July 13, 2021
🚨 Are you breaking the law? 🚨
Your answer to this is likely “Of course not, I’m a professional salesperson!”
However, you and your team may be doing so without even knowing it. 😱
How can you avoid this pitfall?
Our blog will show you how your team can stay on the right side of the law, with B2B sales data that’s compliant in all aspects.
Scroll 👇 for more or use the menu to jump to a section.
In May 2018, The General Data Protection Regulation (GDPR) came into effect across the whole of the EU and the EEA.
Its aim is to give citizens more control over their personal data.
It does this by setting out ways in which companies must process and protect the data they hold about their customers.
“The GDPR automatically applies where a company processes the data subject’s data who is an EEA resident.” - Aksa Kalam, Cognism’s Head of Legal
The GDPR allows companies to carry out sales and marketing practices if they can prove a lawful basis to do so.
The most commonly used, and arguably most flexible lawful basis B2B companies use for processing personal data, is legitimate interest.
If your company is asked to provide a service such as cold outreach, you must ensure that you serve the appropriate notices, records, assessment documentation, privacy policies, DPIA and legitimate interest assessments.
It’s incredibly important to note that under the GDPR, the processor of the information and the controller of the information can be different entities.
In the case of B2B sales, the controller is usually the sales rep.
Right, now you’re probably thinking “How does the GDPR apply to various sales outreach practices?”
Just keep scrolling to find out 👇
Believe it or not, cold calling isn’t directly affected by the GDPR.
BUT - the GDPR does govern how personal data, such as phone numbers, can be used to make cold calls.
There are six reasons, under Article 6 of the GDPR, that allow companies to use personal data:
When it comes to your reps and cold calling, you’ve got to focus on complying with consent and legitimate interest.
And here’s why 👇
Having a prospect’s phone number doesn’t mean you have consent to contact them.
If your reps are going to cold call prospects, they’ve got to ensure that the consent is:
In order to remain GDPR compliant, the prospect must actively give the controller of the information permission to use their data for the purpose of being contacted via the telephone.
The prospect must give consent to your organisation, however, you cannot transfer this consent to pass on their personal data to a third party.
The consent must also be given for the purpose of cold calling. If a prospect opts in to receive an email, this does not extend the consent for your reps to cold call them.
If a client wishes to withdraw their consent, your reps need to make this as easy as possible and you must delete their data within 30 days.
Although your reps cannot cold call a prospect without their explicit consent, legitimate interest does allow for cold calling to take place.
And here’s how 👇
Your reps are allowed to cold call prospects on the grounds of legitimate interest. However, this can be overridden by the prospects’ right to not be contacted.
So, how do you ensure your cold calling is GDPR compliant?
The GDPR doesn’t stop your reps from sending cold emails; it simply puts rules in place that they need to follow.
This means that your business needs to be careful of how you store, manage, and collect your data.
When cold emailing prospects, your reps must remember that they should only reach out to people they believe will benefit from your product.
This means that your data collection needs to be adequate and relevant for the purpose of its processing.
In other words, whatever your salespeople are offering in their cold email must be connected to the prospect’s business in some way.
Next, your reps need to be completely transparent in their outreach.
The email copy must explain why the prospect is hearing from the salesperson, and exactly where the salesperson got the prospect’s details from (i.e. LinkedIn).
If the prospect responds asking to be removed from your database, your reps need to ensure this happens ASAP.
Finally, you’ve got to provide an easy opt-out option for your prospects.
Aksa elaborates on this:
“At Cognism, we always make it clear as to where our marketing emails are coming from, how to contact us with any questions, and always send an opt-out link to our data subjects.”
Ensure your cold emails are GDPR compliant by:
Your salespeople could land your company a huge fine if their approach to social selling isn’t GDPR compliant.
What’s the number one social platform your reps will be prospecting on?
You guessed it - LinkedIn!
When it comes to social selling on LinkedIn, the sales rep is no longer the data controller, but rather, LinkedIn is.
LinkedIn is also the processor of the data. That means LinkedIn is responsible for protecting all of the personal information of its users as per the GDPR requirements.
Why is this the case?
Well, when a user signs up for LinkedIn they’re agreeing to expect a two-way flow of communication.
So, as long as your salespeople are reaching out to LinkedIn connections on LinkedIn, all is well and compliant.
Join Cognism, Odaseva, and the top UK law firm Sheridans for a deep dive into the 2021 B2B compliance landscape.
Press ▶️ to watch the full webinar.
This article got you a bit stressed about your compliance?
Not to worry, Cognism’s got your back!
Get on track with the world’s best globally compliant sales data - click 👇 to speak with one of our experts.
The contents of this article are for the purposes of general awareness only. They do not constitute legal or professional advice. The content may have changed since this article was published. Readers should take appropriate professional advice for their own particular circumstances.