If, like me, you’re old enough to remember the Year 2k Bug you’re probably also going through a lot of deja vu at the moment – the fuss around GDPR seems very familiar to the over excitement that was caused by the Y2K bug (remember the worry that planes would start falling out of the sky on January 1st 2000 and that every computerised system in the world would crash?). No, it didn’t happen and the world continued to spin as it did the day before.
GDPR has a lot of similarities to the Y2K bug – the threat of dire consequences, a technically challenging subject that most people don’t understand and a complete over-reaction from businesses worried that they’ll be effected as soon as a date is passed.
I’m not going to insult your intelligence by explaining what GDPR is – you can google it to your hearts content and find that you yourself. What I want to talk about here is the phenomenon of the resubscribe email that we’re all getting each and every day at the moment. You know the one : it says something like “re-approve your subscription to our newsletter in order to keep hearing from us”.
Let’s forget about GDPR for a moment.
The CURRENT Data Protection Act (1998) – you can read it here if you wish – already protects your data from being used without your permission.
So if your email address has been added to a newsletter subscription you have the right to have it removed and also the sender is in breach of the law and shouldn’t be sending you anything in the first place if they didn’t have your permission to do that.
That is unless your email address is a business address – in which case that email address can be treated differently and marketers can add a business email address to a marketing list as long as they give recipients a way to opt out.
The “Please opt back in” email
Now we know what the current law says we can apply it to our existing data bases of email lists. If there are any personal/private email addresses on your list that you don’t have explicit permission to email (so they’re not existing customers of yours or haven’t explicitly opted in) then you should not be sending them an email under the current law never mind GDPR.
From May 25th
For B2C emails – that is, any emails that are clearly being sent to consumers and not businesses the new rules are clear – you can not add anyone to a marketing mailing list without their explicit permission. And buying lists of email addresses is not acceptable and also neither is passing your database of contacts to third-parties.
However, for B2B emails – that is prospecting emails being sent to businesses – there is a bit of confusion and the wording of the law is unhelpfully ambiguous.
Email addresses of sole traders and partnerships are treated by GDPR as private/personal so the rules of B2C apply here and you can’t email them. Email addresses of LTD and PLC companies though are different and you can add these BUT some experts are cautioning that if the email address identifies an individual (e.g. firstname.lastname@example.org) then this is a personal email address and should be treated as such.
So, I guess the safest path when marketing to businesses is stick to the bland email address – i.e. info@, accounts@, mail@ type of addresses and try to avoid any that would end up in the inbox of a sole trader.