Any organization that does business with European citizens is subject to the General Data Protection Regulation, or GDPR. This has been in effect since May 25th, 2018.
GDPR is a legislative package giving individuals in the European Union more control over their personal data. Thanks to these privacy laws, EU citizens will now be able to understand what personal data is being collected by businesses, meaning your European customers and prospects will have greater control over their data. Companies that are not GDPR compliant will incur fines; the penalty is €20 million Euros, or 4 percent of global turnover, whichever is higher.
The stakes for non-compliance are high.
The bottom line is email marketing activities are directly impacted by GDPR regulations. If you’re a sales or marketing pro and you send emails to prospects this article could save you from losing that 4% of your turnover.
The GDPR hinges on how the notion of “legitimate interests” is interpreted by the courts.
We’ve tried to clarify the relevant GDPR requirements you need to understand in five lines:
Individuals have to agree to the collection of their personal data
They must know how and when that data is collected
People must be able to request copies of their data
These individuals also must be able to ask for their data to be deleted
They must explicitly agree to be contacted by salespeople
GDPR compliance will have an impact on the day-to-day activities of any salesperson working with European data.
But this should calm some of your sales team’s anxieties:
You can continue email marketing campaigns to your customers.
This passes the “legitimate interests” legal basis test.
In this article, we’ll explain in detail which of your prospecting and lead generation activities will be impacted by GDPR email marketing regulatory laws.
Table of contents
When can you email a prospect under the GDPR?
The GDPR makes sales managers nervous because it’s hard to understand what the legislation means for daily sales and email marketing activities. It’s a fair concern.
GDPR email marketing violations will be assessed on a case-by-case basis, so your risk exposure depends on the context of your actions. This makes selling to your existing email list or contacting leads via cold email outreach more challenging. It’s very difficult to guarantee your organization’s compliance in general terms.
But that’s not the answer your boss wants to hear.
When you’re asked “Are we covered for the GDPR changes?”, we want to help you answer that question with confidence, not confused anxiety.
We’re going to explain how you can do everything in your power to make sure your sales email activities and marketing practices work within the bounds of the GDPR, by working through your GDPR email marketing responsibilities in a collection of the most common sales situations requiring direct email contact.
Before we do so, here are two general rules you should understand when it comes to GDPR email compliance:
If someone has said it’s okay to contact them with information about products and services, you can contact them about the products and services they agreed to. That’s pretty straightforward, so long as you’ve followed the rules about opting in.
Pre-ticked boxes and ‘not saying no’ no longer count as consent. Simple. They must opt-in. Sometimes this action can be a soft-opt in (i.e. they have not opted out), but other times it must be a hard-opt in (i.e. they specifically tick a box saying they want to receive emails), which also includes the double opt-in (i.e. they say they want to receive emails and then must confirm their email address by clicking a link they’ve been sent via email)
Let’s look at how the GDPR affects sales and direct marketing activities in potentially sticky GDPR situations, supplemented by the expertise of our Pipedrive GDPR experts.
Start planning your email marketing campaign now
1. Opting in for a Webinar
If someone signs up for a webinar, or downloads an ebook, can you email them afterward?
More broadly: how do you handle subscriber opt-ins for downloadable lead generation content?
The short answer is that you need explicit consent.
Before we go into detail about leads, remember that it’s still okay to send marketing communications to customers in any form (including those in a trial relationship).
But in relation to prospects and leads, just watching a webinar doesn’t count as consent. Similarly, providing details before watching a webinar does not count as “contact details obtained in the course of a sale” because the webinar is not the product you’re selling.
In this case, the webinar was delivered for marketing purposes, thus any data collection associated with it does not need explicit opt-in consent.
What you do need opt-in consent specifically for is email marketing.
You need to get consent to market to European non-customers for each type of marketing.
Webinar registrants are deemed to be only expecting your webinar communications. If you want to use the registered email address to send subsequent emails to nurture your lead or set up a sales call, you’ll need to get permission beforehand.
The solution?
You can use the webinar registration form to ask for that explicit consent.
“You can collect other opt-ins at the moment people sign up to webinars using a separate checkbox. That indicates, for example, that we will collect this email address to send marketing communications after the webinar.” - Martin Ojala, Pipedrive’s GDPR sales expert.
2. Collecting information at an event
If you hold an event and receive emails from attendees, can you add these to email communications afterward?
Ojala says yes, but there’s a caveat.
“When you gather attendee email addresses, you have to clearly explain and record what the emails will be used for,” he says.
For example, if the page says ‘enter your email if you’d like more insights and information about our product, and your attendee enters their email address, this counts as consent.
There’s more: your attendees must also have the option to register and attend the event without the need to enter their email for this marketing information.
3. Contacting a customer who has been referred to you
As a salesperson, you get an email address from a friend, customer, or colleague as a potential referral. Can you reach out with an email to start a sales conversation?
This one is dicey because it depends on what the potential client was told by the person who did the referring (and that’s not something the salesperson can control).
“I’m not a fan of people giving out my contact details without my OK,” says Ojala. “It shouldn’t be that difficult to ask the person ‘Is it OK if I give your email address to the people at this awesome CRM provider?’”
You must be confident the recipient of any cold referral email is complicit, or you are breaching GDPR data privacy laws.
5. Introducing yourself to an existing customer
What about upselling and cross-selling under the GDPR?
If, for example, a customer signs up to purchase your product, can you reach out directly over email to introduce yourself and offer a related upsell?
This one probably passes the balance test.
“I think this one is OK,” says Ojala. “The fact that the customer already bought something from you would imply that contacting the person would fall under ‘legitimate interests’ for business continuity. Introducing yourself should not be perceived as a privacy threat.”
6. Contacting someone who signed up for a prize giveaway
If a prospect enters a competition or a prize giveaway, can you email the participant to discuss their needs and explore a sales opportunity?
That depends, says Ojala.
“If you make contact with the person to say that they are part of the prize draw, then you have reasonable cause for this email” he said. “But if you make contact with the person to promote an add-on sale that’s separate from the prize draw; this is a no-go.”
In other words, if your giveaway is just a hook intended to collect personal data, this is fishy.
You can add a checkbox asking for permission to contact the entrant via email with marketing information, but that checkbox has to be fully independent and disconnected from the prize giveaway.
If in doubt about your future email marketing activities, add an obviously separate and additional opt-in to your data capture.
7. Contacting a prospect whose trial has expired
Many sales teams work with free trials and freemium pricing structures. If a prospect has signed up for a free trial, can you email that prospect when their trial has expired?
Yes, if the salesperson contacts the prospect within a reasonable time frame after the trial ends.
In fact, this doesn’t count as cold-emailing, because when a prospect signs up for a trial, free or not, they become your customer.
The transaction indicates they are interested in your product, so making contact with them for business continuity is considered less of an intrusion. (following up quickly with a prospect is also a great way to convert a trial into a paying customer.)
If you continue sending marketing emails to them right after the trial and they have a clear opportunity to opt out of every email (a simple unsubscribe link in the footer is good practice), then you can continue sending those emails until they opt out. You can keep email marketing to these prospects.
Getting back in touch quickly is best sales practice, but if you have neglected this for some reason, you are not obliged to delete this data immediately. Martin explains that you can hold the data of a past customer for a specified period even after the relationship has ended:
“When you sign up for a service, the service provider is allowed to keep this data for the length of your company’s normal data retention period. The fact that it is a free account doesn’t mean that it was not voluntarily.”
There’s a legitimate business interest in keeping customer information for a period after a trial expires or an account is closed. For example, Pipedrive keeps companies’ data for up to six months after they close their accounts, in case the company decides to come back to the service.
Of course, if a former customer requests the deletion of their data at any time, we are all responsible for deleting it ASAP to honor their “right to be forgotten.”
GDPR simply reinforces good sales practices
Ultimately, the GDPR is intended to inspire more helpful marketing, transparent consent and responsible data management.
GDPR email compliance may seem like a headache, but it’s designed to encourage selling with integrity.
GDPR email marketing also benefits prospecting as it makes you focus on engaged hot leads as opposed to wasting time and effort on uninterested parties.
More rigorous opt-ins mean fewer leads in your pipeline, which may make sales managers panic. However, this helps you consistently hit your revenue targets in the long term as quality lead qualification drives your sales team to focus on those who are more likely to convert.
The most successful sales organizations add half as many deals to their pipelines and win twice as many.
Pipedrive CEO, Timo Rein is the chief exponent of this approach:
“Focus is essential for closing deals: I’ve seen that from my own experience. It sounds obvious, but doing less and focusing on the right things means you’ll do them better.”
Treat the GDPR as an opportunity to strengthen your competitive advantage rather than viewing the changes as a bureaucratic burden.
GDPR email marketing could be the trigger your team needs to become the most customer-friendly option in your market.