GDPR Compliance Guide for Sales (It Likely Affects You)
If you send emails outside of the U.S. of A., you’re going to want to pay attention to this post. I will explain everything you need to know about the upcoming laws being enforced in the E.U. (namely, the GDPR) and how to ensure your organization’s GDPR Compliance.
You say, “Well, I’m in ‘Merica. It won’t affect me.”
Yes it will. But we’ll get into that in a minute. Here’s what we’ll cover in this guide:
- What is GDPR in Both Legal and Layman’s Terms.
- Why It Matters to You (Whether You’re in the E.U. or Not).
- How to Prepare for the New Law.
- What Moves to Make in Your Email Outreach.
Let’s get into it.
What is GDPR? (Or, What is the General Data Protection Regulation?)
The General Data Protection Regulation (GDPR) puts a regulatory control and governmental guidance on how EU countries (and those outside the EU) handle personal information.
It’s been a 4-year work by the EU and will replace the Data Protection Act of 1998.
ssentially, it requires that companies have the highest level of privacy protection and gives people the right to decide what a company can do with their data.
Companies (mainly in the E.U., or those who have the data of E.U. citizens) need to implement the required processes. In many cases, companies will need to add staff to ensure that all user data that is handled remains protected.
The protections will include communications and processes that are concise and clear and done with the approval of the stakeholders.
In order to be GDPR compliant the user data needs to be encrypted, pseudonymized or anonymized.
- Encryption is the process of converting data into code to prevent unauthorized access.
- Pseudonymization is the process where different parts of the data are separated but can be put back together on an as needed basis.
- Anonymization is a complete removal of identifiable information such that it can never be traced back to the user. GDPR promotes and prefers pseudonymization of data to keep it secure.
Here is the best layman’s terms definition that I can muster.
All private data for each and every citizen in an E.U. Country is about to go on lockdown.
What does GDPR protect?
GDPR aims to protect all information of the user such as name, address, ID numbers, IP addresses, RFID tags, cookie data, location, health information, family history, racial or ethnic origin, biometrics and even sexual orientation and political opinions.
Does GDPR Compliance Affect Cold Email Outreach?
Yes, GDPR will affect all businesses who handle, collect or use any kind of user data and that includes use of personal information such as names and email addresses for outbound sales.
More specifically, it’s a yes if…
- You are an individual or an organization targeting the personal data of anyone in the EU (e.g. outbound marketing).
- Your company handles or stores personal information about EU states and their citizens. (This even means inbound sign ups.)
- You handle certain types of sensitive data or if it is currently subject to the Data Protection Act (DPA).
If that’s you (which is likely many of our readers) — pay attention.
Are you saying that I shouldn’t target the E.U. for cold email?
Probably not*. Unless your product is specifically tailored to E.U. Member States, it’s likely best to search elsewhere.**
* That’s an opinion and should NOT be taken as official legal advice.
** Seriously, not legal advice.
Here’s why I give my *opinion*.
- First, data is going to be harder to find. If you can find lists of contacts with a company in Europe — it’s highly likely it could have been attained… less than on the up and up.
- Secondly, it’s just harder. In the U.S., all you need is your address listed in the email and a way for recipients to opt-out of future correspondence. A walk in the proverbial park, by comparison.
- Lastly, it’s risky. Contacting people you don’t know (via email) in the E.U. will be looked down upon more and more. The number of violations possible with European cold outreach are staggering.
Make one mistake and it could cost you your job — or your company.
What is the Penalty for Violating GDPR Compliance?
Fines can be imposed for a number of reasons.
- If a required data protection protocol is not present.
- User data can be handled incorrectly.
- Or, if there is a security breach at the company holding an E.U. citizen’s personal data.
The fines could vary. Starting at 2 percent of the firm’s turnover or €10 million (whichever is more) for a small offense. All the way to 4 percent of the firm’s turnover or €20 million Euros (whichever is more) for more severe offenses!
It’s for these reasons that we here at LeadFuze are in the process of removing EU contact data, and focusing on the U.S. market. By finding quality leads in the States, our customers won’t run the risk of violating the new legislation.
Does GDPR affect Customer Contracts (e.g. Email Sign Ups/Inbound Marketing)?
Another big —Yeppo (yes). Customer contracts come in different forms such as online forms, sign-ups or even paper agreements. In all cases, the client lays out how they want the data accessed, viewed and processed.
This means inbound marketing needs to be careful, too.
All new contracts or sign ups need to be reviewed to understand how the data will be processed and stored so they meet the GDPR compliance standards.
7 Steps (even in America) to Ensure GDPR Compliance?
- Take time to read the law.
- Complete an audit of your data security process.
- Ensure that all third party companies you work with are in GDPR compliance.
- Use software tools that enhance privacy.
- Have a privacy policy in place (for collection, storage and transfer of email addresses).
- Communicate data privacy policy to staff.
- Educate all staff (especially customer reps, those in charge of CRM systems and even data entry personnel).
7 Things to Keep in Mind Before Sending Cold Emails
- The email marketing campaign must be sent to a targeted audience.
- Send customized emails only to carefully chosen people at selected companies.
- Make sure you are up to date on current Spam Laws in the U.S.A. (aka CAN-SPAM).
- The data obtained for the mailing list requires transparency and legal consideration.
- Know why all personal data is in your hands, ready for explanation.
- Keep track of your contact information, where it is coming from and how it has landed in your database.
- All cold emails sent must have an opt-out option from further correspondence.
It’s Not the End of the World
Sure, not being able to cold email 28 countries in the world isn’t awesome. But it’s definitely not the end of the whole world.
If your primary sales strategy is based upon inbound, you can still collect private data and be in GDPR compliance. But be careful. That data is now protected better than ever before. Now, if you do outreach… The E.U. may not be nearly as lucrative starting May 25th, 2018.
There are still millions of quality contacts in the U.S. and it’s very unlikely that you’ve contacted every one of them. So, get to prospecting.