Menu PlatformSolutionsPartnersResourcesAbout us

Spacer

MENU

Platform Platform
Solutions Solutions
Partners Partners
Resources Resources
About us About us
English
logo actito

Demo Demo Request a demo

Log in Log in Log in

Actito, in a nutshell

The agile activation platform

Product Releases

Check out our latest features. Powerful and quick to set up

User reviews

Find out what our customers really think about us! The numbers speak for themselves: 8.5 for software ease of use, 8.7 for quality of support and 8.1 for ease of setup.

Pricing

Find the perfect Actito formula for your brand and the powerful features that come with it.

360° CUSTOMER VISION

Collect real-time customer data in Actito's Customer Data Platform through secure flows and APIs. Target, segment and analyze data to achieve better customer engagement

Omnichannel Communication

Connect with customers anytime, anywhere through hyper-personalized and timely messages

No-code Orchestration

Deliver an improved customer experience by leveraging the power and ease of use of Actito’s no-code scenario builder. Seize every opportunity on the customer journey.

Augmented marketer

Follow and optimize every step of the customer journey through data visualization. Let Actito make decisions at scale via powerful algorithms. Focus on your strategy and marketing actions

Premium Add-ons

Extend your customer activation arsenal, benefit from in-house support

Integrations

Enrich your marketing stack with our plug & play connectors

Developer portal

Build your own integrations using our extensive API documentation

For retail

Increase your customers' lifetime value through automated, relevant and hyper-personalized communications

For e-commerce

Maximize the revenue potential of your webshop with interactive, automated customer journeys that can be tailored to your specific business needs.

For media

Leverage first-party data to deliver the right content to the right people at the right time via automated multi-subscription newsletters

For pharma

Communicate with healthcare professionals using relevant multi-channel communications in an autonomous, compliant and secure manner

For the CMO

Together we identify your needs and grow your marketing strategy

For the marketing operator

We guide and challenge you

For the technical expert

We support you in the integration of Actito into your marketing stack

Our success stories

E-retail, media, travel & leisure, bank & insurance, automative... our clients share their experience

Our business partners

From strategy to platform operability, they take you to the next level

Our tech partners

Discover our ecosystem of best of breed partners

Become a partner

Why should you become a partner?

Our blog

Be ahead of the game

Our e-books

Guiding best practice

Our infographics

A picture’s worth a thousand words

Our events

Don't be shy. Come and meet us

Our success stories

E-retail, media, travel & leisure, bank & insurance, automative... our clients share their experience

User documentation

Expand your knowledge of Actito by browsing our documentation portal

Developer portal

Build your own integrations using our extensive API documentation

Our story

From 2000 to today

Our agile philosophy

What makes us unique

Our superheroes

They strive to put you in the spotlight

Join us

Make a real difference and a mark

Find us

We're never far away

Article

GDPR: the question of consent in B2B and B2C email marketing

The point of view of Benoît De Nayer

GDPR: the question of consent in B2B and B2C email marketing

"Like me, you are currently probably drowning under mails from companies you may never have even heard of, inviting you to “reaffirm” your consent to receive marketing and advertising e-mail.

Most of these e-mails appear to have been drafted rather quickly and the wording at times seems rather clumsy. None of the mails I have read to date seem to have been reviewed by a legal counsellor. In fact, some are even downright illegal. All, and I mean all, the “confirmation” emails I have read to date are completely off the mark.

By mixing up GDPR and e-mail consent, they seem to have missed the point. The GDPR does not require you to obtain the specific opt-in of all the contacts in your existing databases (on the contrary even, Recital (171) of the GDPR says that where databases were developed based on consent pursuant to Directive 95/46/EC, the controller can continue to use these databases).

Given the scale of the disaster it occurred to me (a little late I admit) that some education was needed. So let’s start from the beginning.

1. Le RGPD et l’E-mail, ce sont deux choses différentes.

1. GDPR and e-mail are two different things

1. Le RGPD et l’E-mail, ce sont deux choses différentes.

Firstly, the GDPR does not mention e-mail anywhere. It isn’t particularly concerned with the channels you use, because it only refers to the processing of personal information.

The provisions about e-mail are set out in a European Directive from 2002 (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector called the “Directive on privacy and electronic communications), which has been transposed into the legislation of the Member States in various ways. This will be significantly reworked in the next few months, in a future e-Privacy regulation but more on this later.

In essence, the Directive says this:

- All e-mail communication to natural persons (you and me) requires the subject’s prior consent (OPT-IN). Except if the e-mail was collected in the margin of a commercial transaction and is used to send promotional messages about similar products. In that case, the OPT-OUT rule kicks in.

- All e-mail communication to legal entities (businesses) does not require prior consent but entitle them to object to this (OPT-OUT).

2. You need data to send e-mails

2. Pour envoyer des E-mails, il faut des données

And that is where the GDPR becomes relevant again. You can’t develop an e-mail campaign without processing personal data (a quick reminder that an info@company.com address is not considered personal data and that its processing is therefore not subject to the GDPR).

And you will say that you need consent to process personal data.

Yes and no: most of the senders I referred to above are wrong in thinking that consent must always be sought for data processing. Nothing could be further from the truth.

Consent is just one of the circumstances under which data processing is lawful (in a sense, it is the “mother of all justifications for the processing of personal data”). When a company bases itself on the person’s consent to process their personal data, it must demonstrate the exact scope of this consent (when was the consent given, through which channel, and so on).

Other circumstances include the law that may require you to process certain data, the performance of a contract and legitimate interests.

Legitimate interests are the exact reason why the GDPR was drafted in the first place. And sometimes they used to justify all kinds of things.

Recital (47) of the GDPR (which can be used for its interpretation) however unambiguously states that commercial prospection can be a legitimate interest.

If we combine this recital with what I said under point 1, you can draw some interesting conclusions:

For B2B (Business to Business):

No prior consent is needed for data processing or for sending prospection e-mails to companies. As companies, which are legal entities, are represented by natural persons, you can send prospection e-mails to an address of the name.firstname@company.com type.

The French data protection authority CNIL has corroborated this (https://www.cnil.fr/fr/la-prospection-commerciale-par-courrier-electronique), stipulating that e-mail prospection is still possible without consent under the GDPR.

However, note that the situation differs slightly among countries of the EU. For example, in Belgium, the “Arrêté Royal » of April 4, 2003 (which regulates the sending of e-communications) states that consent is required in order to send prospection e-mails to such addresses.

You must make reasonable use of this consent however. For example, your prospection efforts must solely relate to products and services that may be relevant to the company. You cannot, for example, try to sell a game console to the holder of an name.firstname@company.com address without prior consent.

What’s more, the recipient must be able to object to the processing of their data for marketing purposes at all times.

So there is no need for a re-opt in for a B2B prospection database. That said, it may be worth reminding the data subjects whose personal data is contained in this database of the extent of their rights (more specifically of the right to object to the processing of personal data for marketing purposes), inviting them to unsubscribe if the messages do not seem relevant to them. This is simply a case of common sense.  

For B2C (Business to Consumer):

This is a more complex matter. Even if commercial prospection aimed at consumers falls under the scope of Recital (47), it should still be noted that the Directive of 2002 prohibits the use of their e-mail address without prior consent.

The only case where you may use e-mail to send a marketing message to a consumer without specific prior consent is if that consumer has purchased goods or a service, if their e-mail was collected in the margin of this transaction and if you use it to promote similar goods and services (i.e., promote MP3 music to someone who already bought a song).

In that case, this is considered an example of legitimate interests. The data processing is obviously lawful because it is authorised by the law (which transposes the directive).

Here too however, you must give consumers the right to object to this data processing and therefore to all subsequent communication.

In short, for B2C communication, you only have two options for e-mail based marketing communication: • Either you obtain specific consent from the consumer, entitling you to send marketing communication by e-mail and nothing in the GDPR prohibits you from continuing to rely on this consent. • Or you have a business relationship with the consumer and rely on this to continue to send the consumer e-mails about products and services that are similar to those he already bought from you. Here again, nothing in the GDPR prevents you from continuing to send the consumer messages based on this relationship.

However, you may not send an e-mail to the consumer asking him to register (or re-register) for your e-mail marketing programme if any of the above situations do not apply to you. And that is exactly what the majority of the e-mails we are all getting lately are asking us to do. In our opinion, they are therefore illegal.

That said, it could be interesting for marketing professionals who can base themselves either on e-mail consent or on the opt-out in the framework of an existing commercial relationship to send consumers an e-mail reminding them about their rights and inviting them to modify their preferences, where applicable. I hope I was clear. If not, please share your reservations, questions and opinions on linkedin or send me an e-mail at benoit.de.nayer@actito.com

Good luck with your compliance... ." 

Benoît de Nayer 

Director and co-founder

2. Pour envoyer des E-mails, il faut des données

About the author

benoit-de-nayer-actito

Benoît De Nayer

Co-CEO

Benoît is the co-founder and co-CEO of Actito. Since 2000, he has been overseeing the company's product strategy with humor and flair. He started his career as a lawyer and researcher in consumer law at the Université Catholique de Louvain (Belgium). He holds a master's degree in law from UCL and a master's degree in tax law from the Université Libre de Bruxelles. Passionate about the legal world, Benoît knows the GDPR regulation inside and out.