The clock is ticking. The time has almost come. The 25th of May 2018 is the date when most businesses around the globe will need to start paying close attention to how they deal with user data. This is the date when the GDPR will become effective.
Some startups have already given up and decided it was easier (and cheaper) to shut down, rather than try to comply with this new regulation. But what is the GDPR?
The GDPR (General Data Protection Regulation) aim is to:
“harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy“.
Most of the businesses are prepping for these changes by getting squads of lawyers to understand what are the implications for the company and its employees.
Let’s start with the basics.
Is GDPR Relevant To My Organization?
The first important thing to understand is whether the GDPR has a direct impact on your business or not. This regulation is limited to Europe and not all businesses around the globe are dealing with the region. However, if your organization has any business contact with European users then it is safe to say this regulation is going to affect your company.
The GDPR is very strict and can be harmful to businesses of any size, from big corporations to startups. Fines can be either €20 million or 4% of the global annual turnover, whichever is greater. This is no joke. If you are in doubt, it’s better you get everything ready.
Key Points Of The GDPR
The GDPR is made of a complex set of rules. However, there are few key changes to keep in mind when trying to understand the implications of GDPR for your organization.
1. Increased Territorial Scope
The biggest change that this regulation brings to the table is that every company (regardless of their physical location) dealing with “personal data of data subjects residing in the Union” will be affected by it.
The GDPR puts a great pressure on making user consent its focus. Companies need to ask for consent in an “intelligible and easily accessible form“. No more long forms, no more complex legalese. Consent must be clear and the users must opt-in.
3. Breach Notification
Starting 25th of May 2018, breach notification will become mandatory. This means that whenever a data breach happens and it can “result in a risk for the rights and freedoms of individuals” communication to affected users must happen within 72 hours.
4. Right To Access
This is an important step towards data transparency. Any user has now the right to ask for confirmation about whether or not his or her data has been processed and for what reasons. On top of that, the business must provide this data in an “electronic format, free of charge“, if requested to do so.
5. Right To Be Forgotten
Users can now also request that their data gets erased from the database and stop being shared with 3rd parties at any time.
As a startup founder, you might be thinking that aligning IT and Marketing to these procedures will be enough. However, you might be facing (a not so pleasant) surprise if you keep thinking that way. Making sure every single department and activity in your company follow this new regulation will become crucial for your survival.
One of the teams that deal the most with user data is your sales team. Here below we take a look at the implications of the GDPR on sales teams.
Is Your Sales Team GDRP-Ready?
Most likely the answer is no.
Sales professionals might not be thinking that data privacy has something to do with sales activities. There are, however, few key questions you might want to start asking yourself to re-evaluate this conclusion:
- How is your sales team currently getting leads?
- Are you purchasing lead lists for your sales team?
- Is your marketing team using leads generated by your sales team for marketing campaigns?
- Is your sales team sending out cold emails?
If you have answered yes to any of these questions then your organization will need to consider how to comply with the GDPR.
How To Get Your Sales Team GDPR-Ready
Personal data is at the heart of sales prospecting. GDPR will have a direct impact on how sales teams think about personal data. This means name, emails, phone numbers and anything else that relate to individuals. Once all this data is collected, it then gets stored into CRM tools for both the sales and marketing teams.
By looking at the most common sales activities, it is possible to understand the DO’s and DON’Ts to get your sales team GDPR-ready.
Cold Calling & GDPR
Cold calling is the most common practice sales professionals go through on a daily basis. At this stage, the GDPR has nothing to control cold calling. It is important, however, to remember that consent plays an important role in this new regulation. This means that in case you want to add the prospect to your sales CRM or want to call them again, you will need to make sure to ask the prospect for their consent. Asking over the phone won’t be enough tough. The consent must be in writing. We suggest a short and clear cold call follow-up email where you repeat few important things:
- The purpose of the call
- What you agreed during the call
- Why you are following up via email
Your sales team will need to mention that this is a process to comply with the GDPR. On top of that, if your marketing team is planning to add that lead on to the email marketing list, there will be a need for further consent by the prospect. Remember, if a prospect asks to delete his or her data from the database, you will need to comply.
Action Item: Follow up via email to make sure your prospect is OK to receive new communications from your company.
Cold Email & GDPR
In case your sales reps are sending out personalized emails to specific prospects then you should not have issues. However, it is important you consider how those email addresses are collected.
Did you buy a list of email addresses? In this case, you should not use this data, as the users did not consent to receive emails from your business specifically.
Once again, it is extremely important to think about how your sales team collected those email addresses. It is crucial because email outreach needs to be personalized and relevant to that specific person.
The best way to proceed here is to make sure that your sales team include in their email a comment about why they think this email is relevant to the prospect and he or she would benefit from this communication. Your sales reps need also to keep asking for consent to the prospect to add their data to internal tools (meaning collecting name, email address and add them to the company CRM). Consent is crucial and it’s important to keep those replies into an accessible database for proof.
The GDPR translates into stopping a “spread & pray” approach and having more a “laser focus” approach.
Action Item: Your sales team will need to become more focused in their approach. As a manager or CEO, two things will be very important for pure cold emailing, “how” the email address was collected, and “why” that email was sent. Create an internal process to handle user data to comply with the GDPR.
Email Tracking & GDPR
We need to address also email tracking, a tool many sales reps use daily. The Article 29 Working Party has called out on this practice because the recipient has no idea he or she has been tracked.
The GDPR directly addresses “monitoring” users for the purpose of making a decision.
Website usage tracking is an example of user monitoring, a common practice among marketers to decide what’s relevant for users. However, monitoring per se refers also to tracking email openings. It is still unclear how this section of the regulation will be actually applied, but we go back to the main idea behind the GDPR, consent. Your sales team should be honest about tracking emails to avoid issues. However, being transparent will also limit the power of such tools.
Action Item: Although still unclear on how this will be applied and controlled, it is safe to start asking for consent, if your sales team wants to keep using email tracking tools.
Social Selling & GDPR
Social selling has gained more and more traction in recent years because if used correctly it is more relevant for prospects. Companies that implement social selling practices consistently are 40% more likely to hit their goals than organizations using traditional methods.
The good news here is that the GDPR doesn’t prevent your sales team to use social media to connect, approach and talk with potential prospects. Once the prospect accepts the invite to connect, he or she has given consent.
If the conversation moves out of social media, it is a good practice to request their consent again. This is an extra step that will just make your sales team (and your company) complaint with the GDPR. Remember, however, that having a new connection on LinkedIn doesn’t mean you can add their email address for mass marketing email.
Action Item: Make use of social media platforms more often to get in contact with prospects. Social selling is still on the “safe” side and if used correctly can give better results than traditional methods.
Networking & GDPR
Business events, conferences, and meetups are great occasions to meet potential new clients. The GDPR has nothing against your sales team meeting other people (obviously). However, your organization will need to start paying attention to how the marketing team will use that data.
Sales reps will still be able to use those business cards for follow-up emails and cold calls, they just need to make sure to follow the above-mentioned tips. However, what companies will need to stop doing is to get that data into the marketing database for email marketing without users’ permission.
Action Item: Get consent from users to be part of your marketing database and make sure they have opted-in to receive those emails.
Referrals & GDPR
Referrals are another great “warm” way to get introduced to potential customers. Considering this practice is very common in some industries, it is good news to know that the GDPR has nothing against it.
The best (and safest) way is to ask the client/person who is willing to do the introduction to do so via email, in a clear and simple way. By doing so, your team will have a recorded communication to prove how the contact was received.
Action Item: Ask for a formal introduction by the contacts who are willing to give a referral.
Final Thoughts on GDPR & Sales
The GDPR will have an enormous impact on how your sales team and your company deal with prospects. Some might think these changes will have an overall negative impact on businesses. However, I don’t think so.
First of all, the GDPR gives more rights to users and how businesses can track and use their data. Who among us is not somewhat fed up with the number of non-personalised marketing emails we receive daily? Don’t you wonder sometimes how your data ended up in someone’s database?
On the other hand, the GDPR will also benefit organizations that put great attention to sales and marketing processes. Sales professionals who follow the right procedures and leverage their networks, combined with companies who have strong processes in place will keep being profitable also under the GDPR. The focus moving forward will be on building strong relationships with prospects and stop treating them just like numbers.
Your sales team funnel will be without any doubts slimmer, but it will have only relevant prospects. The GDPR ultimate aim is to protect users data, however, by applying the regulation in the right way, your sales team and company should end up focusing mainly on qualified prospects.
How is your current company dealing with the upcoming GDPR? Have you implemented specific processes within your sales team to comply with the new regulation? Share your thoughts in the comment section below.
DISCLAIMER: This is a blog post and should be considered as such. This is not a legal advice but rather a source of information to get your sales team and company started.
Thanks for sharing this! Really useful insights into this new regulation.