Now that we are all getting used to GDPR, you have probably seen mailing lists advertised with the reassuring words "GDPR Compliant Data". But what does it mean for b2b mailing list data to be GDPR compliant?
So now you know what to expect of a reputable mailing list supplier. My next blog covers the steps that you, the user of bought-in b2b email lists, must take when running a GDPR compliant email marketing campaign.
- The mailing list has to be current and up-to-date. The new General Data Protection Regulation does not define 'current'. Electric Marketing is taking the view that our mailing lists, verified twice a year, qualify as being current. We have made a judgement that mailing list data can be used for one year after purchase to keep you within the 'current and up-to-date' guideline.
- If the mailing list contains personal information, and names and company email addresses which contain a person's name do count as personal information, every person on the list must be informed that they are on the mailing list and be informed of the extent of the information held by the data owner. This is not the same as consent, but a mailing list owner should contact the data subject and give them the opportunity to opt out. Unlike consumer marketing where consent is required, business-to-business marketing remains an opt-out regime.
- Data must have been collected lawfully ie data must not be stolen and must have been collected for the purpose it is being used for eg data subjects should not be told that their email address will be used for research purposes only to be sent sales and marketing emails.
- It may seem obvious but the mailing list company itself must comply with the GDPR and must be registered with the ICO (every registered company has an ID issued by the ICO). GDPR compliance for marketing data companies insists that data must be stored in a secure environment. Staff must be trained in the obligations GDPR places upon the company. The mailing list company must have a Data Protection Policy (internal company document), a Privacy Policy and a Legitimate Interests Assessment in place. If you cannot see the privacy policy and the Legitimate Interests Statement on the mailing list company's website, you can ask to see them.
So now you know what to expect of a reputable mailing list supplier. My next blog covers the steps that you, the user of bought-in b2b email lists, must take when running a GDPR compliant email marketing campaign.