Do you use your phone as a sales tool?
The word “data” in General Data Protection Regulation may lead you to think that GDPR applies only to sales teams who rely on email, social media, or other online sales tactics.
That’s not true.
If you use electricity to contact European prospects or collect their information, you’re not exempt.
That mobile phone of yours needs electricity - so you need to be aware of your GDPR responsibilities when making sales calls to European prospects and leads.
GDPR isn’t just about how you contact people. It’s about whether you have permission to do it.
When Will Your Cold Calling Practices Need to Change for the GDPR?
You need to be aware of GDPR compliance now - as the legislation comes into effect on May 25. GDPR aims to give Europeans more control over their data, including the right to know where a business got their data, the right to withdraw consent, and the right not to be contacted without consent.
That last point is the one that will affect cold callers, and the price of non-compliance is steep. Companies that violate GDPR will be fined €20 million Euros or 4 percent of global turnover, whichever is higher.
It’s a big risk for any sales organization to go blindly into GDPR, but the law can seem intimidating and vague. With that in mind, we’ve been writing simple, practical guides to help sales managers and their reps prepare for life after May 25.
(We’ve already dedicated an entire article to explaining the GDPR email marketing responsibilities that you and your sales team should read and understand.)
We’ve boiled the legislation down to five relevant points:
- Individuals have to agree to the collection of their personal data
- They must know how and when that data is collected
- People must be able to request copies of their data
- These individuals also must be able to ask for their data to be edited or deleted
- They must explicitly agree to be contacted by salespeople
Before you read any further, we want to make three important things very clear
- The GDPR actually reaffirms your right to use sales and marketing activities with existing customers. You can feel confident and comfortable continuing your current program. Customers have voluntarily entered into a transaction with you. There is a legitimate business interest to send this information (unless the contact opts out, of course), which means you are safe within the bounds of the GDPR.
- The GDPR does not mean cold calling is dead.
- It does mean that salespeople will have to change their approach to sales calls with European residents.
If you’re a sales manager or a salesperson who relies on cold calling, read on.
We don’t want to tell you to stop cold calling immediately.
We want to give you the information you need to stay on the right side of the law.
You Need to Change the Temperature of Your Prospecting Calls
Like cold email marketing, cold calling comes under the ‘unsolicited communications’ area of the legislation.
This means sales teams will have to ‘warm up’ some of their sales calls to develop more helpful, prospect-friendly practices.
Sales can work directly with marketing to qualify leads before the sales team makes contact. The marketing team can use lead generation programs to warm up prospects and gather the required permissions through web forms so that a salesperson can reach out on a call. Offering value in the form of a demo or expert consultation makes this permission easier to generate.
This will thin out your sales team’s pipeline. But don’t let that freak you out.
Sales teams are more successful when they are able to focus on a small number of quality leads, rather than trying to close deals with a lot of mediocre leads. Dumping colder leads prior to any sales contact helps you stop neglecting hot leads.
You can also contact existing customers to offer them products and services related to what they’ve bought from you in the past. You’re adding value. That’s a legitimate reason to call.
On those calls, you may also ask for permission to email a prospect, but when you do, you should then immediately follow up, sending a an email to the prospect documenting the nature of your call and what they agreed to.
Only Ask for a Phone Number if You Need Permission to Call
If you do use web forms to gather permissions, don’t request a phone number from a prospect unless you will need it. This will minimize your risk under GDPR.
You don’t want to collect superfluous data because you could be held accountable for it: what you’ve collected, how you store it, and who has access to it. The less you collect, the less risk to you.
Now is the time to ask yourself some questions about the data you’re collecting: do you really need to know the education level of a lead or what position your prospects hold at work?
Only collect data you have a reasonable need for, in case you later have to defend that need.
Aside from just GDPR compliance, there is a good business case for this — minimizing the data collection process for a salesperson makes their job easier, cutting down the time they spend on administrative tasks, and giving them more time to chase down quality leads.
And you must always give your European prospects the option of deleting or requesting their data under the GDPR (but this is good practice for all of your prospects).
When Can Salespeople Call a Prospect After May 25?
Let’s start by looking at some of the explicit rules about using data for cold calling.
Article 6 of the law says organizations can legally use someone’s personal data for six reasons:
- If someone has given you their explicit consent
- If you need to use their data to fulfill a contract with that person
- If you are legally obligated to use that data
- If you must use their data to protect that person (or another person’s) health or well-being
- If you must use their data to protect the public good
- If you are using data to pursue legitimate interests, except when your interests are overridden by the interests or fundamental rights and freedoms of the person you’re calling
Sales teams will want to pay most attention to the first and last bullet points; if someone has said it’s okay to contact them with information about products and services, you can contact them about the products and service they agreed to.
That’s pretty straightforward, so long as you’ve followed the rules about opting in (pre-ticked boxes and not saying no will no longer count as consent, for example.)
The last bullet point means that as long as you have “legitimate” business interests — you’re selling a product or service to an appropriate prospect — you’re allowed to cold call, so long as your right to promote your product isn’t overridden by your prospect’s desire not to be contacted. In fact, according to Pipedrive’s GDPR expert, Martin Ojala, Recital 47 of the GDPR explicitly says direct marketing can be considered a legitimate interest.
In order to claim that your direct marketing efforts are a legitimate business interest, you must do something called a “balance test,” which weighs your right to do business against the prospect’s right not to be called.
Ojala explains the considerations relating to cold calling:
“In this context, you should consider whether you have a valid reason to believe that the person is interested in what you’re selling. If they are interested, then they will likely not feel that their privacy is violated to a great extent and this means that your ‘legitimate interest’ will prevail.”
On the other hand, if you’re trying to push your product onto an elderly person, or someone who is mentally disabled, their right to not be distressed overrides your right to call them. Or if you’re just cold calling whatever numbers you happen to have, without knowing if the person on the other end of the line has any interested, you’re very much at risk of being reported as a nuisance.
The Big Question About Cold Calling
This brings us back to our central question: will you be able to cold call after May 25?
Are there any instances when a salesperson can call a prospect who is not a customer without their documented explicit consent?
For B2C operations, says Ojala, the answer is a firm no.
For B2B sales teams, the answer is a little more complicated...
“I would draw a parallel to the justification for being able to consider marketing to your own customers as a ‘legitimate interest’. The reason for this is that you have good reason to believe that the party is interested.”
Why might you have legitimate interest?
Companies often list contact information for certain personnel on their website for various business propositions. This gives you a good indication it’s okay to call the relevant person to have a sales conversation about something related.
It’s important to note that a person’s work address still counts as personal data, but being listed on a website or elsewhere for the purpose of being contacted for sales/marketing communications has some characteristics of consent. It often lacks others though, namely that of ‘specificity’ says Ojala. You still need to tread carefully in this regard.
What About Following Up With Someone You Met While Networking?
If a business card was given to salesperson at an in-person meeting, does that imply consent?
Ojala suggests this situation may pass the balance test.
While the exchange of a business card alone does not imply consent, the sales rep must use their judgment to determine the context of the interaction before taking on the responsibility of making the call.
If you feel sure the prospect would see potential value from the conversation based on your previous interaction, you have an implication of passing the balance test to contact them within your ‘legitimate interests’.
As with many things in GDPR, this type of situation must be judged on a case-by-case basis.
We cannot give you a hard and fast rule.
GDPR Compliance: It’s Complicated
It can be difficult for sales departments to ‘comply’ with GDPR.
There aren’t any concrete rules to shape a company’s cold-calling policies; no checklist of what you should and should not do to avoid running afoul of the legislation, and — because it’s so new — no existing best practices.
Sales managers will have to develop their own processes to manage the risk of GDPR violation.
Does that mean that cold-calling should be shelved as a sales tool?
Of course not — you just have to accept that any unsolicited contact with a prospect is a risk.
If a salesperson thinks a prospect will be interested in receiving their call, they might feel comfortable taking that risk. There aren’t GDPR police wandering around, checking to make sure no one is cold calling. No punishment will be levied against a business unless the recipient of an unwanted cold call reports it.
For sales reps using cold calling regularly - GDPR will be about balance. You have a right, under the law, to market your business. Sales teams that can effectively balance that right against their prospects’ rights and interests will be fine.
They will have considered whether the prospects they are calling are actually interested in their products and services, rather than blindly reaching out to everyone they can.
And that’s just good sales practice.
If there’s one piece of advice we can leave you with it’s this:
Take the chance to make sure your sales and marketing practices are helpful for your prospects, leads and customers.
That’s the intention of the legislation, and it should be the intention of any sales manager looking to build processes for fast, sustainable growth.
Qualify your leads before you call and you’ll maximize the efficiency of your sales team by focusing more time on the right prospects.