For this article, we want to zoom in our focus on one of the most challenging aspects of the GDPR changes for any sales or marketing pro: the ramifications on email tracking.
Pipedrive’s GDPR expert and Data Protection Specialist, Juan Martin Sanchez has read through the details of the legislation to enable us to provide you with a guide to understanding your GDPR email-tracking responsibilities.
If you’re a sales or marketing professional, you need to ensure the emails you send to contacts who may be EU residents are GDPR compliant.
GDPR gives your EU-based leads and customers more control over the personal data you hold on them. Under GDPR, people have a better knowledge of what data is being collected and how their personal data is being stored.
Any information that could be used to personally identify your EU leads falls under GDPR protection, such as names, contact numbers, addresses, email addresses, IP addresses, mobile device IDs and so on. It’s your company’s duty to protect that information, or you may face fines.
But keeping your leads’ data secure is only one part of GDPR; a large change GDPR has made to the sales and marketing landscape is the way in which cold emailing and email tracking are performed.
Now, sales and marketing professionals who are emailing EU citizens need to provide the following:
- The specific reason the prospect is being contacted
- The right to opt-out of being contacted, and have their data edited or deleted
- The right to know who is tracking the emails sent to them
- The option to request a copy of their data
- Knowledge of where their personal information was gathered in the first place
- Knowledge of what information you’ll be storing if they choose to opt in to further communications
This can mean big changes to the way your teams send cold emails.
If you know your business deals exclusively with non-EU citizens then you don’t have to comply with GDPR, but it can be incredibly hard to tell whether or not this is the case prior to any communication with your prospects, as EU citizens don’t have to be in the EU for the rules to be in effect. You also need to take into consideration that most countries and regions have their own data protection legislation.
Unless you know for sure, we recommend you start adhering to the GDPR guidelines, and not just to avoid a fine: GDPR actually provides a great opportunity to improve your sales process.
The combination of rules could actually boost your organization’s chance of winning deals instead of hindering your ability to sell. Think of it as an opportunity to make your cold email process smarter and more honed than ever before.
To help you understand your general GDPR email marketing responsibilities, we’ve developed a guide to handling seven common sales scenarios that you can share with your team.
Ensuring your cold emails are GDPR compliant
Chances are, unless you’ve already adapted to GDPR, you won’t be abiding by its guidelines. To simplify the process, here’s what you need to change to ensure your business is compliant.
Permission from your prospects
Before you begin sending marketing emails to your prospects, you need to gain their permission or you run the risk of being fined.
This marks the biggest change to the old cold emailing practice of sending out bulk emails to prospects in the hope a few may be interested.
Prospects need to opt in to receiving further communications with you once you have their email address. Automatically placing them onto a nurture sequence is a bad idea—you’ll need more sophisticated lists to determine which of the individuals you hold data on have agreed to further communications and which haven’t.
What’s more, if a prospect requests that their personal data be deleted from your system, you need to remove all traces of it immediately. You need to make it clear to your prospects how to opt in for further emails, and how they can have their information removed.
Transparency with your leads
The GDPR states that once you’ve collected personal information about someone, you must let them know within 30 days.
In fact, you need to ensure you inform your prospects about what data you’ve collected, why you’ve collected it, what you’re going to do with the data as well as how long you’ll be keeping it.
That’s a lot of information you need to make sure your prospects are aware of, but it’s important that you do to avoid fines.
Individualization and legitimate interest
Cold sales emails can only be safely sent if they are:
- Sent to individuals (i.e. not a group email)
- Able to prove that you have a legitimate interest in contacting them in the first place
The first point is simple enough, and the second point can be proven with a link to your company’s privacy statement—though you will have to make sure the information you’re collecting falls under legitimate interest.
Providing you can meet these guidelines, you shouldn’t face any fines for your cold emails.
The data you collect
It’s important that you start only collecting the data you actually need.
If it isn’t necessary to your sales process, then you may not be covered by legitimate interest. On top of that, the more data you collect, the more likely it is to be compromised, leaked, or accidentally used illegally.
For example, if you used to collect contacts’ birth dates to send customers a ‘happy birthday’ message but there are no age restrictions on your product or services, you probably don’t need this information any more.
By looking at your sales process and working out the information actually useful to developing leads, you can cut down on the data you need to handle and protect yourself from accidental misuse.
Good data practice
GDPR means that you need to consider the way in which you store and handle data.
Your database permissions should prevent anyone who doesn’t need your prospects’ data from being able to reach it. Remember, if personal data gets shared with anyone for a purpose other than what you’ve previously stated to the prospect, then you will need to inform them.
You should also make a habit of getting rid of data once it is no longer useful to you.
Leveraging GDPR changes to your advantage
While the GDPR laws can seem restrictive, by embracing the new control they give to your prospects, your organization can create effective new techniques to generate leads.
GDPR as lead qualification
With the focus shifted so cold sales and marketing emails now require your contact’s permission to be sent, you’re going to be spending a lot more time drafting personalized emails to your prospects to provide them with information about where you got their information and why you have a legitimate interest in sending them information on your products.
By making sure you can provide as compelling a reason as possible for your prospects to opt in to more email marketing, you’ll be able to add them to your pipeline and keep them engaged.
Your reps probably won’t have the time to send out personalized emails to every new prospect, as they might have when emailing marketing in bulk. It’s a process that involves knowing who your lead is and which problems they may have that your product can solve.
The key is to determine who is actually worth contacting.
Only gather information on the hot prospects you think would really benefit from your service and target them with a personalized message about why they should be interested in your product.
With powerful CRM software, you can speed up the process with helpful automations like email templates designed to save your team time but still retain the human touch of a personalized email. If you integrate your CRM with an email marketing tool, your email automation and data management become even easier.
You want to give them every reason to opt in to further marketing, while minimizing the time your reps spend cold emailing.
Building a relationship
By proving that you understand the issues and challenges your prospect might be facing, and by personalizing your email with your reason for reaching out to them, you can lay the foundations for a strong relationship.
You’ll assure your prospects that you’re paying attention to them specifically, which can translate to open rates increasing by as much as 83%.
You need to comply with GDPR, but the benefits mean you can increase the quality of your lead generation while simultaneously building trusting relationships between you and your new leads.
How GDPR affects email tracking
One of the most useful tools for lead qualification is email tracking, but like your prospects’ personal data, under GDPR you need explicit permission to track any EU resident’s emails, whether they’re prospects or customers.
Without your recipients opting in to email tracking, GDPR legislation states you can’t use email tracking to tell:
- If an email you sent was opened or read
- When that email was opened
- How many times it was opened
- If it was transferred to others
- To which email server it was sent, including its location
- What kind of web navigator and operating system the recipient of the email uses.
How to make email tracking GDPR compliant
Make sure you’ve created a system that allows leads to explicitly opt in to email tracking and make sure that when an email goes out, only leads who have consented to tracking are being tracked.
You’ll also need to make sure that the leads who have opted in to tracking can easily opt out at any time.
Pipedrive users can refer to this dedicated support article about an email tracking setup. If you have any doubts at all about the possibility of a contact in your system residing in the EU, we recommend you don’t implement email tracking.
While your organization may decide to stop using email trackers, an individual employee may unwittingly be using a tool with an email tracker to monitor clients. Now is a good time for an audit and employee education to ensure your whole business is GDPR compliant.
Remember, if anyone associated with your sales organization is using an email tracker on your behalf without an opt-in, your business is liable.
Making sure your sales CRM is ready for GDPR email tracking rules
Your CRM is the processor for the information you’ve stored about your clients and lead. If it’s tracking emails on your behalf you need to know.
Pipedrive has been preparing for GDPR for years—with our European customer data located in a warehouse in Frankfurt, Germany, we provide our users with the best possible protection for their data.
Your CRM provider should give a clear and explicit explanation of how your sales CRM is making GDPR compliance as easy as possible for you and your sales team. If after contacting them you’re still not sure if they’re GDPR-ready, it might be time to consider a new, compliant CRM.
Adapting your future practices to GDPR
Bringing all your marketing and sales practices in line with GDPR will future-proof and safeguard your business.
It’s very difficult to abide by one set of cold emailing and tracking rules for one list of contacts in one region and one for another. By making your entire emailing strategy GDPR compliant, you can both reduce your liability risk and improve your chance of developing hot new leads.
Plus, if similar legislation is passed in other regions you’ll be better prepared to respond.
Companies have long talked about putting the customer first, and by using GDPR as the trigger to adapt and personalize your sales process, you can create a truly best-in-class experience for your customers and prospects.