GDPR and TLS Data – How We Comply

About GDPR and PECR

GDPR is concerned with the collection, storage and processing of personal data. PECR (Privacy and Electronic Communications Regulations) includes additional rules that currently apply to electronic marketing communications – including email. Under these rules, “individual subscribers” are treated differently to “corporate subscribers”.

“Individual subscribers” covers people who work for non-limited or unincorporated businesses such as partnerships or sole traders. The rules require consent from individual subscribers for email marketing. B2B data providers throughout the industry have concluded that it is not viable to obtain the detailed level of consent now demanded. For this reason, TLS Data is no longer providing email addresses for individual subscribers.

“Corporate subscribers” are individuals working for limited companies and other incorporated organisations such as LLPs, and some government bodies. For corporate subscribers the rules do allow marketing to their email addresses without prior consent (with a clear unsubscribe or opt-out option to stop receiving emails from the sender), provided there is “legitimate interest”.

Recital 47 of the GDPR:

“The processing [using] of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”.

Legitimate Interest

Legitimate Interest is the legal basis used by TLS Data Ltd and all our data partners to process the personal data of corporate subscribers.

We have assessed Legitimate Interest to be appropriate because the data subjects are business contacts within a corporate organisation who might reasonably expect to receive relevant marketing information in their role within the organisation.

Such information has potential benefits to the data subjects and their businesses, including:

Informing them of relevant new products and services, innovations, costs savings, efficiencies, developments and so on that may help them to meet their business and commercial objectives as well as their legal and environmental obligations.

These benefits are balanced against any impact on their rights, freedoms and individual privacy, which we believe on balance to be low or negligible.

This complies with GDPR, the Privacy and Electronic Communications Regulation (PECR), and the guidelines for the UK issued by the Information Commissioners Office (ICO).

Personal Data

Personal data is processed lawfully. Businesses and individuals are fully informed about what information may be held and how their data will be used. Their rights to access, correct or remove it or object to its use are clearly explained and outlined through regular telephone or email contact with the individuals, including their option to opt out at any time, and links to the privacy policy.

If an individual objects to the processing of their personal data in this way, the processing is stopped.

Update files

Companies / individuals always have the right to object, or to remove their data. For this reason, update files containing any changes to the data we have already supplied will always be available (additional costs may apply).  

Your obligations under GDPR

As well as purchasing GDPR-compliant data from TLS, please also bear in mind your own obligations under UK and EU regulations relating to your marketing communications and any other data you use or hold.

For more information and guidance, contact the UK’s independent authority, The Information Commissioners Office (ICO): https://ico.org.uk/