There’s a four-letter word you’ve been hearing way too much of recently.
It’s not a naughty word.
Although it could be soon.
GDPR just might become the most upsetting four-letter word you could ever hear if your sales team is handling European data and you’re not properly prepared for the General Data Protection Regulation.
(GDPR doesn’t stand for Grief Despair Pain Regret - as much as you and your inbox might feel like it should).
If you’re not based in Europe, you might think GDPR is just an irrelevant inbox-punishing law change you don’t need to worry about.
But even if you are not a European company - if any of your prospects or customers are residents of the European Union, you need to understand your GDPR responsibilities.
Otherwise you risk a €20 million fine. Or a fine of 4 percent of your global turnover. Whichever is bigger.
Both are scary.
Scary enough for you to concentrate in ready this guide to understanding your GDPR responsibilities as a non-EU company.
Most sales and marketing pro’s outside the EU are confused about GDPR. That’s very understandable. The new regulations are wide-ranging and complex. Even some of the experts aren’t quite sure about the impact and fallout.
Here’s a quick GDPR summary in the simplest terms possible to bring you up to date:
That last 3 bullet points have serious implications for sales and marketing professionals.
If you want to contact a prospect, lead or potential customer residing in the European union - the game has changed.
One really important exception you need to understand before we get any further…
Know that GDPR will not prevent you from selling and marketing to your existing clients (at least until those clients opt out of hearing from you). Customers have agreed to do business with you by entering into a transaction with you.
You don’t need to change your marketing practices for existing customers.
Sorry for the shouting. Don’t be alarmed (too much).
Yes, GDPR affects your business. But you shouldn’t feel scared or frustrated.
Take GDPR as an opportunity for you and your team to develop more customer-friendly sales and marketing practices.
GDPR is designed to encourage helpfulness. This will also help focus your attention on the right prospects and filter better qualified leads into your pipeline. The businesses with the most customer-friendly experiences win.
Because GDPR requires prospects to opt in to almost every sales activity, you’ll only be able to to sell to European residents who are genuinely interested in your products or services. That may mean a smaller number of leads in your pipeline, but they will so much more qualified.
No worries - GDPR won’t directly affect you.
There is an asterisk, though.
Europe might just be the legislation guinea pig.
Other lawmakers around the world will be sweating on GDPR and they might just decide to follow the EU’s lead by passing their own similar data protection laws.
While the EU is in the grip of GDPR fever — you can get yourself ahead of the game and build a new GDPR-compliant sales and marketing process for all your customers.
One more thing to consider for non-European businesses: are you sure you don’t have any European clients or prospects?
You might find it hard to know with certainty.
The penalty for violating GDPR is stiff, so if you’re not sure about the location of even one prospect on your list - it is safest to assume that person is in Europe.
If you think you might have even one client or prospect in the E.U., you probably have some questions. Don’t panic. We’re going to explain what you need to know to keep on the right side of GDPR.
Below are the five points of GDPR most relevant to sales teams:
Before our experts answer some commonly-asked questions about GDPR, you should know two things about the law:
First, GDPR isn’t trying to restrict your right to do business. In fact, the law recognizes businesses’ need to promote goods and services as legitimate.
Second, GDPR isn’t banning you from contacting prospects. It’s just giving those prospects more control over their contact with you. You can still talk to prospects, you just have to get them to agree to be contacted.
Let’s get to it.
You’re not just dealing with names, vital statistics, or personal email addresses.
Under GDPR, “personal data” is broadly defined as any information that identifies an individual.
That includes social media accounts, work email addresses, photos - even online quiz results.
That’s a lot of info. If you collect any of it - you have to be prepared to defend your reasons for doing so, and explain how that information is stored.
There’s a simple remedy to the problems caused by collecting too much data:
Don’t collect all the data.
Just collect the data you absolutely need.
Your sales team will thank you for it; if they spend less time collecting data, they can spend more time doing what they do best: selling.
If you’ve got an account with any EU data at all, treat that account as a European.
GDPR doesn’t just cover EU citizens, it covers anyone who lives in the European union.
Better safe than sorry.
Under GDPR, you need permission to contact an individual. Unsolicited contact sounds a lot like cold calling, but this doesn’t mean you have to stop calling prospects altogether. You just need to take a slightly different approach to European prospects.
Article 6 of GDPR says organizations can legally use someone’s personal data for six reasons:
You’re probably not cold calling for your prospect’s health or the public good, but check out the bolded bullet points one and six.
If someone has explicitly consented to your calling them by proactively checking a box or filling out a form, go right ahead, you are clear to contact them.
Now take a look at that last bullet point. As long as you have “legitimate” business interests — you’re selling a product or service to a prospect who might benefit from them — you’re allowed to cold call, so long as your right to promote your product isn’t overridden by your prospect’s desire not to be contacted.
In order to claim that your direct marketing efforts are a legitimate business interest, you must do something called a “balance test,” which weighs your right to do business against the prospect’s right not to be called.
If you do use phone calls as part of your sales process, you’ll want to understand this issue in detail. We dedicated an entire article to helping you understand cold calling under GDPR. You can read a collection of expert advice from Pipedrive’s GDPR expert Martin Ojala about the topic.
What about my GDPR emailing responsibilities?
The restrictions around sales emails are similar to those around cold calling.
Both fall under “unsolicited contact” and both require sales teams to perform a balance test in order to know how to proceed with specific customers.
This may seem off-putting, because GDPR compliance is judged on a case-by-case basis, but it’s not as difficult as it sounds.
With the help of Ojala - our GDPR Expert, we detailed 7 of the most common sales scenarios so you could understand your specific GDPR email marketing responsibilities in each situation. You should read this guide thoroughly to understand how the balance test could work in practice for your specific sales emailing activities.
Yes - in a few ways.
Firstly, know that pre-ticked consent boxes are a thing of the past.
A prospect must actively consent to being contacted, so you must let customers check their own boxes.
Additionally, your web forms must be explicit about what clients are consenting to.
Under GDPR, you can’t count on someone opting in to a freebie — like a webinar — as consent to be put on your mailing list. You need specific permission for each specific sales or marketing activity. The freebie must be truly free; your prospects should be able to access it without giving away data, and you’ll need a separate consent box for the mailing list.
You may be wondering what the point of offering lead magnets is if you’re not getting leads.
But this change will help you strengthen your marketing and sales game. Those lead magnets are now there to provide value to potential customers, and you can use those freebies to prove your worth and convince prospects they want to be on your list to receive more helpful resources and marketing info.
When prospects are impressed enough with your product to proactively sign up to be contacted by you, those are some of the best-qualified leads you can have.
Over the last weeks and months, you should have been hearing about GDPR compliance from the companies behind the tools you’re using. Responsible vendors should be sending notices to their clients, and posting those notices to their sites, explaining exactly how they’re handling data processing on your behalf.
If they aren’t you’ll want to get in contact and ask them some questions:
Your CRM manages your client data on your behalf.
You should be able to trust your CRM partner to manage your customer data correctly under GDPR.
Expect new features that make it simple for you to comply with GDPR. You should be able to update your webforms, delete customer data, and offer secure transfer of data into and outside of Europe.
Are you sure your CRM has prepared you for GDPR?
Call them now and ask.
Here’s an example of what you should expect:
Make sure you confirm where your CRM houses your data. If they’re working with a European data center, you’re likely in good hands.
Pipedrive is based in Estonia. We have strong European roots and three European offices - so GDPR is a serious priority for us. Our data center is in Germany, a world leader in data security management, and we have a team dedicated to data-protection and security.
If your CRM is based in the US or another non-EU company, that’s fine. But if you’re still unsure about their preparedness for GDPR, it may be time to consider a new CRM.
Take the chance to make sure you have a best-in-class customer experience for you prospects.
Yes, the GDPR doesn’t force you to change your practices unless your handling EU data, but you should be proactive. First movers will get the rewards and similar legislation changes are bound to come to your region soon.
If you’ve already updated your sales and marketing practices, you’ll be well ahead of your competition and you’ll improve your lead qualification process while you’re at it.
Start or continue the conversation with like-minded sales and marketing professionals on our Community.Join our Community
How to calculate incremental sales and what it means for your business
Marketing is all about supporting and improving sales outcomes. By measuring incremental sales, marketing teams, sales managers and business owners can better understand the success of their promotional activity and direct future investment accordingly.
How to calculate sales volume variance and why it’s important
How can you calculate sales volume variance and what does it mean to your business? In this guide we explain what factors can impact sales volume variance and the formulae you need to measure it.
A Guide to Email Marketing Regulations: Consent and GDPR
If you’re an email marketer, you need to get verifiable consent from your email users. In the EU (or marketing to the EU), you need to follow GDPR. Read our guide to make sure you know the rules and regulations.