GDPR For Direct Marketing In B2B Organisations: Consent Or Legitimate Interest?
As the GDPR compliance deadline of 25 May approaches, there is still a great deal of confusion amongst B2B businesses about the whether or not Consent or Legitimate Interest are both acceptable legal bases for the processing of personal data – particularly for direct marketing purposes (which includes most forms of B2B sales conducted via direct email or telephone calls).
The most important first step for B2B organisations to take is to decide which route they are choosing: Consent or Legitimate Interest? This decision needs to take into account the legal risks and commercial risks associated with each one. There is no ‘risk free’ option.
As a ‘general rule’ Consent carries lower legal risk and higher commercial risk, while Legitimate Interest carries a lower commercial risk and higher legal risk:
- Consent carries lower legal risk as it is much more ‘clear cut’. A data subject has either consented or they have not. However, going with Consent carries a very high commercial risk as many prospects and customers won’t give their Consent in time (by 25 May 2018) – not because they don’t want you to process their data, but just because they might miss your Consent request in their inbox!
MPG’s research indicates that, on average, B2B organisations are achieving below a 10% rate for ‘converting data subjects to Consent’ using email campaigns. Running a Consent campaign via telephone is usually prohibitively expensive and the time this might take to set up and execute means it is probably not a viable option. With the compliance deadline looming on 25 May, we expect most data subjects to be bombarded with Consent requests from a large number of companies (possibly hundreds!). This is likely to reduce the response rate even further.
- Legitimate Interest carries a lower commercial risk as, with the right marketing strategy and targeted approach, you can process personal data of data subjects who have not given their consent, which may give you ten times more reach via your database than if you are relying on Consent.
However, Legitimate Interest carries higher legal risk as complying by this route is not as ‘clear cut’, which is why many lawyers seem to be advising their clients against this approach.
MPG has written a guide to help our clients make the right decision about whether to choose Consent or Legitimate Interest for processing personal data – specifically in relation to direct marketing – and how to then implement this decision. Our guide includes references to specific, relevant guidance from the final GDPR Directive text issued by the EU and specific, recent guidance from the ICO.
It is important that GDPR strategy decisions are made based on this kind of analysis, rather than what we read on social media and in the press – as much of what is being published is not specific to B2B and in many cases, is incorrect.
Please get in touch if you wish to discuss MPG’s guide or your GDPR compliance strategy.