter three versions in EU countries:
- The opt-out option means you can send messages to the email addresses on your Europe business email list without the recipient having to do anything, but they must be able to opt-out at any time.
- Single opt-in is a subscription process where the user ticks a box to join your email list.
- In double opt-in, the user must tick a box and then click a link in a confirmation email to confirm their desire to receive communications from you.
Each European country’s rules and trends are outlined in the attached map. Considering that these rules change rapidly, it is best to stay up-to-date before launching a local email marketing campaign.
Safe, compliant data from More Than Words
When acquiring a European mailing list or database from another organisation, businesses must be able to prove that the data is compliant with the General Data Protection Regulation and is acceptable for advertising.
More Than Words adheres to GDPR guidelines for all marketing and databases provided to clients.
Our team of experts can assist you with creating a bespoke European business email list tailored to your company’s needs. It will contain information for the decision makers who are most likely to be interested in your products. To find out more call 0330 010 8300.