2018 was the year GDPR took the marketing world by storm and changed ‘our’ world as we know, live and breathe. The GDPR changes will affect all businesses, let alone marketing departments, but this one is certain – Legitimate Interest. And you, as a marketer, need to know what it means and how you can apply it to your marketing to ensure you are as GDPR compliant as you can be.

Legitimate Interest

Legitimate interest is the key we have all been waiting for to GDPR compliance and a fairly simple one at that. Legitimate interest is the most flexible, lawful basis for processing data. While consent (double opt-in) is one basis on which the processing of personal data can be justified, it is not the only basis.

Legitimate interest is another basis of the ability to process personal data, in a compliant manner. Hallelujah. Music to all marketer’s ears. When regarding the sending of direct marketing emails, the relevant processing condition could be either consent or legitimate interest. And the GDPR has always stipulated that a ‘legitimate interest’ to communicate with an individual could constitute an acceptable alternative to express consent or opt-in.

As a result, fake news and scaremongering have been rife, saying businesses can lose up to 90% of their marketable database, and no longer will be able to do any outbound marketing. For some time (back at the start of 2016 when GDPR was announced), we planned to use only consent as the basis for communicating with our database, but we have adjusted our position in line with the latest guidance from the ICO.

So, what is Legitimate Interest?

In short, it is the ability for your company to prove the reasoning behind you emailing your leads or prospects based on their industry and job title. Whereby, the contacts you are emailing have an interest in your marketing communications, legitimately. What you have to offer, in terms of your goods, services or products will essentially benefit the business you are emailing. The receivers on the end of your emails are going to benefit or be interested in what you have to say.

The GDPR expressly acknowledges that this is permissible. The last sentence of Recital 47 GDPR says:
“The processing of personal data for direct marketing purposes may be carried out for a legitimate interest”.

In relation to email marketing, legitimate interest only applies to ‘corporate subscribers’ (employees of incorporated/limited companies, limited liability partnerships and government/local authority institutions).

Legitimate interest does not apply to individual subscribers (employees of sole traders and unincorporated partnerships, LLPs), or those not affiliated with a business (using ISP email addresses such as Gmail and Hotmail). In this instance, you must use consent as your legal basis, which means you must have explicit opt-in before you may contact the individual for marketing purposes.

Consider the following:
Why do you want to process the data?
Who benefits from the processing and in what way?
Is your use of the data ethical and lawful?

  1. Document the business benefit of their goods and services.
  2. Document the definition of the likely purchaser/user of such goods in a workplace (Buyer Personas – where this can be multiple types)
  3. Where possible, demonstrate that the data being processed conforms to such definitions.

Based on Field Fisher EU E-Marketing Requirements Nov 2017

Know your market

In compliance with legitimate interest, you need to know who your audience is. Who are the people you are mailing to on a weekly basis? And we mean really know them, as this is the foundation to your legitimate interest evidence. At Spotler, we talk a lot about buyer personas and killer values and really understanding and identifying your target audience. This is where your buyer personas play a huge part in your marketing. You need to have evidence that the people you are emailing are in fact the people who will be interested and will benefit from your offerings. Document the definition of your likely purchaser or user in the workplace. Use your current client base to determine common denominators and patterns across the businesses, industries and job titles you are currently doing business with.

You can download our persona template here to get started.

Make a statement

Along with your buyer personas, you also need your company statement up to scratch. It sounds simple but it’s another crucial point to sending you on your way to GDPR compliance. Your company statement needs to mirror your product offerings and services and is proof that you are selling what you say you are and marketing to the relevant people who will benefit from your business. It’s the proof behind your marketing. The two together – your buyer personas and your company statement – need to be relevant to each other and in coordination.

There are three assets that make up the basis of legitimate interest – your data, all the contacts you hold and are actively mailing to including their job title, your buyer persona, and your company statement. All these assets need to reflect the other.

Having all these assets in place is the difference between being able to market to potential clients post-May 2018 and not being able to.

Finally, you must include your legitimate interests in your privacy note. If you want to hear more about Legitimate Interest, Buyer Personas or GDPR please get in touch. You can sign up for one of our webinars or seminars here.

E-marketing laws

Currently, each EU country has its own legislation for electronic communications that supersedes GDPR, based on the 2002 European e-Privacy Directive. Many EU countries’ e-marketing legislation requires opt-in consent for B2B communications, however in the UK under PECR you can use Legitimate Interest for B2B email marketing. Not abiding by a country’s e-marketing legislation renders the legitimate interest basis invalid, and companies will be at risk of fines under GDPR.