It’s been more than a year since the General Data Protection Regulation (GDPR) was put into effect by the European Union. The goal of the GDPR is to protect the privacy of EU citizens by regulating how personal data is handled, both within EU countries and outside of them. That’s why any organization doing business in Europe needs to be concerned about GDPR compliance, especially when it comes to sales.
Today’s marketing and sales programs run on personal data, so how you gather and use that data becomes vitally important if you want to be GDPR-compliant. Being compliant requires organizations to manage personal data using appropriate procedural and technical measures to protect an individual or “data subject’s” information. That includes determining how that information is acquired and ensuring you have informed consent when sharing it. This means you can only use that data for the purpose for which it was intended, and you can’t retain personal information longer than is necessary.
GDPR affects any organization that is selling goods or services in the EU. And noncompliance can be extremely costly. Fines for GDPR noncompliance are 79 times higher than under previous legislation, and can cost companies up to 4 percent of their global revenue, or 200 million euros, whichever is greater. That’s quite an incentive to ensure you conform to GDPR regulations.
Specifically, the GDPR rules require that:
- Companies obtain and process personal data fairly.
- Personal data can only be gathered for lawful purposes.
- Information can only be processed in ways that are compatible with the purposes for which it was acquired.
- Information must be safe and secure.
- Information must be accurate and up to date.
- Data gathered must be relevant and not excessive.
- Personal information can only be kept for as long as it is needed for the specified purpose.
- Any individual can receive a copy of their personal data upon request.
These new regulations have changed business practices for most American companies. For example, companies must use improved data capture forms with more transparency, rely on explicit consent rather than just opt-in, and delete prospect data rather than keeping IDs on file for future campaigns.
GDPR’s Impact on Sales Tactics
GDPR has made it necessary for marketing and (especially) sales to change tactics. Here are five tips for how to deal with personal data to ensure you are compliant with GDPR regulations:
- Be transparent in data access and use: One of the things built into the GDPR is the right to be forgotten. That means that marketers are building in mechanisms to increase data-gathering transparency and simplify a customer’s ability to opt out. If they choose to “unsubscribe,” they really mean it, which means you can’t use that same contact for future campaigns.
- Don’t store prospect data: We all know that sales reps hate to part with potentially profitable information, but if a lead opts out, then you must remove them from your database. What’s more complicated is the notion of gathering personal data for a specific purpose. In the case of sales, this usually translates to a specific campaign. If you keep contact data for other purposes, you are in violation of the GDPR.
- Be certain before sending an email pitch: Email opt-ins are no longer implicit. If someone contacts you for information about one product, that doesn’t give you carte blanche to contact them about everything you sell. Make sure that opt-ins are specific, and include permissions to receive follow-up emails and offers. This applies to both leads generated in-house, as well as third-party lead lists. If you use a list that hasn’t been properly vetted for GDPR compliance, then you are liable for any complaints.
- Be sure cold calls and emails are compliant: Of course, GDPR has a direct impact on cold calling, especially email outreach. GDPR doesn’t prohibit cold calling, but it will require more paperwork. For auditing purposes, make detailed notes about the call, including when you made it and how long it lasted. Also note whether that individual is willing to be contacted again. Rules for unsolicited emails are more restrictive. You need to be sure that the offer is properly targeted, and you can make the case that you have a legitimate reason for outreach that doesn’t impose on an individual’s right to privacy. Although regulations regarding unsolicited email are still ill-defined, there are some guidelines that can help keep you out of trouble:
- Be sure your email message is sent to a targeted audience.
- Send personalized, custom emails only to appropriate individuals within the company.
- Be sure to comply with U.S. anti-spam laws such as the CAN-SPAM Act.
- Be sure the personal information used for email campaigns is obtained with appropriate transparency and GDPR compliance.
- Be ready to explain why you have personal information in your possession.
- Keep track of where you acquired that personal information and how it was added to your database.
- Be sure to provide a clear opt-out option in all email correspondence.
- Outsource sales and avoid the risk: One simple way to ensure GDPR compliance is to outsource sales prospecting to an expert partner. As you can see, GDPR compliance can be tricky, especially because some of the regulations are poorly defined. By outsourcing lead generation and qualification, you are also outsourcing any risk of noncompliance. Sales-as-a-ServiceⓇ companies like MarketStar specialize in all aspects of B2B sales, including email prospecting and lead qualification. By using a sales partner that handles all initial lead development and outreach, you can rely on their expertise to be GDPR-compliant, and if there is a compliance problem, you will not be exposed.
As the global economy continues to evolve we will see more regulations like the GDPR, and companies will have to adapt. These regulations aren’t designed to prevent companies from marketing to prospects and customers, but they will mean that marketing and sales professionals will have to learn to use data more carefully. If you are concerned about the consequences of noncompliance, it makes sense to partner with a Sales-as-a-ServiceⓇ company that knows how to effectively sell by email and phone without breaking the rules.