Jory MacKay
Jory MacKay
June 13, 2018

How GDPR Changes Outbound Sales: 10 Key Insights for Staying Compliant

Opérations de vente
Opérations de vente
How GDPR Changes Outbound Sales: 10 Key Insights for Staying Compliant

If your sales process relies heavily on cold emailing or calling prospects, the new European General Data Protection Regulation (GDPR) isn’t great news.

With the integration of modern outbound sales tools, adapting to the GDPR becomes crucial to maintaining effective sales strategies.

At its most basic, the GDPR changes the way outbound sales teams can collect and use personal data such as email addresses, names, and other information about prospects.

So, whether you buy lists of leads to fill out your pipeline, scrape prospects from LinkedIn, or automatically add new inbound contacts to your sales funnel, the sales strategies you’ve used in the past to turn strangers into customers are going to have to change dramatically.

There are a lot of questions about how GDPR is going to affect sales teams. And the stakes are high if you get it wrong. We spoke to GDPR experts Ken Baylor and Chas Ballew to help answer the ten biggest questions sales teams have about how to stay compliant while prospecting in this era of stricter data privacy regulations.

Disclaimer: The content in this blog post (including all responses to comments) is not to be considered legal advice and should be used for information purposes only.

1. What’s Covered Under the GDPR, and Do I Need to Care About it if I’m Outside of Europe?

At its essence, GDPR gives EU citizens more control and transparency over who can store and use their data. It also means that a company using personal data to build lists and contact sales leads has new responsibilities regarding how it collects and processes that data.

Under GDPR, personal data includes:

  • Names
  • Phone numbers
  • Email addresses
  • IP addresses
  • Mobile device IDs
  • And even encrypted data

If the information you have can be used to identify a person in any way, it’s covered under GDPR.

For sales teams, personal data is the lifeblood of outbound sales. To move a lead through your sales pipeline, you need to contact them and pitch. But under GDPR, you can no longer use personal data (like email addresses or phone numbers) unless that person has consented to be contacted by you.

This means no more sending cold prospecting emails, quick catch-ups, or product demos without the recipient opting in to receive your messages.

Before you freak out, there are a few details to review.

First, the GDPR only covers your sales prospecting towards EU citizens. You only need to be concerned with following GDPR guidelines if your business either:

  1. Has any established presence in the EU (either an Office, PO box, or employees)
  2. Is offering services or products to EU citizens or using their data in some other way (such as monitoring or profiling them)

Second, you may still be able to contact prospects if you have “legitimate interests.” This is a bit of a grey area. But one that Ken says many cold calling companies will rely on under GDPR. As he explains:

“If your companies ‘legitimate interests’ aren’t overridden by the individual’s ‘fundamental rights and freedoms’ then you may be able to use the contact data.”

Ken calls this a "balancing test" where, should a prospect send a complaint about your outreach, you may be able to argue that the communication was still legal. However, you’ll want to document your legitimate interest, make it clear in the communication, and offer an easy opt-out.

Lastly, we won’t know the final effects until the ePrivacy Directive is finalized next year. The GDPR is only a starting point for new regulations around personal data. We won’t know the final impact it will have on outbound sales and marketing until another regulation—the ePrivacy Directive—is finalized. In other words, there’s still more change ahead.

2. What is Consent, and How Do I Get it From My Prospects?

Under GDPR, the only way your sales team can do any outbound sales is if you have consent from your prospects to contact them. More specifically, the GDPR says that consent must be:

  1. Freely given
  2. Specific and transparent about what it will be used for
  3. Able to withdraw it at any time

Consent is key to interacting with your sales leads under GDPR. Let’s break down each of these factors to ensure you’re collecting it properly.

To show that consent was “freely given,” your lead has to explicitly click an opt-in to receive communications from you (i.e., your opt-ins can’t be selected by default). It also means that consent to receive sales emails or calls isn’t required to use your services.

When a prospect gives you consent, you must be open and transparent about what you’re using that consent for. For example, if a prospect gives you their email to send them an eBook, you can’t use that as consent to send them sales emails or unrelated content.

Finally, your prospects must be able to withdraw consent at any time. This could mean an unsubscribe link in emails or some other way of contacting you to get off your list.

Because consent is such an essential part of being GDPR compliant, you should always record when and how it was given. If a prospect emails you and asks why you have their information, you need to be able to say: “Here’s where we got your data. Here’s the link to our privacy notice. And here’s the unsubscribe link.”

As Chas explained, if there’s a guiding principle to consent, it’s to avoid surprises.

“Don’t make people surprised to see your name pop up in their inbox. You might have to remind them who you are and why they wanted to hear from you, but it can’t be a total surprise.”

3. Do I Only Need Consent if I’m Sending Bulk Emails? What About Individual Outreach?

Let’s keep this one simple: Under GDPR, there is no legal difference between bulk emailing and one-to-one emailing when it comes to cold outreach. That means even your “just reaching out” emails need prior consent in order to be legal.

If you’re unsure if you have consent from a prospect to contact them, you probably don’t.

4. How Can I Build My Outbound Sales Funnel Under GDPR? Can I Still Buy Lists of Leads?

At this point, it might seem like building an outbound sales funnel is impossible under GDPR. But while some of your tactics and strategies will have to change, there are still ways to grow your list of leads:

  1. Double down on content marketing and inbound sales: Both our GDPR experts agreed that inbound marketing and sales will become more important moving forward. You should also ensure your forms are set up to gather personal data and get consent properly.
  2. Buy relevant lists that have documented consent: You can still buy lists of leads under GDPR. However, to use those lists, they must come with attached metadata explaining how and when each person gave consent. The list is okay to use as long as you can prove they consented to receive your emails.
  3. Advertise on sites relevant to your ideal customer: Advertising and generating inbound sales leads are still legal under GDPR. Again, you’ll need to gather and track consent whenever you receive a new lead.

5. How Will GDPR Affect Cold Calling?

Cold calling isn’t as restricted under GDPR as cold emails. That’s great news for all those sales teams already seeing success with cold calling. And if cold calling is not yet part of your sales process, you might want to consider it now.

However, you must still identify yourself and tell your prospect who you work for, why you’re calling, and how you got their information.

You also need to ensure that you’re only calling companies that have either consented to receive your calls or aren’t registered on a no-call list.

Unfortunately, there’s no EU-wide no-call list you can check. Instead, you’ll have to look on a nation-by-nation basis. For example, businesses and individuals in the UK can register using either the Telephone Preference Service (TPS) or the Corporate TPS (CTPS).

While cold calls aren’t as heavily scrutinized under GDPR, this will most likely change when the ePrivacy Regulation becomes finalized next year. Under the proposed Regulation, unless direct consent is given, unsolicited direct marketing by any means—including email, SMS, or automated calling machines—will be prohibited.

6. What is the Difference Between the GDPR and the ePrivacy Regulation?

We’ve mentioned the ePrivacy Regulation a few times already, but it’s worth taking a closer look at what it is and how it will affect sales teams.

As Chas explains, the GDPR is a “general” regulation. So, while it covers all of the EU, it’s only a baseline for data protection regulations. This means that if there’s a more specific regulation or set of data protection rules for an industry, those take precedence over the GDPR.

For example, law enforcement agencies have their own regulations regarding the use of personal data, so they would follow those rather than the GDPR.

The ePrivacy Regulation will be the more specific set of rules for electronic communication by sales and marketing teams. It covers everything from email to SMS, phone calls, messenger services like WhatsApp, Facebook Messenger, LinkedIn, and Skype, as well as cookies and other forms of digital tracking.

Unfortunately, the Regulation is still being finalized, so there are no firm answers about what it will entail. However, if you want to better understand how it might impact your sales team, here’s a link to the current working proposal.

7. Can I Send Sales Emails to Someone I Met at a Conference or Meet Up?

If you use in-person events like conferences and meetups to build your sales pipeline, you need to make only a few minor changes to stay GDPR compliant.

First, you still need to get consent from your leads to receive sales emails or calls from you and be able to show that consent. This could be as easy as using your CRM like Close to write a short customer note, such as:

“I met Jim at X tradeshow, and he asked me to follow up with him about our product/service.”

Alternatively, you can include your reason for reaching out to them in your email:

“Hey Jim! We met at the X conference last week and you asked me to follow up with more information about how my company can help you out with X, Y, and Z.”

This also applies if you’ve gotten a referral from a current customer. Ideally, you would have your current customer send an introductory email explaining why they’re putting you in touch. Otherwise, you need to explain how you got their information and why they would want to talk to you.

Ken explains that a best practice in any of these situations is to send one tailored and targeted email rather than add a new contact to a sales automation.

8. How Will GDPR Affect Inbound Leads from Content or Webinars?

It’s probably clear by now that inbound sales and marketing will take a front seat under GDPR. It’s much easier to get consent when a prospect comes to you. However, you still need to get the right kind of consent. When someone gives you their information, you need to make sure of a couple of things:

You can only collect the personal data you need to do what you’re saying you’re doing. That means if you don’t need a prospect’s home address, phone number, and credit card number to sign up for a free trial, you can’t ask for it.

You need to be transparent about their consent and who will get their information. Your opt-in form needs to say exactly what you’re going to be using their personal information for and be unchecked by default (to show their consent was “freely given”). Double opt-ins are always recommended to make sure you’re getting consent properly.

And what if you use partnerships like webinars or co-branded courses to share leads?

This is still legal, but you’ll have to ensure your opt-in explicitly states that you’ll share their information with third parties. As always, you’ll need to give them an easy way to opt out of future communication.

9. Can I Still Use Services Like Clearbit and FullContact to Enrich Data About Prospects?

Many outbound sales teams use services like Clearbit and FullContact to learn more about their prospects and visitors. While these services aren’t prohibited under GDPR, staying compliant with them will come down to the details.

As Ken explains, if you’re using personal data from one of these services, you need to know:

  • What personal data has the individual consented to have collected?
  • What fields are being transferred?
  • How exactly does the data flow?

The easiest way to determine this is to review your provider’s GDPR position statement or privacy policy.

Under GDPR, EU customers have the right to ask for all the information you have on them and where you sourced it from. So, if you don’t know where a service is getting its data from, you will have issues answering your prospects' questions.

10. What are the Risks of not Following the GDPR When Cold Emailing or Calling?

So what happens if you don’t follow these rules? Well, that’s where the GDPR gets a little scary.

Each country in the EU has its own regulatory body that will enforce the GDPR (such as the ICO in the UK or CNIL in France). If you’re found guilty of violating the regulations, they have the right to:

  1. Fine you up to 4% of your worldwide annual revenue from the past financial year
  2. Shut your business down until you can prove you’re compliant

Data subjects also have the right to sue you for misusing or mishandling their data. If you run into someone who knows their rights and doesn’t want to receive your sales emails or calls, you might be in a situation where they file a complaint.

To give yourself the best chance of avoiding these issues, it’s important to get organized as soon as possible. Inventory all the ways you’re using data in the EU and be clear about what you’re doing with that data and how you’ll justify it legally when people ask.

As Chas says, if you react to GDPR instead of being proactive about compliance, the consequences could potentially be company-ending.

GDPR Might Sound Like a Burden for Your Sales Team. But There are Some Benefits.

GDPR is bringing some major changes to the way outbound sales teams work. But it’s not all bad news. As Ken explains, the spirit of GDPR is to make sure that you’re only reaching the right customers at the right time:

“Instead of dealing with 98% of people who want nothing to do with them, sales teams will only deal with people who are more interested in what they’re selling.”

“Plus, many potential customers fear contacting companies as they believe they will be bombarded for years by low-quality pitches and have their data resold to other companies. With GDPR, these fears will abate, and prospects will be more likely to engage companies to purchase their products.”

Don’t think of GDPR as something meant to kill your outbound sales process. Instead, it’s a shift in how you think about your ideal customer and how to get in touch with them. Do that right, and the only difference under GDPR is that you’ll have a small list of qualified leads rather than a massive list of people who don’t want to hear from you.

Table des matières
Chargement
Share this article
XLinkedIn
Copy link
Jory MacKay
Article written by
Jory MacKay
Award-winning writer, editor, and journalist. He's helped brands build audiences of millions of readers, create content and educational products that generate hundreds of thousands in revenue.
FacebookXLinkedIn

More articles from The Close Blog

The Coaching Sales Process: How to Automate Workflows & Close More Deals
October 18, 2024
The Founder’s Dilemma: Scaling Operations Beyond Solopreneurship
September 10, 2024
The Ideal Client Profile: How Coaching Businesses Attract Their Most Successful Clients + How You Can Too
August 27, 2024
How to Write a Business Proposal
May 20, 2024
Solid Startup Marketing Strategies for Growth-Hungry Startups
May 13, 2024
How to Build a Sales Cadence: Examples, Best Practices, & Top Tools
May 5, 2021

Discover our latest free sales tools powered by AI

Try them free

Learn from the sales pros with our free sales guides

Start learning