GDPR: B2B vs B2C – can you still email your database?

  • On 25 May 2018, the General Data Protection Regulation (GDPR) will come into force, and if you’re not compliant, your entire email database could be under threat from extinction… or is it?

    There’s some confusion as to what the rules are with regards to email marketing and the level of consent you need to email the people in your database. In this blog post, I’m going to look at the consent you will need to obtain in order to continue to email your database, from both a B2B and B2C perspective.

    Before we dive into the differences, let’s set the scene.

    You run an ad promoting your latest guide or piece of content. In order for people to access your guide, you require them to complete a form asking them for their email address.

    The form asks for the following information:

    B2B scenario

    An individual from a company visits your website from your advert, fills in the form with their work email address and downloads your guide.

    What can I do with this data?

    You can email the guide to the recipient and you can send further marketing emails, without the need for consent. This goes against the very foundation of GDPR, which says you must get explicit consent to continue to email individuals beyond the purpose of the original data capture i.e. the guide download.

    This was down to a U-turn from the European Commission earlier this year who decided to relax the rules around business data, in effect making it no different from the data protection rules that already exist today. However, you must continue to give recipients the ability to opt-out of future emails and include a privacy notice to tell individuals how their data will be processed (a link to your GDPR compliant privacy policy will go down well here!).

    B2C scenario

    An individual visits your website from your advert, fills in the form using their personal email address and downloads your guide.

    What can I do with this data?

    You can email them the guide, but that’s it. Done. Furthermore, you can’t keep their details on your database because their data is no longer relevant. You’ve fulfilled the “transaction” by sending them the guide, which means you no longer have the right to retain their details.

    That can’t be it – how am I supposed to grow my business?

    To add them to your database and continue to market to them, we need to backtrack a bit. The form we’ve created needs to be edited for B2C contacts. As GDPR requires the specific opt-in of your contacts before you can email them in future, you need to obtain consent at the point of the form completion - you can’t do this afterward.

    You need to add the following to your form:

    1.       A description of what they are signing up for, with a tick box to opt-in. Note: this tick box must not be pre-ticked.

    A double opt-in would be a wise addition here, such as an email asking them to confirm their subscription, but it’s not a requirement. You will just need to prove that they opted-in. A double opt-in email is a “better safe than sorry” approach.

    What do I need to do with my current database?

    Easy. Get it GDPR compliant. If your B2C database isn’t GDPR complaint, as soon as the clock strikes midnight on the 25 May 2018, your email database is finished.

    If you currently have a subscription form with a pre-ticked box, then you’ll need to get all your B2C data to opt back into your emails before 25 May! If you haven’t done so, start emailing your database now to get them to opt-in. One thing we recommend is adding a GDPR message into your current emails, such as newsletters and product offerings, with a link to a form asking them to opt back in. You should highlight the challenges they’ll encounter if they don’t opt-in – such as not being able to read the great content you’re currently sending them!

    If you use a marketing automation system, such as SharpSpring, you can create dynamic content which means that as soon as one of your leads opts back in, they stop seeing the GDPR message, while everyone who hasn’t opted back in keeps seeing it.

    How do I identify a B2B contact from a B2C contact?

    This can be difficult. But there are a few things you could do:

    • If your business is B2B only, you could exclude B2C contacts from receiving future marketing emails. One way to do this is by segmenting your lists and excluding personal email addresses, such as ‘’, from your marketing emails.
    • Add a required field to your form that asks for their company name. If they submit a company name along with a company email address, then you know it’s a company you’re dealing with.
    • An issue with the above examples is that sole traders and some partnerships fall under the same regulation as B2C contacts, not B2B. One way to try and get around this obstacle is to ask people how many employees work at the company. From this information, you should be able to ascertain as to what type of business they are.

    But the problem with all of the above is that they can be prone to error. One sure-fire way of staying GDPR compliant is to treat your B2B and B2C contacts the same.

    If you need help making your email database GDPR compliant, get in touch to see how The Marketing Eye can help. 

    Further reading

    GDPR: Can you email an individual at a business?

    How to use ‘legitimate interest’ instead of consent for marketing under GDPR

    Related reading

Take the first step

To find out more about how we can help you grow faster, please get in touch. We'd like to hear from you.  Or try our instant marketing healthcheck, it's free!

Request a call