Personal Data in the Business to Consumer (B2C) world is fairly straightforward – everything is Personal Data, because it refers to a person, i.e. a consumer.
However, there is a common misconception that Business to Business (B2B) data is purely business and therefore does not include any Personal Data. It’s a simple mistake to make – “Business to Business” doesn’t sound like it has anything to do with “Personal” – but if you labour under this misapprehension, beware!
Even the Experts Get it Wrong
It’s amazing how many times I hear people within my industry claiming that rules regarding Personal Data don’t apply to them because their company is purely in B2B. “Yes, we’re aware of the new EU Regulation changes, but they don’t affect us because we’re B2B”.
Now, notwithstanding the fact that the EU Regulation changes, when they come in, will affect every business in the UK that stores its customers’ details, the above belief is absolutely and unreservedly 100% incorrect. Here’s why…
The Distinction between Personal Data and Non-Personal Data
Some people seem to struggle with the differentiation and it’s understandable. You might think that because an email address is someone’s work email and not their own email used for personal things that it isn’t deemed Personal Data, but you’d be wrong.
I’ve found that there’s a simple way to distinguish which is which. It’s all about the targeted recipient…
If the information is generic, i.e. applies to the company and not a specific individual, then it’s not Personal Data. A main switchboard telephone number, for example, is not Personal Data, because it is not specific to a named person. Post addressed to the company, or a department / job role within a company again is not Personal Data. As for generic emails such as Sales@ or Admin@ well these too, being not addressed to a named individual, do not constitute Personal Data.
However, where a person is named, then it becomes Personal Data. For example, post addressed to “Finance Director” is not Personal Data, but if addressed to “Steve Clayton, Finance Director”, it becomes Personal Data. Similarly direct telephone lines and mobile phones are seen as being Personal Data as they are usually specific to one named person and personal emails such as Steve@ and Joanne@ are also classed as Personal Data.
Why Do I Need To Know?
In a nutshell, the law. When it comes to being compliant to the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR), you need to be clear as to where you must have permission to conduct direct marketing.
You see, Non-Personal Data such as switchboard telephone numbers and generic email addresses does not require an opt-in to market to them, whereas Personal Data does (telephone numbers must always be screened against the Telephone Preference Service register (TPS), along with the Corporate Telephone Preference Service (CTPS) whether personal or not). Failure to obtain the appropriate opt-in could land you in deep water with the Information Commissioner’s Office (ICO) and they have the authority to issue companies and individuals with significant fines where breaches occur.
The Proposed EU Regulation Changes
Set to arrive in 2018 (based on current estimates), the proposed amended EU regulations (further information is available through many sources including the DMA) will only serve to tighten up the above even further. Once these become law, you can bet your bottom dollar that the ICO will be set to clamp down even harder on companies that fail to abide by the laws and regulations surrounding direct marketing and Personal Data. As such, it’s best to familiarise yourself right now, so that you are not only safe in your current activities but well ahead of the game when it comes to preparing for the inevitable future changes.
If In Doubt, Check It Out
This article should be read as a guide only and represents our interpretation at the time the article was written. These matters change frequently and we strongly suggest that if you have any doubts, you visit the ICO’s website for the most up-to-date advice regarding this and other related topics. We tend to err on the side of caution where uncertainty exists. At the end of the day, the onus is entirely upon you to be certain that you are compliant!
As with all things regarding the protection of the individual’s rights regarding the use of Personal Data, we at Data Bubble take these matters very seriously. The correct use of Personal Data, in accordance with laws and regulations, serves to protect the integrity of our industry. This must be paramount now and in the future, both for the benefit of the industry and for consumers everywhere.
