QUESTION ASKED TO THE CNIL *:
Does the GDPR change the rules on
B2B prospecting?
REPLY OF THE CNIL:
NO,
the GDPR does not change the rules applicable to B2B emails.
The rules for electronic prospecting depend on the e-Privacy directive, transposed into French law by article L.34-5 of the Post and Electronic Communications Code.
Rules to be applied in terms of B2B electronic communication:
- Inform about the nature of the information held ("non-sensitive" personal data of a professional nature), the content, the subject and the frequency of the sending of emails.
- Make sure you have the information you need to target your emails in order to be compliance with the notion of "legitimate interest"
- Inform the right of access, consultation, modification and deletion of data upon simple request addressed to the DPO
- Include a clearly visible opt-out link allowing you to unsubscribe.
As part of the GDPR, B2B relationship compliance is based on transparency and accountability.
While the 1995 directive was based on the concept of prior formalities(declaration, authorizations),
the GDPR is based on a logic of compliance, of which the actors are responsible.
The consequence of this empowerment of actors is the removal of reporting obligations as soon as the treatments do not constitute a risk to privacy.
Examples of "sensitive" personal data that may represent a risk for privacy or liberty:
All data revealing racial or ethnic origin, political, philosophical or religious opinions, trade union membership, financial data, but also those relating to health or sexual orientation, genetic, biometric and other personal staffs physical ones.
* French - National Commission for Information Technology and Freedoms