Log inSign up

GDPR Advice

Definition of GDPR

This abbreviation means “General Data protection and regulation”. This is a new law that was created in EU in order to provide decent protection for the private info and provide EU citizens with the opportunity to control the usage of their private data. If the company (even which is not located in EU) is going to conduct business with anyone located in EU, it should apply these rules that are aimed at controlling of the data usage and holding of users’/customers’ info.

Whether your company located in EU or not, you need to study this law which is considered to be a part of the most significant changes in the regulation of the data protection in the last 20 years. This law refers to any company or clients that are located in Europe.

GDPR and B2B

This law has a very broad meaning and covers many aspects of company-customer relationships. In general, it is aimed at the protection of customers by setting strict regulations on the ways companies collect, use, store, and protect the private information of its users/customers. The GDPR refers to all types of communication, whether it is B2C or B2B. However, some aspects differ for B2B cases.

What data is the most significant in B2B campaigns? Usually, it is an email, decision-makers’ names and the ways to contact them and so on. Some of the information you may use in your campaign is not considered as the private one. But email addresses, even the corporate ones, still are considered as “private data” according to GDPR.

Pay attention that there are 2 significant GDPR regulations that B2B companies must know and follow.


You cannot deliver letters to the people without their previous submitting receiving any correspondence from you. This means you are not allowed to deliver unwelcomed emails to the prospects if they do not opt in for it. To conduct this activity with their email address you must get permission and then start promoting your services.

Right to data deletion

You also must keep in mind that users have a right to be forgotten. Imagine you communicate with a person who no longer wants to get any letters from your company. This means the person wishes his or her address to be excluded from the delivery list as well as other data about them that you may have obtained earlier. In order to follow GRPR regulations, you are obliged to respect this request and erase all the possible data about the person that is stored in your base.

What about cold emailing now?

Many companies start worrying that GDPR can lead to the extinction of the B2B marketing we got used to. Considering the GDPR statements that we have discussed above, this law forbids cold emailing. Sure thing, for most B2B marketers this will be a challenge. However, there are ways to get customers’ permission to send them emails before directly contacting them. One of the options is the fares or exhibitions where you can invite potential users/customers to opt in for your emailing. As these prospects will be informed about the type of letters they will receive, this may be considered and submitting and will be within GDPR rules.

The main issue is that the majority of companies hold their business in a different way, at least not for every potential customer. More common practice always was marketing research and analysis that helps to define potential customers and find contacting and other personal info about companies’ decision-makers. This approach allows enlarging the contact list. This approach also implies that you will contact companies and people that you did not have any previous interaction with.

Thankfully, the key point here is “Not necessarily”. According to article 6.1 of GRPR, there are 6 legitimate bases that regulate usage of the private data.

The issue here is the following: you need to get permission from the customer to conduct the communication with him or her or receive an invitation from them in the first place.

The requirement of agreement: the company (like yours, for instance) should process the personal info of its customers (email and other contacting info) to meet contact’s requirements.

Law compliance: the company is obliged to process clients’ data for reasons compliant to the law.

Higher interest: the company is obliged to process clients’ data in order to fulfill protection purposes for the interests of interested parties or another person.

Public interest: processing of the data is the main when it comes to public interests.

Legal interest: according to GDRP, processing of the private info for the clearly marketing tasks can be accepted as the activity within Legal interests. In many aspects it is confusing.

Thankfully, B2B marketers must pay attention only to 2 of them. Firstly, they need to fulfill the requirement of the consent receiving, as it was specified above. When the person voluntarily allows you to send a letter to his or her email, this means you have got the required permission. The other aspect you need to pay attention to is the legal, or legitimate, interest. B2B marketers may use this point as a justification of their communication with most of the potential customers. What does it mean? Unfortunately, there are some controversial thoughts on this matter as there is still no any clear definition for “legitimate interest”.

But if we take a look at GDPR and its Article 47 where the term is used, we can conclude that direct marketing is laid under legitimate interest and marketing interests can be qualified by sender’s commercial interest in conducting communication.

An important issue is the following: despite there is no 100% clearness, GDPR regulations define that there is a legal right to process Personal Data. But you need to make sure that in this matter you do not violate or somehow else affect the freedom and rights of the person, otherwise, the legal reasons for data processing will be declined. This cannon be considered as a loophole that gives you an opportunity to neglect GDPR statements. Even when it may look like an opportunity for direct sellers, the interests of both sides should be considered. It is clear that any company will have a “legal interest” in attracting potential customers and turning them into loyal clients. But is this potential client has the mentioned “legitimate interest” in hearing from you, this is another case. In order to avoid violating any statements of GDPR, marketers should follow 3 main rules.

Firstly, your actions in marketing are based on clients’ permission. This can be received at the beginning of business communication or received in a while. If you do not get the consent from the person, you are not allowed to deliver any kind of marketing and selling emails without previous notification. Considering this, you should pay attention to cases when people may consider your actions as blackmailing or will have the desire to report about you to special authorities.

Secondly, keep in mind that receiving consent is your main priority. It should be done in a natural way by requesting this permission. This will help you to start building trustful relationships with your potential client. As soon as you obtain the consent, your further actions will be within regulations and you will have “legitimate interest” after that. Also, keep tracking this relationship in order not miss any detail. All these aspects will help you in protecting yourself in case someone will decide to complain about your actions while they are completely within GDPR statements.

Thirdly, you are obliged to respect all requests for deletion without making any exceptions. If you receive a request to stop emailing and contacting the person or your actions are considered to be bothering, you must stop any activity towards the person immediately. If you ignore such requests and signs, you can risk being accused in GDPR violation. You should better to avoid such risks as the maximum fine can reach 20 million or 4% of their “annual global rotation”.

How to work with an existing database

Keep in mind that the legitimate interest protects you from risks connected with GDPR. These rules will not kill the common emailing approach we know. On the contrary, they are aimed at improving the marketing activity of the companies and encourage them to work with respect. But even if you have decent legitimate interests, you still should make database searches and other emailing activity within GDPR rules.

Here are some tips for you considering this matter:

The first and the most significant aspect is that you should get the consent for existing customers as well. Even if they have already considered as your clients for a long time before, you still need their confirmation of the new policy. If you already set particular relationships with your clients, this procedure will be considered as a minor formality. Sure, there are fewer risks that long-term clients out of nowhere decide to claim you as a violator of new GDPR rules. But it is better to make some precautions and protect you and your customers.

Then, searching for new contacts for your database you need to do previous research. You need to make sure you are about to email to the person with relevant needs and interests. In another case, you will have troubles with having “legitimate interest”. If you collect your contacts by buying them form providers, you need to select sellers that allow you to select the particular groups of contacts. This approach will help you to use only relevant contacts and avoid complaints because of sending your content to the wrong people.

And the last thing, you need to provide a high level of security for your database. Your lists of emails are considered to be private data according to GDPR.

You need to study GDPR document in order to be aware of your responsibilities considering emailing and usage of the clients’ data. Even if your company is not located within EU territories, you need to comply with these rules if you want to conduct business with customers from European countries. So even if you are working from the USA, but your market covers Germany, France etc., you need to check all your business process (both B2C and B2B) and adjust them to GDPR statements. Otherwise, you will experience the same sanctions and fines as the companies situated in the EU territories.








Disclaimer: This is not a legal recommendation so this article does not have any liability. This doc is aimed at showing you some guidelines and insight into the GDPR and how it can affect your interaction with clients and how you can find new business connections within these rules. In order to get a decent consultation on this matter, contact with special lawyers to get decent feedback about this situation.