GDPR Compliance Statement
This statement sets out the operating procedures we undertake to ensure GDPR best practice is observed to the greatest extent possible, at all times.
What is GDPR?
From 25th May 2018, the GDPR brought all EU member states under a common
regulatory framework. Talkmarketing takes GDPR compliance seriously, and in addition to appointing a compliance officer to oversee our adherence to the rules, Talkmarketing have engaged 3rd party legal expertise to audit and advise on best practice. This investment enables us to assure clients that GDPR best practices are
strictly observed wherever possible, at all times.
Talkmarketing’s relationship with you
Talkmarketing is a service provider, when you engage our services, we work for you, and when we create data, we create data exclusively for you.
To put this in the language of GDPR and the ICO:
You are the data controller – data belongs to you and is not shared with any
other client, company or third party. No messaging is sent without your
We are the data processor – we are the data processor. We work for you.
Does your marketing activity qualify?
Talkmarketing’s services are designed and offered solely to help businesses promote to other businesses. Ie) B2B marketing only. Before launching new client activity, Talkmarketing conducts an in-depth assessment to establish if the product or service, combined with the proposed targeting, meets the criteria for GDPR compliant business to business (b2b) marketing. This assessment is called the Legitimate Interest Assessment (LIA). Prior to conducting the LIA, suitability can usually be determined by the following two questions:
Will the product or service being offered benefit the businesses you are targeting, and not the individual?
The product or service that you are offering needs to be of benefit to the target business, and when talking to any individual, relevant to their business role only. It can help to consider the following examples:
If you are targeting companies that sell widgets, to offer marketing services designed to increase their sales of widgets, then there is a clear, sole benefit to the company.
If you are looking to contact business owners in order to help them invest their hard-earned wealth, despite the links to their
professional role, this is aimed at the individual not the company.
Are the services being provided equally beneficial to whomever may be
contacted about them?
If question one can be answered positively then a further test to the business nature of your offering is to consider the target individuals that you would like to introduce it to. The only consideration here should be job specific – typically department and seniority. Your offer should be equally relevant to whoever fills these role(s) at any given time, and in no way targeting any given individual.
Talkmarketing and Personally Identifiable Information (PII)
At the core of the Talkmarketing process is the identification of target companies.
Whilst the details of this stage can vary, it involves no personal information
at all. Once the list of accounts has been finalised, we then determine the
details of the individuals in the target role(s) at the companies. This stage
typically generates Personally Identifiable Information (PII). Personally Identifiable Information (PII) data held is kept to an absolute minimum.
GDPR sets out a number of permissible circumstances (or categories) under which
PII can be stored and processed, the most appropriate category in the case of
Talkmarketing is Legitimate Interests.
This link explains the Legitimate Interests basis for storing and processing PII:
There are 3 areas that need to be satisfied for Legitimate Interests to be used as a basis for processing PII:
1. Identify a legitimate interest the legitimate interest can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits. The data processing is generally in your interests – whether it be to increase market share, increase brand awareness, or engage business leaders.
2. Show that the processing is necessary to achieve it. Can the same result be achieved differently? Core to the Talkmarketing service is the efficiency and constant drive to be the most cost-effective sales channel which we believe cannot be replicated using other methods.
3. Balance it against the individual’s interests, rights and freedoms. Would the individual expect their data to be used in this way? Would an individual who lists publicly their role within a company expect to be contacted about services that may help that company or their department within the company? No data processing may replace or infringe the individuals interests or cause unjustified harm.
Rights of Individuals
that is held about them and by who.
Opting Out & Exclusion Lists - All recipients can opt out easily to prevent further email communication being received. All replies to prospecting emails are logged and those prospects are added to your campaign exclusion list within 24 hours. Talkmarketing allows import of existing exclusion lists in advance of campaign activity. Exclusions can be submitted in the form of individual email addresses or full domains and will prevent communications being issued to those email addresses or domains listed.
Subject Access Requests - All individuals have the right to request a copy of all data you hold on them. To support this, you can email any SAR requests to and we will return this data within 72 hours.
Right to be Forgotten - All individuals have the right to have their data removed (to be ‘forgotten’) which is a request that can be carried out easily by your
Talkmarketing account manager. Your data belongs to you and you can choose to delete some or all of it at any time. A conflict does arise in removing or forgetting an email address whilst at the same time keeping this address on an exclusion list to prevent future mailing. Where we have removed data, we will move the email address to a separate exclusion list, ensuring we are able to prevent any future messages being sent to the contact whilst continuing to honour their right to be forgotten.
PECR and sending of B2B messages
Whilst GDPR controls the storage and processing of personal data in the UK,
sending messages is regulated under the Privacy and Electronic Communications
Regulations (PECR). This is very clear as to the requirements on business
“You can email or text any corporate body (a company, Scottish partnership,
limited liability partnership or government body). However, it is good practice
– and good business sense – to keep a ‘do not email or text’ list of any
businesses that object or opt out and screen any new marketing lists against
If Talkmarketing determines that your planned B2B prospecting activity does not meet the criteria for Legitimate Interests within the scope of GDPR then we cannot support the activity within any regions subject to GDPR.