GDPR in Sales and Marketing

Blog - GDPR in Sales and Marketing - TEAM International

On May 25th, 2018, the European Union’s (EU) regulation on data protection is coming into force. With the two-year implementation period quickly coming to an end, are companies ready to adopt GDPR? How will the new regulation influence the lead generation process? What is going to change in terms of sales and marketing? What should sales people be aware of?

The new regulation on data protection requires sales people who approach their leads via e-mail campaigns to take appropriate measures, some of which will be discussed below.

Although GDPR requires organizations to obtain consent from the data subjects (leads) for further data processing, GDPR does recognize the importance of direct marketing. So it provides a legal basis for processing as Legitimate Interest – The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. However, you should be very careful when using this approach. Take into consideration if your audience is a real target for your campaign, as well as if their data (names, emails) was collected either directly by your staff (personal contacts, business cards, etc.), or manifestly published by individuals/companies in publicly accessible sources such as social networks or on corporate websites. These should be considered best practices for all marketing or sales initiative and will only serve to collect more qualified leads.

Your message, in addition to the marketing content, should include information about the following:

  1. Who you are;
  2. The purposes of the processing – say, marketing, or information about industry events;
  3. What data you keep about the individuals;
  4. The rights of the individuals regarding their data processing;
  5. How long you are going to keep the data for;
  6. From which source the personal data originated;
  7. A link to unsubscribe;
  8. Contact details of your data protection office, so people understand their rights.

This information can be placed in the footer of your message; however, it should be clearly visible and formulated in a clear, transparent, and understandable manner. It is also necessary to give the addressee of your sales campaign the option to unsubscribe; this should be easily accessible for people contacted.

Apart from the Legitimate Interest option, we still recommend that you get explicit consent from the individuals for their data processing for marketing purposes.

In any case, whether you are building or buying a contacts database, the person contacted must agree for their data to be stored and used for sales/marketing purposes. Sales people can store contact details in a database only after they receive consent from that person. When it comes to storing contact details, GDPR obliges you to receive explicit consent from the contacted person. The consent message should be formulated in a clear and unambiguous manner. It should contain information such as: who you are, the purpose of which you will use the data (e-mail campaign, cold calling, etc), whether the data will be transferred to someone else (if any), and how long the data will be kept for; as well as the items referenced above that should be included in a consent message. You are also obliged to inform the contact person about the options to withdraw their consent at any time with clear instructions on how to do so, and the right to lodge a complaint with the supervising authority. These are the formal steps that need to be made after the GDPR introduction. The consent for data storage obliges your company to securely store this information and delete contact details if consent is withdrawn.

In a case where you bought a contact database you need to inform your contacts that you have their data and ask their permission to use it for marketing purposes, basically it is the same consent approach described above, but don’t forget to mention where you got their data from. You are obliged to get their consent at the first point of contact or within one month of receiving the database, whichever comes first.

The new regulation is nothing to be worried about if proper mechanisms and processes are introduced in your organization. The process of storing and managing your contacts database can be automated. The automation of GDPR compliance will increase the effectiveness of your sales department and the trust of your clients or business partners that their data is being securely processed and not misused.

If you would like to learn more on how we can help you to automate your sales and marketing activities please, contact me at:

Monika Radomska
TEAM International