GDPR and Legitimate Interest
GDPR (General Data Protection Regulations) allows six lawful bases for processing personal data. Consent is one, but Legitimate Interests is another, and is more appropriate for B2B sales and marketing to potential clients.
Guidance from the Information Commissioner says that Legitimate Interests may be the most appropriate basis when:
“… the processing is not required by law but is of a clear benefit to you or others; there’s a limited privacy impact on the individual; the individual should reasonably expect you to use their data in that way; and you cannot, or do not want to, give the individual full upfront control (i.e. consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.”
It is worth noting that direct marketing is described in the GDPR as an activity that may indicate a legitimate interest.
However, the direct marketing must be legal; as it is legal for businesses to market to each other via contact with employees through post, email, SMS, and telephone calls (provided the number is not registered with the CTPS).
As part of our marketing policy, our Legitimate Interests Assessment is below:
Inovra Group has a legitimate interest to process personal data relating to decision makers and budget holders in micro to large organisations in the UK. The data is gathered from publicly available sources and directly from the companies concerned.
The data collected is limited to names of senior managers and directors, their job titles, company addresses, company landline telephone numbers and corporate email addresses. If a person leaves their role, their name and contact details are deleted from the database.