Compliant email marketing; as an email marketer, you’re already aware of the importance of crafting the perfect subject line and choosing an enticing image to accompany your campaign. But even with these fundamentals in place, if you’re not following certain email laws, you could be risking legal action and losing customers at the same time. So before you send another B2B email, read this article on PECR and GDPR compliance for B2B emails and learn how to run effective email campaigns that don’t compromise your company’s values or put your email marketing strategy at risk.
We have left the EU, does GDPR still apply and how?
The UK’s Information Commissioner’s Office (ICO) adopted the European General Data Protection Regulation (GDPR) on May 25, 2018. Despite having left the EU, GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review. On 28 June 2021, the EU approved adequacy decisions for the EU GDPR and the Law Enforcement Directive (LED). This means data can continue to flow as it did before, in the majority of circumstances. Both decisions are expected to last until 27 June 2025.
The ‘UK GDPR’ sits alongside an amended version of the DPA 2018. The ICO is responsible for enforcing data protection legislation in England, Wales, Scotland and Northern Ireland; individual member countries may have their own legislation that supplements or replaces certain aspects of GDPR. The legislation applies to all companies processing personal information.
UK GDPR is not just about protecting UK residents. It also extends to businesses outside of the UK that offer goods or services to customers in the UK, or monitor their behaviour there. The rules apply whether a company is a bricks-and-mortar business or a digital one, and they apply regardless of whether personal data is stored on paper, in an email inbox or on a cloud service. The penalties can be significant – up to 4% of global revenue or €20 Million (whichever is greater). In addition, as these laws apply only within EU member states, companies that want to conduct international operations need to consider how those activities affect other countries where they operate as well.
Compliant email marketing – what is PECR?
The B2B Email Marketing Industry Guidelines, or PECR, are a set of best practices that govern how marketers can use their email lists for complaint email marketing. These rules ensure that everyone—both marketers and consumers—have clear expectations about what’s happening with their emails. The biggest change is around opt-in language. If you don’t comply with these rules, your emails may be labelled spam. Which means you could get blacklisted. And no one wants that!
There are very few global laws when it comes to email marketing so it’s essential for all businesses in every country to adhere to local regulations while running successful campaigns – whether they’re based in Europe or elsewhere. A survey conducted by Mailjet found that 61% of small businesses were worried about getting slapped with a penalty fee if they breach sending laws like Permission (PECR) and General Data Protection Regulation (GDPR). So knowing how GDPR impacts email campaigns will help you stay compliant.
The UK has its own rules around B2B marketing that businesses must adhere to. The law is called ‘Privacy and Electronic Communications Regulations’ or PECR. You view the relevant legislation here. While these aren’t as strict as GDPR, marketers need to take note because penalties can reach up to £500,000 if you’re found guilty of breaking them.
Running Compliant Email Marketing campaigns
When it comes to running effective B2B emails, you want all your bases covered. After all, there’s no point in investing time and money into an email campaign if it ends up costing you more later on. It’s imperative that you familiarize yourself with—and, ideally, comply with—the new rules governing electronic communications between businesses (GDPR). We break down what GDPR is, how it impacts B2B emails sent within or across borders, plus its implications on data privacy.
As part of the changes for compliant email marketing, companies will no longer be able to send B2B emails until they have provided clear information on how their data is being used. This means you’ll need to include details about your usage policy in any emails you send. For example, you may include a statement in your email such as; “You are receiving this email because you are a customer of Outside The Square or a member of staff or have expressed an interest in reviewing information from Outside The Square through an opt-in form.”
Businesses will also need to gain consent from their customers before using their data in any way. You’ll need to ask permission before you contact them again—even if you haven’t used any of their data, as part of your compliance with GDPR. It is good practice to explain why you want their data and how you intend to use it at the point at which anyone signs up to a mailing list.
You’ll also need to get your customers’ consent before storing any data you collect from them. This means that, no matter how well you know your customers, you can’t use their personal information unless they give you permission first.
For compliant email marketing, it is important to distinguish between personal information and business information. GDPR is all about protecting personally identifiable information. You may send to any business within the GDPR guidelines; the law states.
You can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body). However, it is good practice – and good business sense – to keep a ‘do not email or text’ list of any businesses that object or opt out, and screen any new marketing lists against that.
The lines get blurred when you are emailing smaller businesses as they may need to be considered are individuals;
Sole traders and some partnerships are treated as individuals – so you can only email or text them if they have specifically consented, or if they bought a similar product from you in the past and didn’t opt out from marketing messages when you gave them that chance.
The relevant law, including PECR, with regards to compliant email marketing for B2B communications, is here.
Finally, you’ll need to inform customers of any data breaches you have suffered. If their personal information has been exposed as a result of a breach, your company will be required to tell them within 72 hours of learning about it. Failure to do so can result in fines.
To find out how we can help you with compliant email marketing, contact us here.