Login
Contact Us

⭐ UPCOMING LIVE WEBINAR on 22nd October - Privacy Without Borders: Smart Moves for Today’s Privacy Leaders - Save your spot ⭐

GDPR in B2B Marketing

GDPR in B2B Marketing

There are two separate EU level regulations to follow when processing personal data for direct marketing in B2B and B2C activities.

  • Privacy and Electronic Communication Directive 2002/58
  • General Data Protection Regulation (GDPR) and local adaptation of the law

Companies must comply with both. Previously topics “How regulations affect direct marketing and profiling” and “Direct marketing rules and exceptions” were applicable more to B2C businesses. This time focus is on GDPR in B2B Marketing.

GDPR in B2B Marketing. Guidelines for sending promotional emails to B2B contacts

Companies (legal entities) are considered as corporate subscribers”. Therefore, unlike B2C, B2B direct marketing messages to corporate email addresses are allowed to be sent without prior consent. However, the sender is required to identify itself and provide contact details.  The GDPR must be followed whenever personal data is being processed. The same rules, with some exceptions, apply regardless whether the person is contacted as an individual or an individual acting in a professional capacity. For example, business contact, that contains an individual’s name on a file or their email address (first name.last name@company.com), is considered as a physical person’s and not corporate subscriber’s information.

Here are some rules for businesses to approach B2B contacts for direct marketing purposes:

  • Sole traders are treated as individuals. Meaning, email can be sent only if they have consented specifically or alternatively. For example, they bought a similar product previously, but never opted out from marketing messages.
  • It is required that person, contacted for direct marketing purposes, would represent the business is related to the topic area. e., data protection related topics should reach dpo@company.com and sales – sales@company.com.
  • It is generally considered as a good practice to discontinue any marketing messages if the receiver requests to do so. A list of unsubscribed or opted-out leads should be kept.
  • If the company email address contains an individual’s name, the GDPR applies and the person can opt-out from direct marketing emails.
  • Opt-out or “unsubscribe” option should be provided in all promotional material.

GDPR in B2B Marketing. National approaches

Rules on direct marketing on the EU level are regulated by the GDPR and PECR. However, companies should consider that national rules may differ as the member states may apply stricter rules. Therefore, before sending marketing messages via email, it’s crucial to know the differences between opt-out, single opt-in and double opt-in options. As well as to know which EU country applies which option.

General Data Protection Regulation rules in B2B Marketing
Local GDPR rules in B2B Marketing

Opt-Out

The easily identifiable and accessible option. The receiver of an email is given an option can unsubscribe from a list easily. If the receiver hasn’t opted out and you are doing business in an opt-out country, you can continue to communicate with them. Such examples – Estonia, Finland, Latvia, Sweden etc. Businesses are allowed to contact corporate subscribers. However, if the email address contains a person’s name, they have a right to opt-out. The receiver needs to work in the relevant department in regard to the topic of the message.

Single Opt-In

It requires a positive action for a receiver to be subscribed to a B2B marketing email lists if similar goods/services were not required to be promoted/sold before.  Such examples – Lithuania, Poland, Romania, etc. In Lithuania Direct Marketing over email is regulated by the Electronic Communications Act.  if the target of direct marketing is a company, the consent must be gained from the head of that company or authorized person. Meaning, that the newsletter cannot be sent to B2B lead without a consent. General email addresses  info/marketing/dpo@company.com are being dealt with in the same manner as the ones with a person’s name in it.

Double opt-in

The strictest requirements for B2B communications. 1st step – the form of filling out a subscription form of some sort and 2nd step – clicking a link in a confirmation email to enable their subscription. In double opt-in regimes, you cannot start email marketing to a prospect until he or she has completed both opt-in steps. Such examples – Germany and Switzerland.

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Request a demo

Save time and be confident

Latest Posts
What is a Data Processing Agreement (DPA) Playbook

What is a Data Processing Agreement (DPA) Playbook

Data Protection Agreement What is a Data Processing Agreement (DPA)? A DPA is a contract between a controller and a...
Privacy Certifications 7 Tips: Boost Your Career as a DPO

Privacy Certifications 7 Tips: Boost Your Career as a DPO

Privacy certification is one of the most effective ways for professionals and DPOs to strengthen their skills, build credibility, and...
Is pseudonymised data personal data? Unpacking the Legal and Ethical implications

Is pseudonymised data personal data? Unpacking the Legal and Ethical implications

Is Pseudonymised Data Personal Data? Understanding the fine line between pseudonymised data and personal data is more crucial than ever....
7 Key Changes in EU Children’s Data Protection Rules You Need to Know by 2025

7 Key Changes in EU Children’s Data Protection Rules You Need to Know by 2025

The European Union is taking a bold step to protect minors online. From 2025, EU children’s data protection rules will...
Top 5 Myths About the EU AI Act (And What to Do Instead)

Top 5 Myths About the EU AI Act (And What to Do Instead)

Top 5 Myths About the EU AI Act — Expert Advice from GDPR Register’s CEO EU AI Act – Top...
GDPR Fines Hit €3 Billion in 2025: What DPOs Must Learn

GDPR Fines Hit €3 Billion in 2025: What DPOs Must Learn

GDPR fines hit €3 billion in 2025. Learn what went wrong at Meta, Amazon & TikTok—and what every DPO must...
Why Every Organisation Needs a Solid GDPR Foundation: Lessons from the SportAdmin Breach

Why Every Organisation Needs a Solid GDPR Foundation: Lessons from the SportAdmin Breach

Lesson 1: Privacy Isn’t Optional — It’s a Safety IssueIn the SportAdmin breach, attackers gained access to a database containing...
Is DPO the new AI officer?

Is DPO the new AI officer?

Key Takeaways on AI Compliance and the Role of Privacy Professionals The GDPR Register webinar brought together privacy professionals and...
What Is a DPO? Understanding the Role and Its Importance in GDPR Compliance

What Is a DPO? Understanding the Role and Its Importance in GDPR Compliance

The General Data Protection Regulation (GDPR) establishes the requirement for certain organizations to appoint a Data Protection Officer (DPO). The...
ESG and Data Protection: How GDPR Compliance Drives Sustainable Business Practices

ESG and Data Protection: How GDPR Compliance Drives Sustainable Business Practices

Environmental, Social, and Governance (ESG) compliance has evolved into a critical factor in corporate sustainability. Investors, regulators, and customers now...
GDPR Register
Facebook-f Linkedin-in Twitter Youtube

Company

About
Privacy
Cookies
Security

SERVICES

GDPR Register
Terms and Conditions
Find a DPO
Legal Notice

Resources

Book a Demo
BLOG
News
FAQ

Newsletter

Your e-mail address is only used to send you our newsletter and information about the activities of GDPR Register. You can always use the unsubscribe link included in the mail.

Contact Us