Moneypennies Guide to GDPR

The General Data Protection Regulation or GDPR was introduced to the UK on 25th May 2018 and has forced us all especially those in event services marketing and event professionals to comply. The confusion surrounding the rules and responsibilities in relation to email marketing and permission to send an email has divided people into three types. [DOWNLOAD YOUR CHECKLIST TODAY]

  1. Those that no longer send emails to potential customers,
  2. Those who continue to send marketing emails,
  3. Those that pay a third party to send email marketing emails on their behalf.

Lets have a look at each of these types of people so that you can decide which camp you fall into:

People who no longer send marketing emails

The hesitancy by those who no longer send emails might stem from not differentiating between business to business and business to consumer recipients. There is a huge difference in terms of the regulation around permission and legal basis for sending emails.

GDPR now categorises “Sole Traders” and “Partnerships” as “Consumers” where email marketing is concerned. The consumer category has create restriction around it under GDPR so we can no longer email them without prior consent. That consent has to also be a “Positive Opt In Choice” that each persona makes and does not mean that you can use their email address for future marketing purposes just because they gave it to you for another purpose.

The default advice from “GDPR Advisers” seems to be that there is only one route that leads to being GDPR compliant and that is positive opt in consent no matter which type of recipients are communicating with and whatever your business relationship with them is.

If you fall in to this camp where your main email list is full of sole traders and partnerships and you are confident that they’ve already positively given you permission to email them, then it’s worthwhile revisiting your email list and marketing processes to see if you have the evidence that they “signed up” out of choice. If they did then all that is needed is a simple “one click unsubscribe” link in every email you send them. This approach can keep your business flowing in terms of email marketing and keep you on the good side of “best practice”.

Of course, that same advice to “gain permission” all over again from the GDPR Advisors has been applied to situations where there is “Legitimate Interests” on both sides on the email communication. Sending emails to businesses who would usually expect to receive information about the goods and services that you are offering is covered by the legal basis “legitimate interests” and so you would not need to go any further with refreshing their consent but would need to cover the basics of Best Practice. These best practices are covered in my GDPR Checklist for Email Marketers and can be downloaded free.

People who have continued to send email

That default advice makes no account for “Legitimate Interests” or that it is a lawful basis to opt for processing both ways consent and legitimate interests. As well as combining both. Without the need to overwrite one with another.

However in all cases irrespective of whether the recipient is business to business or business to consumer, whether processing of information falls under legitimate interests or consent. Opting out or unsubscribing is the holy grail and you should stop emailing this person if they unsubscribe.

There should be a process and record in place to ensure people who request to no longer receive marketing emails from your organisation can be suppressed and that everyone who works within your organisation is aware of this. Of course using a third party email delivery service like Mailchimp that offers the “one click unsubscribe link” you need in every email and email automation so you can maximise your impact on your subscriber list.

As I’ve already mentioned the one thing that hasn’t changed since the introduction of GDPR is that you should, now MUST, including an unsubscribe option within the body of every marketing email irrespective of whether it falls under business to business, or business to consumer, and whether or not positive consent was given.

You should remember that the data you hold on people is a snapshot of captured fact at any given time, and as such needs to be be updated regularly and as frequently as possible. An unsubscribe request is simply that, an update to the data you hold on a person. They used to be interested in getting your email, now, for whatever reason, they are no longer interested. That could be because of a job change, a business move, or a promotion. It is as simple as that, so don’t view unsubscribes as a bad things in themselves. You are better off removing those people not interested in receiving your info, from your contacts as that will improve the quality of your list.

People who pay a third party…

This third group of people may have had an ongoing relationship with a set of people or had people on their email marketing list, who had previously given permission or at least not taken the action to unsubscribe from the list, With the advent of GDPR the assumed permission you had before may not be adequate to keep you inside the legal framework that of GDPR.

There are companies who offer to send out marketing communications via email on behalf of a specific set of service providers who they have a connection with. This is usually covered by the legitimate interests legal basis for communications.

Moneypennies is one such provider, as we have been building and maintaining a database of contacts within the MICE industry for over a decade.

Regularly updated, Moneypennies Update is a list of buyers in the industry who are actively seeking to place their business with MICE service providers and as such have a legitimate interest in receiving certain types of information from us and our industry contacts.

Call Suzanne at Moneypennies to Find Out More about this service

Using Data More Effectively

Data is the vehicle to help you achieve your business goals when it comes to making meaningful connections with other businesses. It’s all about the detail.

In terms of GDPR the “Data Subject” is the real person you hold data on. Knowing that each person in your database or email marketing list, organises an event makes them matter.

Our challenge is, how do we make our data as effective as possible to in the quest to win new sales?

We all know that email marketing has been and continues to be one of the most effective marketing vehicles available to businesses. Even those who use a “scatter gun” approach to email marketing, known as spammers, manage to get a pretty good response rate for their efforts. The spammer approach is one that assumes that if you email 1,000,000 people with a random offer that sounds plausible then maybe about 0.5% will respond and maybe some 2% will convert.

Lets think about those figure for a moment, half a percent of one million is 5000 people with 2% of that being 100 conversions. So the spammers rely on the numbers to achieve their revenue goal. Spam a million people a day consistently with an offer of a $147 offer and you’r netting $147 X 100 ($14,700) for every email blast they send out.

Clearly, this is not something that has a good effect on a legitimate business even though it might be quite profitable in the short term, the damage to reputation is massive and in many cases is not recoverable.

A much better way, and one that the GDPR was introduced to cater for is to only email those people who would naturally have an interest in your offering. The response rates are much higher than the half percent of spammy emails with the conversion rate being far better than 2%.

Moneypennies Update database does exactly what GDPR seeks to enforce on business email marketers across the EU. Keeping the “Data Subject” details up to date, attaching to that person what they might be interested in in terms of the Events Industry and crucially WHEN they might be interested in hearing about products and services to fulfil their needs in running conferences, exhibitions and/or awards dinners.

GDPR and the ICO

Having maybe been bombarded with conflicting advice from many different sources it is easy to have overlooked taking the most important action of all. That is to register your business with the Information Commissioner’s Office (ICO)

If your business is already registered you do not have to pay this fee until your current registration has expired. It’s an annual fee based on the type of business and starts at around £35.

If you have not registered yet, find out more:

The ICO have overall responsibility for enforcing GDPR in the UK and this fee goes towards their running costs.

GDPR the Legal Framework

Data Protection Regulation

On 25 May 2018 The General Data Protection Regulation (GDPR) came into force in the UK.

E-Privacy Regulation

The E-privacy Regulation was due to sit alongside GDPR but it has not yet replaced the Privacy and Electronic Communications Regulation (PECR)


GDPR has made us all more aware of data security, particularly:

  • The purpose of the data we hold?
  • How will we keep it current?
  • Who has responsibility for it?
  • Who within our organisation will have access to it?
  • Who outside our organisation will it be shared with?
  • Can we share data and keep it secure?

Information Commissioner’s Office

The General data Protection Regulation, or GDPR, is an EU law with the enforcing body in the UK being the Information Commissioner’s Office (ICO)

Data Controller

Every organisation that holds data should have a data controller registered with the Information Commissioner’s Office (

How does GDPR Impact on email marketing

The Information Commissioner’s Office classes the activity of sending marketing emails as legitimate interests; but what is “Legitimate interest”?

Let me explain by using an example that I see many times across all sorts of businesses across the events industry.

An event buyer in their professional capacity would reasonably expect to receive information from your organisation about your event products and services. The processing of their information for the purposes of email marketing falls under the banner of “Legitimate Interests” and is one of the lawful basis that falls within GDPR for processing data.

You may be surprised to learn that using a “bought in database” from a third party such as Moneypennies would also fall under the lawful basis of legitimate interests too; but you need to be aware that you can’t just buy any old list and expect it to be covered by the legitimate interests lawful basis. The recipients of your email marketing must reasonably expect to “be interested” in some way related to their business of job function, in the information or marketing materials you are sending to them. This is why Moneypennies Update is unique. We’ve spent decades gathering and updating information on event buyers who are actively running events where services from businesses like yours could provide a valuable service to them.

In an effort to align the requirements of GDPR to the needs of event suppliers and bring them closer to event buyers. Moneypennies has made further additions that are crucial for a closer connection to annual corporate and association event buyers who are generating conference, exhibition and/or awards dinner.

Because Moneypennies Update is event data driven information will include the date, name of event and a link to the event website and the buyer contact details will include a link to their LinkedIn Profile.

If a record has been revised you will be able to see the reason for any change such as:

  • Company
  • Name
  • Job Title
  • Address
  • Postcode
  • Telephone Number
  • Email
  • Name of Event
  • Date of Largest Event
  • Last Venue Used
  • Date Last Reviewed
  • Company or Charity Number Registration checked

Having maybe been bombarded with conflicting advice from many different sources it is easy to have overlooked taking the most important action of all.

Which is if your business sends marketing emails you must pay a data protection fee to the Information Commissioner’s Office (ICO) to register a nominated person within your organisation with the responsibility of being the data controller. The ICO is responsible for enforcing GDPR in the UK and this fee goes towards their running costs.

What is a Corporate?

The definition of a corporate being a limited company, public limited company, limited liability partnership or government departments. An individual based within a business can be emailed without prior consent (e.g.

So long as the following criteria are fulfilled:
Suzie Smith must be given the option to easily unsubscribe from receiving email marketing.
Suzie Smith in her professional capacity would expect to receive information about the product or service being promoted,
The sender has clearly identified themselves by name, email and has provided contact details.


It is important to adopt the best practice but not lose sight of the objectives and outcome of email marketing which is to be a vehicle for your business to grow it’s revenue and profit.

GDPR has given businesses the opportunity to make sure that data meets all the objectives of the business. That the processes to monitor and record all their internal and external communication with their employees and customers are fully integrated.

With this in mind, and to make the most of the opportunity that GDPR offers your business; it really is a good thing to have an email marketing list that is focused and targeted on the type of people most likely to need and want your products and services. The key element is to have an email list that is up to date and is full of people likely to respond to your information in a positive way.

To find out how your business can ensure that your email marketing list is up to standard, contact

Download Your Free GDPR Email Marketing Checklist TODAY.