On the face of it, GDPR has been designed to be so protective of the individual that it appears to be anti-business, especially when it comes to dealing directly with the consumer, but if you look more closely, it is actually not as business-unfriendly when it comes to B2B.
Whilst B2C companies are having to find new ways of reaching customers, in terms of corporate subscribers, B2B businesses are still able to market their goods and services to each other, as long as they go about it in an ethical way.
According to the ICO, “A ‘subscriber’ is someone who pays for the use of a telephone line, internet connection or other public electronic communications service. A corporate subscriber is, therefore, any corporate body (an entity with a separate legal status) with its own phone number or internet connection.”
According to the Data Protection Network, “PECR distinguishes between individual subscribers and corporate subscribers. For the latter, the rules on Consent for emails/texts and the ‘soft opt-in’ exemption do NOT apply.”
This means that businesses can currently legitimately contact and even cold-call other businesses that have not registered on CTPS. However, an idea is being mooted for the future that cold calls must be made from a specific telephone prefix, meaning the receiver will be able to instantly see that they are being cold-called.
We, therefore, need to be very careful to create a good balance between privacy and business needs. Doing business with each other drives our economy, but if too many obstacles are put in our way, selling will become much more difficult, which could result in an adverse effect on profit margins with longer-term implications for the whole economy.
If anything good does come out of Brexit, it will be that in the UK we will have a chance to tweak the rules in order to benefit British business. Under the Data Protection Act (1998), the rules were so vague, businesses didn’t need to do much in order to be compliant.
In the meantime, and given that the UK’s new Data Protection Act (2018) will not come into effect until after Britain leaves the EU, we must deal the evolution of GDPR and the various interpretations of what it will mean for British business.