Menu
LIVE DEMO VEREINBAREN

B2B calls and the GDPR.

Normen Daunderer
Dec 19, 2019 1:23:41 PM

Customer experience is a short way of expressing the idea that companies should offer consumers the best possible experience when they establish contact with the business. The introduction of the General Data Protection Regulation (GDPR) produced clear guidelines on the extent to which companies may collect and store data for this purpose.

But what are the rules for B2B?

In the B2B sector, we often hear people saying phrases like:

  • “legitimate interest”
  • “a legal person is not a natural person” 
  • “if they publish their information on their website, then I can use it”

The GDPR provides little clarity on these issues and the topic of “calls” in particular, and appears to incorporate scope for potential flexibility and maneuver.

The issue becomes all the more complex if we also factor in competition regulations, and specifically the question of whether B2B calls require prior consent, which places many a business model on somewhat shaky ground.

In this post, we aim to clarify some of the issues where guidelines are currently lacking.

In Germany, competition law is primarily regulated in the Act against Unfair Competition (UWG). This law prohibits any business action that unfairly disadvantages another market participant.

It also provides examples of acts that produce an unfair disadvantage:

  • “advertising by means of a telephone call, made to a consumer without his prior express consent, or made to another market participant without at least the latter’s presumed consent.”

In this example, participants called as part of a B2B initiative are classed as “other market participants”; the law requires at least “presumed” consent to be obtained.

But what does this mean exactly?

“Presumed” consent applies when the
specific circumstances indicate that the market participant could reasonably be expected to have an interest in the subject of the telephone advertising.
The legal position on this remains unchanged even when the GDPR is taken into account.

Generally, calling a telephone number requires some level of personal data processing. For this reason, the caller must check whether data protection regulations require consent to be obtained before a call is made.

Even if you are unsure whether the GDPR (or the national regulations arising from the EU regulation) and §7 of the UWG apply at all, it is important to clarify what these regulations mean for B2B calls if they are relevant.

Does the GDPR require prior consent to be obtained for a B2B call or not?

The GDPR sets out the legal basis for all processing of personal data (art. 6, para. 1, GDPR)

However, this legal basis does not necessarily need to take the form of consent.
This is a positive thing, as consent is (as per art. 5, para. 2 of the GDPR) associated with documentation obligations such as a “double opt-in”, which increases the administrative burden and costs significantly.

But how can a B2B cold call be justified on other legal grounds without consent?

GDPR art. 6, para. 1
Processing shall be lawful only if and to the extent that at least one of the following applies:

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

This means that the processing of personal data – in the form of a B2B cold call – is legal if the act of processing is required to protect the legitimate interests of the responsible party or a third party, and where such processing does not infringe on the basic rights and freedoms of the person receiving the call.

The caller must therefore decide whether there is a legitimate interest and whether the fundamental rights of the receiver of the call outweigh this legitimate interest.

Supporting arguments from the GDPR

Elsewhere, e.g. in the “Suitable recitals” for the processing of personal data, the GDPR defines:
“47) Overriding Legitimate Interests.”

Interpretation:
Taking into account art. 6, para. 1(f) of the GDPR and the associated “47) Overriding Legitimate Interests”, the processing of personal data can be performed in a legally compliant way in direct marketing.

This is not a “free license” to conduct any kind of direct marketing, but it does indicate that the GDPR allows some scope for direct marketing and that an assessment of the legitimate interests can work out in the caller’s favor.

So are B2B calls compliant with the GDPR?

We cannot – and are not permitted to – answer this question in this forum. However, there are arguments in support of the legality of these kinds of calls.

The transparency obligations in articles 13 & 14 of the GDPR must also be satisfied.

Calls in B2B telephone marketing are currently still made without the express consent of the person receiving the call. However, there are two basic preconditions that must be met for this to happen:

  1. Presumed consent as defined in §7 of the UWG (i.e. not express consent)
  2. A justified interest on the part of the caller as defined in art. 6, para. 1(f) of the GDPR.

With this in mind, businesses should check before making any B2B cold call that both of these conditions are met.


We would also like to point out that this post is intended for information purposes only, and no legal rights may be derived from it. The content of this post is not intended as a substitute for personalized, binding legal advice based on your specific circumstances. As such, this information is provided with no guarantee of accuracy or completeness.

You May Also Like

These Stories on: advanced

Subscribe by Email