Is it true that work email addresses are not considered personal data? This question has been quite common lately. The straightforward response is that work email addresses indeed qualify as personal data. If you can ascertain the identity of an individual, whether directly or indirectly (even within a professional context), the General Data Protection Regulation (GDPR) will still be applicable.
An individual’s work email address typically contains their first and last name, along with information about their place of employment. For instance, an email address in the format of email@example.com is regarded as personal data under GDPR. However, if it is a generic business email address, such as firstname.lastname@example.org, it does not fall into the category of personal data.
Do you have to seek consent for business-to-business marketing? Well, not necessarily. There are six legitimate grounds for data processing according to the GDPR, and these encompass your business-related interests. These include:
- legitimate interest
- public interest
- protection of vital interest
- legal obligation
Recital 47 of the GDPR states that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. However, if you intend to rely on legitimate interest rather than consent, you will need to apply the following three-part test:
- The purpose test: Are you processing personal data in pursuit of a legitimate interest?
- The necessity test: Is the processing proportionate to achieving your aims?
- The balancing test: Is your legitimate interest overridden by the rights of the person whose data you’re processing?
If you would like to speak with a GDPR legal expert do not hesitate to contact Mayumi Hawkes on 020 3034 0501 or email her on email@example.com.