May 25 is GDPR go-time.
If you are still a little confused by why this intimidating 4-letter acronym should matter to anyone outside an IT department, let us outline the impact these new regulations will have on anyone sending sales or marketing emails.
Any organization that does business with European citizens is about to become subject to the GDPR.
For the few of you who are still uninitiated, GDPR stands for General Data Protection Regulation - a legislative package giving individuals in the European Union more control over their personal data. Thanks to the new laws, E.U. citizens will now be able to understand what personal data is being collected by businesses, meaning your European customers and prospects will have greater control over their data. Companies that don’t comply will incur fines; the penalty is €20 million Euros, or 4 percent of global turnover, whichever is higher.
The stakes are high.
The bottom line is email marketing activities are directly impacted by the GDPR. If you’re a sales or marketing pro and you send emails to prospects - this article could save you from losing that 4% of your turnover.
The GDPR hinges on how the notion of “legitimate interests” is interpreted by the courts.
We’ve tried to clarify the relevant points you need to understand in five lines:
- Individuals have to agree to the collection of their personal data
- They must know how and when that data is collected
- People must be able to request copies of their data
- These individuals also must be able to ask for their data to be deleted
- They must explicitly agree to be contacted by salespeople
The GDPR will have an impact on the day-to-day activities of any salesperson working with European data. Before AND after May 25 - you need to understand how that will work.
The first thing you need to understand should calm some of your sales team’s anxieties:
You can continue email marketing to your customers.
This passes the “legitimate interests” test.
But your prospecting and lead generation activity will be impacted and the potential implications for email marketing are significant.
When Can You Email a Prospect Under the GDPR?
The GDPR makes sales managers nervous because it’s hard to understand what the legislation means for daily sales and email marketing activities. It’s a fair concern.
GDPR email marketing violations will be assessed on a case-by-case basis, so your risk exposure depends on the context of your actions. This makes things more challenging. It’s very difficult to guarantee your organization’s compliance in general terms.
But that’s not the answer your boss wants to hear.
When you’re asked “Are we covered for the GDPR changes?”, we want to help you answer that question with confidence - not confused anxiety.
We’re going to explain how you can do everything in your power to make sure your email activities work within the bounds of the GDPR, by working through your GDPR responsibilities in a collection of the most common sales situations requiring direct email contact.
So we wanted to share the expertise of our Pipedrive GDPR expert, Martin Ojala, to give you that specific guidance on how to manage the following potentially sticky GDPR situations.
But, before we use Martin’s expertise to explain these specific sales situations, here are two general rules you should understand:
- If someone has said it’s okay to contact them with information about products and services - you can contact them about the products and service they agreed to. That’s pretty straightforward, so long as you’ve followed the rules about opting in.
- Pre-ticked boxes and ‘not saying no’ no longer count as consent. Simple.
#1. Opting in for a Webinar
If someone signs up for a webinar, or downloads an ebook, can you email them afterward?
More broadly: how do you handle subscriber opt-ins for downloadable lead generation content?
The short answer is that you need explicit consent.
Before we go into detail about leads - remember that it’s still okay to send marketing communications to customers in any form (including those in a trial relationship).
But in relation to prospects and leads, just watching a webinar doesn’t count as consent. Similarly, providing details before watching a webinar does not count as “contact details obtained in the course of a sale” because the webinar is not the product you’re selling.
It’s marketing. So you still need to get consent specifically for email marketing.
You need to get consent to market to European non-customers; for each type of marketing.
Webinar registrants are deemed to be only expecting your webinar communications. If you want to use the registered email address to send subsequent emails to nurture your lead or set up a sales call - you’ll need to get permission beforehand.
You can use the webinar registration form to ask for that explicit consent.
“You can collect other opt-ins at the moment people sign up to webinars using a separate checkbox. That indicates, for example, that we will collect this email address to send marketing communications after the webinar.” - Martin Ojala, Pipedrive’s GDPR sales expert.
#2. Collecting Information At An Event
If you hold an event and receive emails from attendees, can you add these to email communications afterward?
Ojala says yes, but there’s a caveat.
“When you gather attendee email addresses, you have to clearly explain and record what the emails will be used for.” he says.
For example, If the page says ‘enter your email if you’d like more insights and information about our product’ and your attendee enters their email address - this counts as consent.
There’s more: your attendees must also have the option to register and attend the event without the need to enter their email for this marketing information.
#3. Contacting A Customer Who Has Been Referred to You
As a salesperson, you get an email address from a friend, customer, or colleague as a potential referral. Can you reach out with an email to start a sales conversation?
This one is dicey because it depends on what the potential client was told by the person who did the referring (and that’s not something the salesperson can control).
“I’m not a fan of people giving out my contact details without my OK,” says Ojala. “It shouldn’t be that difficult to ask the person ‘Is it OK if I give your email address to the guys at this awesome CRM provider?’”
You must be confident the recipient of any cold referral email is complicit, or you are breaching the GDPR.
#4. Contacting a Newsletter Subscriber
Your organization offers a newsletter that subscribers have explicitly consented to receive.
Can you use that mailing list to contact subscribers and schedule sales demos?
That depends on your opt-in. If you’ve allowed your subscribers to opt-in to receive sales or promotional information, the answer is yes. If they’ve only consented to receive the newsletter, the answer is no.
The GDPR is about thinking your marketing through in advance to get the most from data. If you want to execute several activities with one data set - you have to ask in advance.
In this instance that would mean adding specific information to your opt-in about sales demos.
#5. Introducing Yourself to an Existing Customer
What about upselling and cross-selling under the GDPR?
If, for example, a customer signs up to purchase your product, can you reach out directly over email to introduce yourself and offer a related upsell?
This one probably passes the balance test.
“I think this one is OK,” says Ojala. “The fact that the customer already bought something from you would imply that contacting the person would fall under ‘legitimate interests’ for business continuity. Introducing yourself should not be perceived as a privacy threat.”
#6. Contacting Someone Who Signed up for a Prize Giveaway
If a prospect enters a competition or a prize giveaway, can you email the participant to discuss their needs and explore a sales opportunity?
That depends, says Ojala.
“If you make contact with the person to say that they are part of the prize draw, then you have reasonable cause for this email” he said. “But if you make contact with the person to promote an add-on sale that’s separate from the prize draw; this is a no-go.”
In other words, if your giveaway is just a hook intended to collect personal data, this is fishy.
You can add a checkbox asking for permission to contact the entrant via email with marketing information, but that checkbox has to be fully independent and disconnected from the prize giveaway.
If in doubt about your future email marketing activities, add an obviously separate and additional opt-in to your data capture.
#7. Contacting A Prospect Whose Trial Has Expired
Many sales teams work with free trials and freemium pricing structures. If a prospect has signed up for a free trial, can you email that prospect when their trial has expired?
Yes, if the salesperson contacts the prospect within a reasonable time frame after the trial ends.
In fact, this doesn’t count as cold-emailing, because when a prospect signs up for a trial - free or not - they become your customer.
The transaction indicates they are interested in your product, so making contact with them for business continuity is considered less of an intrusion. (Following up quickly with a prospect is also a great way to convert a trial into a paying customer.)
If you continue sending marketing emails to them right after the trial and they have a clear opportunity to opt out of every email (a simple unsubscribe link in the footer is good practice), then you can continue sending those emails until they opt out. You can keep email marketing to these prospects.
Getting back in touch quickly is best sales practice, but if you have neglected this for some reason, you are not obliged to delete this data immediately. Martin explains that you can hold the data of a past customer for a specified period even after the relationship has ended:
“When you sign up for a service, the service provider is allowed to keep this data for the length of your company’s normal data retention period. The fact that it is a free account doesn’t mean that it was not voluntarily.”
There’s a legitimate business interest in keeping customer information for a period after a trial expires or an account is closed. For example, Pipedrive keeps companies’ data for up to six months after they close their accounts, in case the company decides to come back to the service.
Of course, if a former customer requests the deletion of their data at any time, we are all responsible for deleting it ASAP to honor their “right to be forgotten.”
GDPR Simply Reinforces Good Sales Practices
Ultimately, the GDPR is intended to inspire more helpful marketing, transparent consent and responsible data management.
The GDPR may seem like a headache, but it’s designed to encourage selling with integrity.
It also benefits prospecting as it makes you focus on engaged hot leads as opposed to wasting time and effort on uninterested parties.
More rigorous opt-ins mean fewer leads in your pipeline, which may make sales managers panic. However, this helps you consistently hit your revenue targets in the long term as quality lead qualification drives your sales team to focus on those who are more likely to convert.
The most successful sales organizations add half as many deals to their pipelines and win twice as many.
Pipedrive CEO, Timo Rein is the chief exponent of this approach:
“Focus is essential for closing deals: I’ve seen that from my own experience. It sounds obvious, but doing less and focusing on the right things means you’ll do them better.”
Treat the GDPR as an opportunity to strengthen your competitive advantage rather viewing the changes as a bureaucratic burden.
The GDPR could be the trigger your team needs to become the most customer-friendly option in your market.
And better-qualified leads means more time to focus on closing!