Disclaimer: We want to point out that this blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides you with insightful background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you should consult with an attorney if you’d like advice on your interpretation of this information or its accuracy. This is only giving you background information.
As you might already know, the GDPR (General Data Protection Regulation) is a new regulation that will streamline and toughen organisations’ obligations when dealing with the personal data of citizens from the European Union (EU). These regulation counts for any company incorporated and operating outside the European Union, you need to comply with them having just one customer/lead from Europe in your database.
This new legal framework will have profound implications in how marketers and sales manage their relationship with prospects and customers.
It will come into effect on May 25, 2018, and penalties for violations will be significant, up to 20 Million Euro or 4% of global revenue whichever is higher.
In this article, you’ll learn how to use Salestools current set of GDPR-friendly features.
Salestools can’t help companies be fully compliant — you should seek legal advice if needed — but we focus on making everything we do compliant to ensure your protection as a customer.
Marketing: Forms and European leads
Under GDPR, you cannot just send a European resident a marketing email unless they opted-in and you provided a double opt-in which now is a requirement. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.” So in plain words, a tickbox saying you agree to receive communication upon a signup is no longer enough. You need to state what happens and the lead/customer actually need to double-opt-in. You can still send the customer an email asking them what interest they have, but not blast out regular marketing emails unless they did double-opt-in.
Sales: Cold Emails
As you want to build outbound campaigns, you want to scale sales and you might get confused about the comprehensive rules set under GDRP. You can still contact cold leads, but you cannot email their private email that is a huge no-go. So when emailing a persons business email it is important to start the email pointing out why are you contacting them? That they have intent/potential interest is also important, so if you start to email prospects that ideally have no interest based on their persona you would break the rules. Your legitimate interests are always weighed against the data subject’s right to privacy. If you can’t make it clear why this particular person might want to hear from you, you will likely fail this test. Also, it is important to offer an opt-out and write at the bottom of the email you intent to follow up if they don’t reply to you.
Sales: Cold Calling
The GDPR does not currently prohibit you from making calls to potential customers but for accountability purposes, you should note down when you made the call and how long the call lasted. This can be tracked in most CRM systems and it is important to be able to prove your calls if there are any potential issue and violation done by the organisation in the future.
Huge NO-NO for marketing
Today many companies they enroll prospects into a marketing email list, this is not only frustrating and irritating for the prospect but it is also a huge violation to do so without double-opt-in consent from the prospect under GDPR. If you choose to do so you would be violating GDPR and risk fines in the up to 20 Million Euro or more depending on your revenue.
Overall if you follow the rules and don’t spam people with emails but engage in an account based strategy you are more than likely to remain compliant. It is important to target companies that could become customers that potentially have intent to buy and then target people that have legitimate interest in your email/call. If you follow that practice you are fine doing outbound under GDPR in accordance to the set rules.