Crowd Research Partners recently conducted a survey which revealed that a staggering 60% of companies aren’t likely to meet the May 25th EU General Data Protection Regulation (GDPR) deadline, so in light of this Propero are conducting a GDPR marketing month, which will focus on how your firm’s marketing will change.

Recent incidents such as Facebook misusing their users’ private data and JD Wetherspoon deleting their entire customer database has caused personal data privacy to become a hot topic. The new regulation protects EU individuals’ right to data privacy, effectively replacing the 1998 Data Protection Act currently in place.

What’s coming up in Propero’s GDPR marketing month?

With only 33% of companies stating they’ll be fully compliant by the 25th of May and the GDPR deadline under one month away, our upcoming content will:

  • Focus on the contrasting issues of customer personalisation vs protection
  • Give an insight into what other professional services firms are doing about GDPR marketing
  • Deliver reasons why GDPR will be positive for your firm
  • Provide information on the top 10 GDPR resources you can use
  • Supply advice on how to make your opt-in more engaging
  • Present tips on how to clean your database

We’ll also be answering questions YOU have about GDPR marketing in our Q&A, open all month.

To kick it all off, we’ll quickly recap how the new GDPR legislation will affect marketing your professional services firm:


Looking for a more in-depth description of the impact of GDPR marketing? Learn more from our blog on: The impact of GDPR on B2B marketing in the UK and worldwide


What is GDPR?

Essentially, GDPR focuses on standardising the control of personal data and provides regulations for companies that deal with any data handling. It’s designed to strengthen an individuals’ privacy rights, create transparency, and improve control over their personal data.

Although the new legislation lays out six legal grounds for processing data, there are two that will be more commonly leveraged in B2B marketing: informed consent and legitimate interest.

Here’s a short summary of each:

1) Informed consent

Consent must be explicit and affirmative within GDPR marketing, therefore it’s important to note that ‘implied consent’ or ‘soft opt-ins’ will no longer be advised. Firms must be able to prove that an individual elected to opt-in to communications.

For example, pre-GDPR, websites were able to have pre-checked ‘opt-in’ boxes. A prospective client would have to manually un-check the box to NOT receive marketing materials. Under GDPR this is no longer a legal practice.

As well as this, firms need to be completely transparent about what will happen to an individual’s data once it’s been collected. If the individual isn’t happy with how their data’s being used, their information must be removed immediately.

Tip: If you’re leveraging consent, to be able to prove a client has opted-in willingly, a ‘double opt-in’ method is suggested. This is a process whereby the individual is sent a ‘click to confirm your email address’ email. This is considered best practise as it evidences compliance.

2) Legitimate Interest

An alternative option—one very popular with B2B businesses—is legitimate interest.

But what does legitimate interest mean?

The ICO describes legitimate interest as: “The purpose of storing or using an individual’s personal data… to be of legitimate interest to the individual”.

In laymen’s terms this means you’ve identified that a prospective client will have, or does have, a genuine interest in your product or service. To determine prospective clients with legitimate interest, you should:

  • Identify a legitimate interest
  • Show that the processing of personal data is necessary to achieve that interest (if you can achieve the same result in another, less intrusive way then legitimate interest won’t apply)
  • Weigh up the storing of an individual’s data against their interests (if they wouldn’t reasonably expect it, or if it would cause unjustified harm, their interests are likely to override yours)

The only time the legitimate interest of your firm outweighs the legitimate interest of the individual is if not using it has a negative effect on your firm. For example, if you were owed money from an individual, it’s within your legitimate interest to share the individual’s personal data with a third party (like a debt collector) to receive payment owed to you.

For more in-depth information on what can be considered legitimate interest, see the Information Commissioner’s Office (ICO’s) page on ‘Guide to Legitimate Interests’.

Note: Legitimate interest will be harder to prove legally than consent, so should be a carefully considered decision. Keep a record of your legitimate interests assessment (the three bullet points above) to help demonstrate compliance if required.

Other points to be aware of:

GDPR is somewhat of a buzzword at the moment, however there is another legislation that firms should be aware of—a group of regulations that could potentially have even more of an impact after GDPR is implemented.

The Privacy and Electronic Communications Regulations (PECR)

These regulations have been around for some time, however they’re currently being reviewed in wake of the GDPR. The PECR specifically regulate electronic communication, which covers most modern marketing methods.

You should be aware of the PECR if either of the below applies to you:

  • You market by phone, email, text or fax
  • Your website drops cookies or similar tracking code

Click here to find out more about PECR

What are the penalties?

The penalties for not adhering to the GDPR are significant. You could be fined up to €20m or 4% of your firm’s turnover—whichever is highest.

Non-compliance with the PECR will result in fines of up to £500,000, however, this could be subject to change with the current ongoing review.

Note: Even though the GDPR is EU legislation, the British government has stated it will be enforcing the legislation after Brexit.

Stay in the loop…

Throughout May, we’re focusing on getting our clients GDPR-compliant. If you want to receive content such as ICO interviews, tips on database cleansing, key resources, opt in form optimisation etc, sign up.

Have a specific question on the way you’re marketing your firm? Leave a comment in the box below or fill out our Q&A form—we’ll post all the questions (anonymously) and our answers in a blog next month.

Share This