Everyone talks about AI. Everyone talks about automation. But very few people are talking about the biggest change affecting UK marketers this year: the UK’s updated data protection rules are now live.
Many businesses still think GDPR hasn’t changed. It has. The ICO has updated its guidance around direct marketing, legitimate interests and PECR, and organisations are now expected to have formal processes in place for handling data protection complaints.
What’s actually changed for UK marketers?
The Information Commissioner’s Office (ICO) has refreshed its direct marketing guidance to reflect the UK’s evolving data protection framework. The headlines for anyone running B2B or B2C campaigns are: clearer expectations around legitimate interests as a lawful basis, updated guidance on PECR and electronic marketing, and a requirement to handle data protection complaints through a formal process rather than ad hoc.
You can read the ICO’s direct marketing guidance in full at ico.org.uk – it is written in plain English and worth an hour of any marketer’s time.
The fear is doing more damage than the rules
We still hear the same worries every week: “We’re not sure if we’re allowed to email businesses.” “We don’t know what data we can use.” “We’ll avoid marketing altogether because GDPR is too confusing.”
The reality is very different. Good marketing isn’t about avoiding data. It’s about using the right data, for the right audience, with the right message, while following the rules.
B2B marketing to business contacts remains perfectly lawful when done properly. Legitimate interests is a valid lawful basis for much B2B direct marketing, provided you can demonstrate you’ve balanced your interests against the individual’s rights.
Compliance is a competitive advantage
Businesses that understand compliance gain a genuine edge, because they have the confidence to market consistently while their competitors do nothing. Marketing doesn’t stop because legislation changes. It evolves.
That starts with compliant, opted-in data. Every list we supply is GDPR-compliant and screened before it reaches you – see our b2b data (/b2bdata/) and TPS screening service (/tps-screening/) for how that works in practice.
When did you last review your lead generation?
If your lead generation strategy hasn’t been reviewed recently, now is the right time. Check your lawful basis, check your data sources, check your suppression processes – and then market with confidence.
How confident are you that your current marketing complies with today’s rules? If the honest answer is “not very”, call us on 0113 465 5555 for a straight-talking review.
FAQs
Is it still legal to email businesses under UK GDPR?
Yes. B2B email marketing remains lawful under PECR and UK GDPR when you have a lawful basis such as legitimate interests, your data is accurate and properly sourced, and you offer a clear opt-out in every message.
What is the ICO’s updated direct marketing guidance?
The ICO has refreshed its guidance covering direct marketing, legitimate interests and PECR, and now expects organisations to run formal processes for handling data protection complaints. The full guidance is available at ico.org.uk.
Do I need consent for all direct marketing?
No. Consent is one lawful basis, but much B2B direct marketing can rely on legitimate interests, provided you balance your interests against the recipient’s rights and document that assessment.

