{"id":39883,"date":"2025-11-24T13:49:20","date_gmt":"2025-11-24T12:49:20","guid":{"rendered":"https:\/\/mailcommsgroup.com\/?p=39883"},"modified":"2025-11-24T14:04:05","modified_gmt":"2025-11-24T13:04:05","slug":"the-keys-to-rgpd-compliance-in-different-b2b-b2c-and-b2b2c-business-models","status":"publish","type":"post","link":"https:\/\/mailcommsgroup.com\/en\/blog\/the-keys-to-rgpd-compliance-in-different-b2b-b2c-and-b2b2c-business-models\/","title":{"rendered":"Keys to GDPR compliance in different business models: B2B, B2C and B2B2C"},"content":{"rendered":"

[vc_row type=”grid” css=”.vc_custom_1547557263471{margin-bottom: 0px !important;padding-bottom: 0px !important;}”][vc_column dp_animation=”” el_class=”El nuevo reglamento europeo obliga a recabar el consentimiento expl\u00edcito para el tratamiento de los datos de car\u00e1cter personal” font_color=”#81d742″][vc_single_image image=”39891″ img_size=”full” css=””][vc_raw_html css=””][\/vc_raw_html][\/vc_column][\/vc_row][vc_row type=”grid” css=”.vc_custom_1679050935288{margin-top: 0px !important;padding-top: 0px !important;}”][vc_column dp_animation=”” css=”.vc_custom_1547557427896{padding-top: 0px !important;}”][vc_empty_space height=”80px” css=”.vc_custom_1742553516084{margin-top: -70px !important;}”][vc_column_text css=”.vc_custom_1763656830121{padding-top: 50px !important;padding-right: 50px !important;padding-bottom: 50px !important;padding-left: 50px !important;background-color: #F2F2F2 !important;}” dp_animation=””]Table of Contents <\/strong><\/span><\/p>\n

    \n
  1. B2B Model<\/a><\/li>\n
  2. B2C Model<\/a><\/li>\n
  3. B2B2C Model<\/a><\/li>\n
  4. Relationship between the GDPR and these business models<\/a><\/li>\n
  5. How can the above organizations comply with the GDPR?<\/a><\/li>\n
  6. Technology as an ally: WhatsApp Business<\/a><\/li>\n<\/ol>\n

    [\/vc_column_text][vc_empty_space height=”110px” css=”.vc_custom_1763656835071{margin-top: -100px !important;}”][vc_column_text css=”” dp_animation=””]The GDPR is a complex regulation in terms of compliance: it covers many sectors, affects a huge number of companies and is present throughout the life cycle of a customer or user. But, in addition, to ensure that data processing is carried out in accordance with the regulations, other characteristics must also be taken into account, such as the type of business model into which each company can be classified: B2B, B2C or B2B2C (more complex).<\/p>\n

    In this post of our series of contents on the GDPR we review the regulatory compliance of the General Data Protection Regulation applied to these models.
    \n[\/vc_column_text][vc_empty_space height=”110px” css=”.vc_custom_1763656839006{margin-top: -100px !important;}” el_id=”uno”][vc_column_text css=”.vc_custom_1763656094784{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}” dp_animation=””]<\/p>\n

    B2B Model<\/strong><\/span><\/h2>\n

    [\/vc_column_text][vc_column_text css=”” dp_animation=””]When we talk about B2B business we refer to those business models in which “transactions of goods or services occur between two companies”.<\/p>\n

    In this case, organizations establish links with other companies and, as a consequence, large amounts of data, sometimes of a personal nature, are generated, shared and stored.<\/strong> Examples include the names of companies, their directors or employees, capital, other financial data and confidential information such as account numbers, first and last names, e-mails, IP addresses, etc. A typical case in which some of these data are shared is the exchange of contractual information between any company and any sector, such as suppliers of goods and\/or services between companies (credits, investment products, means of payment…).[\/vc_column_text][vc_empty_space height=”110px” css=”.vc_custom_1763656842783{margin-top: -100px !important;}” el_id=”dos”][vc_column_text css=”.vc_custom_1763656142856{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}” dp_animation=””]<\/p>\n

    B2C Model<\/strong><\/span><\/h2>\n

    [\/vc_column_text][vc_column_text css=”” dp_animation=””]B2C model companies are those that sell or serve their products and services directly to end customers, without the presence of intermediaries. These organizations manufacture their products themselves and market them without going through external distribution systems.<\/p>\n

    In this case, as in the previous one, personal data<\/strong> are also processed on a massive scale, both identifying data<\/strong> (name, postal address, identity document, telephone number, etc.) and financial data<\/strong> (bank card or account number, among others). Sometimes even commercial communications may be sent,<\/strong> which, depending on the product in question, may or may not require the consent of the recipient.<\/p>\n

    A clear example of this case is the case of energy supply or insurance companies, when you request the customer’s consent before sending them an offer for a product other than the one they have contracted.<\/p>\n

    \"Satisfied[\/vc_column_text][vc_empty_space height=”110px” css=”.vc_custom_1763656847343{margin-top: -100px !important;}” el_id=”tres”][vc_column_text css=”.vc_custom_1763656215520{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}” dp_animation=””]<\/p>\n

    B2B2C Model<\/strong><\/span><\/h2>\n

    [\/vc_column_text][vc_column_text css=”” dp_animation=””]In this type of business model, companies reach an end consumer through other companies. But at the same time they have the ability to interact with the end customer through their own brand. In other words, we have a company with a B2B(Business-to-Business) business model that partners with another B2C(Business-to-Consumer). This synergy involves a combination of efforts in which the supplier (B2B) establishes a commercial alliance with its distributors, wholesalers or retailers (B2C), with the aim of reaching more end customers.<\/p>\n

    One example is financial services companies that offer their products through banks or insurance brokers.[\/vc_column_text][vc_empty_space height=”110px” css=”.vc_custom_1763656850999{margin-top: -100px !important;}” el_id=”cuatro”][vc_column_text css=”.vc_custom_1763656339223{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}” dp_animation=””]<\/p>\n

    Relationship between the GDPR and these business models<\/strong><\/span><\/h2>\n

    [\/vc_column_text][vc_column_text css=”” dp_animation=””]In any of the above business models, companies have to process personal data and therefore must comply with the provisions of the current regulations of the General Data Protection Regulation, in the applicable countries and cases.<\/p>\n

    Does this mean that a company cannot send e-mails and exchange communications with another company’s personnel?<\/p>\n

    In this case, the sending company must first verify that it can communicate with that person in accordance with the provisions of the GDPR. There are six legal bases for processing personal data: consent, contract, legal obligation, vital interests, public task and legitimate interest.<\/strong><\/p>\n

    Under legitimate interest, data must be used in a way that people reasonably expect, but also has a minimal impact on privacy (in the event that an individual’s rights are infringed, their rights will override legitimate interest). Thus, the company will need to ensure that they send emails to the right people with a message that may be of interest to them.<\/p>\n

    On the other hand, if the company that wants to send the communication has obtained verifiable consent<\/strong> through a registration form, for example, it can proceed without problems. As a data controller, it is important to collect the consent in a valid manner, and it must also be stored. Therefore, obtaining consent has to be done through any channel that allows you to have proof of receipt, email, call, and\/or WhatsApp, among others.<\/p>\n

    However, deciding which legal basis to apply can be complicated and, therefore, our recommendation to any data controller is to consult your organization’s Data Protection<\/strong> Officer.<\/p>\n

    Finally, if the e-mail address to which the information is forwarded is not linked to any individual (e.g. info@company.com), it may even fall outside the scope of “personal data”.<\/p>\n

    What else do we have to consider? In the event that legitimate interest is used as a basis for sending commercial communications, the user and\/or customer must be able to easily object.<\/p>\n

    If the basis is consent,<\/strong> then the person receiving the communication has the right to withdraw it at any time<\/strong>. And the company is obliged to stop the processing as soon as this occurs.<\/p>\n

    \"Data[\/vc_column_text][vc_empty_space height=”110px” css=”.vc_custom_1763656857087{margin-top: -100px !important;}” el_id=”cinco”][vc_column_text css=”.vc_custom_1763656485271{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}” dp_animation=””]<\/p>\n

    How can the above organizations comply with the GDPR?<\/strong><\/span><\/h2>\n

    [\/vc_column_text][vc_column_text css=”” dp_animation=””]There are some keys to ensure compliance with the GDPR<\/strong> and, therefore, avoid sanctions (in the case of Spain, by the Spanish Data Protection Agency, one of the most active in Europe). These recommendations are:<\/p>\n