A B2B technology marketer's introduction to GDPR and data privacy legislation across the EU, exploring what you need to know to know to run email marketing campaigns successfully and compliantly .

1. GDPR and Data Privacy in the EU - A
Guide for US B2B Technology
Marketers
Samantha Magee
Kevin Savage

2. Key Points
• Direct Marketing is possible with
the GDPR
• Opt-ins and Consent or
Notifications and Legitimate
Interest
• Other EU legislation
• Tips for B2B compliance from a
DPO perspective

3. $450bn

4. Legal Bases
Consent
Contract
Legal Obligation
Vital Interest
Public Task
Legitimate Interest

6. Myth 1 – The end of Direct Marketing
Recital 47:
The legitimate interests of a controller, or of a third party, may provide
a legal basis for processing, provided that the interests or the
fundamental rights and freedoms of the data subject are not
overriding, taking into consideration the reasonable expectations of
data subjects based on their relationship with the controller. (…)
The processing of personal data for direct marketing purposes may be
regarded as carried out for a legitimate interest.

7. Myth 2: Massive fines

8. Myth 2: Massive fines
“I have no intention of changing
our proportionate and pragmatic
approach.
Hefty fines will be reserved for
those organisations that
persistently, deliberately or
negligently flout the law.”
Liz Denham, Information Commissioner

9. How does this affect B2B Marketing?
Suspects
Prospects
Clients

11. UK – Privacy & Electronic Communications
Regulations 2003
• GDPR is about the PROCESSING not the PROCESS
• Email, as one form of direct marketing, is a PROCESS
• PECR gives us the OPT-IN / OPT-OUT rules
• OPT-IN is required for INDIVIDUALS, SOLE TRADERS and some
PARTNERSHIPS
• OPT-OUT is open to CORPORATE BODIES and PERSONAL CORPORATE
EMAIL users

12. GDPR and Data Privacy in the UK – PECR
Source – GDPR for marketers: Consent
and Legitimate Interests – page 21
Direct Marketing Association

13. Data Privacy around the EU
Country Legislation
Belgium The Code of Economic Law, and the Royal Decree of 4 April 2003 (advertising by email)
France Article L. 34-5 of the Code of Post and Telecommunication and Article L.121-20-5 of the
Consumption Code
Germany The German Act Against Unfair Practices 2004 (UWG) and the revised German
Telecommunications Act
Ireland The European Communities (Electronic Communications Networks and Services)
Regulations 2011 (the “2011 Regulations”)
Italy Protection of Personal Data Consolidation Act (Data Protection Code - Legislative Decree
No. 196 of 30 June 2003) & Legislative Decree nr. 69/2012
Netherlands Telecommunicatiewet
Spain Law 34/2002 on information society services and electronic commerce (LSSI)
UK The Privacy and Electronic Communications (EC Directive) Regulations 2003

14. Opted
out?
Y
E
S
DO NOT EMAIL
NO
In Finland, France,
Ireland, Portugal,
Sweden, UK?
NO
Opted
in?
EMAIL
Y
E
S
N
O
Y
E
S
STARTHERE

16. How does this apply to Rhetorik?
NetFinder Technology Database
Personal Data (Business Card Information)
Firmographics, Technographics, Purchasing Indicators

17. How does this apply to Rhetorik?
• Data minimization
• Impact
• Notification
• Transparency
• Reasonable Expectations

18. What does this mean for B2B Technology
Marketers?
• Suspects – legitimate interest, reasonable
expectation, transparency
• Prospects – reasonable expectation;
consent
• Clients – contract, legitimate interest,
reasonable expectation, data
minimization, transparency

19. Questions to ask of your Data Provider
• What personal data do they control?
• Is it collected lawfully?
• What is the legal basis being used for it?
• Is it up to date?
• How can I use it lawfully?

20. How does this apply to Rhetorik clients?
• Your legal basis - Legitimate
interest or consent?
• Legitimate Interest Assessment
• Transparency – notification, right
to object
• Suppression lists – maintaining
compliance
• Opt-ins – when does our data
become your data?

21. Thank You
info@rhetorik.com
+44 (0)118 989 8580