Skip to content

Why Your B2B Sales Team Needs GDPR Compliant Data


🚨 Are you breaking the law? 🚨

Your answer to this is likely “Of course not, I’m a professional salesperson!”

However, you and your team may be doing so without even knowing it. 😱

How can you avoid this pitfall?

Our blog will show you how your team can stay on the right side of the law, with B2B sales data that’s compliant in all aspects.

Scroll 👇 for more or use the menu to jump to a section.

What is the GDPR? | Cold calling | Outbound email | Social selling | B2B compliance webinar | Cognism’s globally compliant data

Follow Cognism on LinkedIn

What is the GDPR? 

In May 2018, The General Data Protection Regulation (GDPR) came into effect across the whole of the EU and the EEA.

Its aim is to give citizens more control over their personal data.

It does this by setting out ways in which companies must process and protect the data they hold about their customers.

“The GDPR automatically applies where a company processes the data subject’s data who is an EEA resident.” - Aksa Kalam, Cognism’s Head of Legal

The GDPR allows companies to carry out sales and B2B marketing practices if they can prove a lawful basis to do so.  

The most commonly used, and arguably most flexible lawful basis B2B companies use for processing personal data, is legitimate interest.

If your company is asked to provide a service such as cold outreach, you must ensure that you serve the appropriate notices, records, assessment documentation, privacy policies, DPIA and legitimate interest assessments.

It’s incredibly important to note that under the GDPR, the processor of the information and the controller of the information can be different entities.

In the case of B2B sales, the controller is usually the sales rep.

Right, now you’re probably thinking “How does the GDPR apply to various sales outreach practices?”

Just keep scrolling to find out 👇

Cold calling 

Believe it or not, cold calling isn’t directly affected by the GDPR.

BUT - the GDPR does govern how personal data, such as phone numbers, can be used to make cold calls.

There are six reasons, under Article 6 of the GDPR, that allow companies to use personal data:

  1. Explicit consent from the customer to use their data.
  2. To fulfil a legal obligation.
  3. To fulfil a contract with a customer.
  4. To carry out a task in the public interest.
  5. To protect the vital interests of an individual.
  6. To pursue legitimate interest.

When it comes to your reps and cold calling, you’ve got to focus on complying with consent and legitimate interest.

And here’s why 👇


Having a prospect’s phone number doesn’t mean you have consent to contact them.

If your reps are going to cold call prospects, they’ve got to ensure that the consent is:

Clear and explicit

In order to remain GDPR compliant, the prospect must actively give the controller of the information permission to use their data for the purpose of being contacted via the telephone.

For a specific purpose or organisation

The prospect must give consent to your organisation, however, you cannot transfer this consent to pass on their personal data to a third party.

The consent must also be given for the purpose of cold calling. If a prospect opts in to receive an email, this does not extend the consent for your reps to cold call them.  

Easy opt-out

If a client wishes to withdraw their consent, your reps need to make this as easy as possible and you must delete their sales data within 30 days.

Although your reps cannot cold call a prospect without their explicit consent, legitimate interest does allow for cold calling to take place.

And here’s how 👇

Legitimate interest

Your reps are allowed to cold call prospects on the grounds of legitimate interest. However, this can be overridden by the prospects’ right to not be contacted.

So, how do you ensure your cold calling is GDPR compliant?

  • Set up clear roles and rules that adhere to the GDPR requirements of handling personal data.
  • Record conversations and store them securely.
  • Get proof of consent if your leads are coming from a third party.
  • Ensure there is legitimate interest before calling prospects.
  • Ensure you have clear opt-in and opt-out messages.

Outbound email 

The GDPR doesn’t stop your reps from sending cold emails; it simply puts rules in place that they need to follow.

This means that your business needs to be careful of how you store, manage, and collect your data.

When cold emailing prospects, your reps must remember that they should only reach out to people they believe will benefit from your product.

This means that your data collection needs to be adequate and relevant for the purpose of its processing.

In other words, whatever your salespeople are offering in their cold email must be connected to the prospect’s business in some way.

Next, your reps need to be completely transparent in their outreach.

The email copy must explain why the prospect is hearing from the salesperson, and exactly where the salesperson got the prospect’s details from (i.e. LinkedIn).

If the prospect responds asking to be removed from your database, your reps need to ensure this happens ASAP.

Finally, you’ve got to provide an easy opt-out option for your prospects.

Aksa elaborates on this:

“At Cognism, we always make it clear as to where our marketing emails are coming from, how to contact us with any questions, and always send an opt-out link to our data subjects.”

Ensure your cold emails are GDPR compliant by:

  • Segmenting lists very carefully based on your prospects’ business needs - this only applies to personalised email addresses and not generic ‘info@’ email addresses.
  • Being able to explain exactly how you got the prospect’s email address.
  • Protecting the data and only keeping it for as long as required.
  • Providing an easy way for the prospect to opt-out.

Social selling 

Your salespeople could land your company a huge fine if their approach to social selling isn’t GDPR compliant.

What’s the number one social platform your reps will be prospecting on?

You guessed it - LinkedIn!

When it comes to social selling on LinkedIn, the sales rep is no longer the data controller, but rather, LinkedIn is.

LinkedIn is also the processor of the data. That means LinkedIn is responsible for protecting all of the personal information of its users as per the GDPR requirements.

Why is this the case?

Well, when a user signs up for LinkedIn they’re agreeing to expect a two-way flow of communication.

So, as long as your salespeople are reaching out to LinkedIn connections on LinkedIn, all is well and compliant.

B2B compliance webinar 

Join Cognism, Odaseva, and the top UK law firm Sheridans for a deep dive into the 2021 B2B compliance landscape.

Press ▶️ to watch the full webinar.


Cognism’s globally compliant data 🌍

This article got you a bit stressed about your compliance?

Not to worry, Cognism’s got your back!

Get on track with the world’s best globally compliant sales data - click 👇 to speak with one of our experts.

Book your Cognism demo

The contents of this article are for the purposes of general awareness only. They do not constitute legal or professional advice. The content may have changed since this article was published. Readers should take appropriate professional advice for their own particular circumstances.

Read similar stories


Sales Incentives: 5 Ideas to Motivate Your Team
Sales Incentives: 5 Ideas to Motivate Your Team
Incentivising SDRs is key to their motivation but what are the best ways to do it? Here are 5 sales incentive ideas to get your team fired up and winning.
How Moonhub Saw ROI in Three Months of Using Cognism-feature
How Moonhub Saw ROI in Three Months of Using Cognism
Moonhub, the ultimate VR training solution, saw ROI in three months of using Cognism. Click to read more!
LinkedIn Voice Messaging: The Complete Guide for B2B Sales Reps-resource card
LinkedIn Voice Messaging: The Complete Guide for B2B Sales Reps
LinkedIn voice messaging should be part of every SDR's outreach toolkit! Keep reading for Enterprise SDR Alex Knight’s voice note do’s and don’ts.

Experience the Diamond difference.

See how our phone verified contact data can increase your connect rate by 7x. Book a demo today.

Skyrocket your sales

Cognism gives you access to a global database and a wealth of data points with numbers that result in a live conversation.

Find customers ready to buy

Cognism intent data helps you identify accounts actively searching for your product or service – and target key decision makers when they’re ready to buy.