3 Weeks Post GDPR

Post GDPR B2B Data

GDPR is not here to stop you from Marketing

Well, the World didn’t end did it!

3 Weeks after the biggest shake up in the Governance of Data within the UK and things are pretty much business as usual, post GDPR, lawyers are probably still working on the backlog of privacy policy’s and strangely my Gmail account is way way down in on the number of Marketing emails I get per day. Why is that strange? surely GDPR was bought in to do that very thing? Well Yes… and No, but what it does prove is that a lot of the big companies may have approached GDPR very cautiously!

I’m not a DPO, but I have been part of the GDPR since it was announced, and have watched the definition of what it is, change from a very dark shade to a slightly lighter shade of grey, there are still parts we don’t know or haven’t got a clear definition on as yet. We sat on webinars and listened to ‘experts’ talk about the possibility of no more email campaigns without consent and double opt in being a necessity (very senior people in prominent organisations) thinking that wasn’t in line with our interpretation! So we decided to take the approach on GDPR to avoid speculation, so we sat back and waited for further news from the ICO , as there is nothing worse than a social media or blog post that comes back to bite you down the line.

So the DMA and the ICO have disseminated some great information and it became clearer that in our most prominent business area (B2B) we were less affected by GDPR and businesses could go down one of two routes – Consent or Legitimate Interest.


Anyone reading this blog who is a regular online shopper, must have got tired of the deluge of emails that started on the 23rd going through to the 25th ‘re-subscribe yourself!’ ‘We can’t Market to you anymore’ ‘Please don’t go’ which I’m sure like many others deleted, but the whole time thinking to myself – why are they doing this?

Under GDPR – It is not necessary to refresh or re-permission existing DPA consents for the GDPR, as long as such consents meet the GDPR standard, and that they are adequately documented.

So this is where your inbox stuffing emails last month asking you to re-opt back in got it wrong, they didn’t need us to re-opt back in, if they had a valid consent under the DPA rules. The other option they have to market to previous customers under Legitimate Interests, which we will move onto next. The companies that did it best, prior to GDPR, where those that asked you to read their updated privacy policy, where they will have stated the legal process they are using to process your data.

What is Legitimate Interest?

Legitimate interest seems to be the area that people are most confused about under GDPR – we see evidence of this everyday with the replies we get to our email campaigns !

The DMA example for Legitimate Interest is a great example of how we should consider whether the principle is valid or not – every year you buy the new blockbuster on PlayStation for you son or daughter (or yourself!) and you buy it online, is it reasonable that said company sends you an email the next year when the new game in the series is released? In reality the principle of Legitimate interest is more nuanced, but this is a great example, for more reading about the LI  balancing test I would check the ICO article here.

You can read our Privacy policy on the front page or in the purple banner at the top of this page if you have come here from Social Media, which states that we market to people under ‘Legitimate Interest’ this is the stance we have chosen to take, and we do not gather any consent at this point in time.

As fully expected, we have noticed a big increase in the number of complaints, email replies, social media posts etc. where people are accusing us of not being ‘GDPR compliant’ as we are sending them an email to market our goods and services. This asks the question of where are people getting their GDPR information from? What did they do with their data? and How are they Marketing after GDPR? Ironically the questions we asked in our recent email campaign 🙂

Post GDPR summary;

  • GDPR is only applicable to Personal Data – emails that do not identify a person (info@ sales@ etc.) are not covered by GDPR
  • Consent is not necessarily needed
  • Most B2B activity will be processed under legitimate Interest
  • Legitimate Interest is not a reason to spam, but it allows us to market to people when you conduct the balancing test
  • If you feel this is incorrect, you can Unsubscribe or pursue a SAR (Subject Access Request) at any time

If you haven’t already, please read our blogs on GDPR compliance and Data Assumptions & Best practice.

If you wish to discuss anything post GDPR, you can email me on alan@kojumedia.com or call us on 01628 901081

Leave a Reply

Your email address will not be published. Required fields are marked *