Ensuring your cold emails are GDPR compliant
Chances are, unless you’ve already adapted to GDPR, you won’t be abiding by its guidelines. To simplify the process, here’s what you need to change to ensure your business is compliant.
Permission from your prospects
Before you begin sending marketing emails to your prospects, you need to gain their permission or you run the risk of being fined.
This marks the biggest change to the old cold emailing practice of sending out bulk emails to prospects in the hope a few may be interested.
Prospects need to opt in to receiving further communications with you once you have their email address. Automatically placing them onto a nurture sequence is a bad idea—you’ll need more sophisticated lists to determine which of the individuals you hold data on have agreed to further communications and which haven’t.
What’s more, if a prospect requests that their personal data be deleted from your system, you need to remove all traces of it immediately. You need to make it clear to your prospects how to opt in for further emails, and how they can have their information removed.
Transparency with your leads
The GDPR states that once you’ve collected personal information about someone, you must let them know within 30 days.
In fact, you need to ensure you inform your prospects about what data you’ve collected, why you’ve collected it, what you’re going to do with the data as well as how long you’ll be keeping it.
That’s a lot of information you need to make sure your prospects are aware of, but it’s important that you do to avoid fines.
Individualization and legitimate interest
Cold sales emails can only be safely sent if they are:
- Sent to individuals (i.e. not a group email)
- Able to prove that you have a legitimate interest in contacting them in the first place
The first point is simple enough, and the second point can be proven with a link to your company’s privacy statement—though you will have to make sure the information you’re collecting falls under legitimate interest.
Providing you can meet these guidelines, you shouldn’t face any fines for your cold emails.
The data you collect
It’s important that you start only collecting the data you actually need.
If it isn’t necessary to your sales process, then you may not be covered by legitimate interest. On top of that, the more data you collect, the more likely it is to be compromised, leaked, or accidentally used illegally.
For example, if you used to collect contacts’ birth dates to send customers a ‘happy birthday’ message but there are no age restrictions on your product or services, you probably don’t need this information any more.
By looking at your sales process and working out the information actually useful to developing leads, you can cut down on the data you need to handle and protect yourself from accidental misuse.
Good data practice
GDPR means that you need to consider the way in which you store and handle data.
Your database permissions should prevent anyone who doesn’t need your prospects’ data from being able to reach it. Remember, if personal data gets shared with anyone for a purpose other than what you’ve previously stated to the prospect, then you will need to inform them.
You should also make a habit of getting rid of data once it is no longer useful to you.