Emails are sent under the General Data Protection Regulation Legitimate Interest basis.

The Information Commissioner's Office (hereafter referred to as the ICO) is a UK government organization and the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO's role is to uphold information rights in the public interest with specific reference to the Data Protection Act, the Freedom of Information Act, the Pirvacy and Electronics Communications Regulation, The General Data Protection Regulation, the Environmental Information Regulations among a host of other regulations,

The ICO labels Legitimate Interest as “the most flexible” of all lawful basis of processing, and it is likely that data processing for most B2B marketing departments will sit comfortably within this basis. In essence, it allows you to process personal data on the grounds that your organisation is working towards the legitimate interest of the individual - this can include commercial interests. As long as the data processing doesn't infringe on the rights and freedoms of an individual and you can prove the data subject (individual) in question could be likely to have a legitimate interest in what you're marketing, you can collect and process their data.

For example; if you're an organization offering HR software, and you collect and process data relating to HR Managers from a range of businesses, that individual is likely to have a legitimate interest in your HR software, based upon their job function and seniority within the business. This example would be a perfect example of how legitimate interest would apply in a B2B marketing scenario. If however, as an organization you purchased a large list of gmail, yahoo or hotmail email addresses without any consideration of who was being sent your email marketing communication, and without any thought with regard to the relevance of your email message, then you'd be in breach of their legitimate interest and would likely be in breach of the GDPR regulation.

When leveraging legitimate interest as the lawful basis of processing personal data, you must also ensure that the rights and freedoms of the data subject are not compromised. Will your message put that person in danger? Will it land them in trouble? Are they likely to be personally negatively affected by your message? If so, then it is likely that your message will not be compliant with GDPR. Of course, for most B2B marketing it is highly unlikely that a data subjects' rights or freedoms will be compromised – at most they won't be interested in your message, so it is essential to provide an 'unsubscribe' method, as the individual should always have the right to 'opt out'.