Data Processing Compliance – PECR and GDPR

Our Data Processing Compliance – PECR and GDPR

Telephone and direct marketing is partially governed by the Privacy and Electronic Communications Regulations 2003 (PECR). In order to market to consumers (that is, private individuals), you must first obtain their direct consent to be marketed to. Sole traders and members of a partnership are classed as private individuals for the purposes of these regulations.

The rules for B2B marketing are different to the rules for private individuals. It is lawful to market (including sending emails to corporate e-mail addresses) to limited companies (ltd), including to individual employees and directors, unless an individual has "opted out" of receiving B2B marketing including email marketing (for example, by unsubscribing from a newsletter or an e-mail communication).

In the light of the above, in order to market to private individuals (consumers) including sole traders and members of a partnership, explicit consent must be obtained from these individuals.

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. GDPR stipulates that personal data must be processed "lawfully". In order for processing to be "lawful", one of the lawful bases must be established prior to processing of this personal data.

Some of the legal bases include explicit consent from a data subject ("opt in" consent), "legitimate interest" and other bases. "Legitimate interest" covers the processing of personal data for direct marketing purposes. It is important to consider and analyse the competing interest between the data controller (us) and the data subject (B2B contact) when deciding whether to process personal data on the "legitimate interest" basis.

If we are processing a data subject's personal data for direct marketing purposes, we will do so lawfully since we have a legitimate interest that is in balance with the rights and freedoms of the data subject concerned.

B2B Data Lists – Why we are compliant

All of our data lists are B2B and only contain contact details for limited companies (no ‘opt-out’ has been made).

We make every effort to regularly screen our B2B data lists for contacts pertaining to sole traders and members of partnerships.

'Opt-in" consent may or may not have been obtained from each B2B contact on our data lists. However, consent for B2B contacts of incorporated organisations is not legally required. This includes mail, telephone and direct e-mail marketing).

According to GDPR, the B2B data lists must be processed lawfully by us as well as the purchaser of the B2B data lists.

We process these B2B data lists on the basis that we have a "legitimate interest" to process these data lists for the sole purpose of direct marketing.

We consider this to be ab appropriate lawful basis for the following reasons:

The data subjects in our B2B data lists are business contacts (this duly includes company names, telephone number and e-mail addresses);

The processing applies only to business contact details and there is therefore a demonstrable low impact on the privacy of the individual;

Direct e-mail marketing is a reasonable and proportionate way of processing this data in order to achieve commercial objectives;

The data subjects (incorporated organisations) concerned much reasonably expect to receive business (B2B) marketing to their corporate e-mail addresses.

Therefore, the processing of personal data is transparent and fair;

The data subjects can easily indicate their wishes against having their data processed and unsubscribe from marketing e-mails

We therefore maintain that the rights and freedoms of the data subjects concerned are not adversely or disproportionately infringed upon through the course of this data processing.

Where a B2B contact is against to this processing, we will cease processing their data (B2B contacts have the choice to opt out)