5 Simple Steps for Sending GDPR compliant B2B Cold Emails 🛡️
First and foremost, GDPR (General Data Protection Regulation) is not about businesses or cold emailing. Above all, it’s about personal data protection and protecting individuals. Since GDPR came into effect at the end of May 2018, it is still legal to send businesses sales emails. However, given that sending such emails involves the processing of personal data, there are some key aspects you need to take into consideration when emailing. This article will provide you with a few simple suggestions how to keep your cold emails GDPR compliant.
1. Adequate and Relevant Prospects
In general, lead generation and prospecting basically involve the sourcing of personal data to use in sales campaigns. GDPR doesn’t stop people prospecting or collecting leads, it merely demands a greater level of accuracy and care from prospectors. Under GDPR, personal data collected must be adequate and relevant to the purpose of its processing.
Therefore, you need to consider two factors:
- the adequacy of your data (i.e. how much data do you really need for what you hope to achieve?)
- and the relevance of your data (i.e. is the data you are collecting the correct data for your needs?)
In order to ensure adequacy, only collect data that is strictly necessary to you as a data processor. Put simply, don’t collect information if you don’t plan on using it.
In order to ensure relevance, if your targeting is accurate, then no prospects should ever question why you have emailed them. If your prospect is surprised to hear from you, are the leads you’ve garnered relevant? Make sure you are very precise in selecting who your ideal prospects are, and tailor your campaigns for them.
2. Explaining Your Legitimate Interest
One of the six reasons for processing data under GDPR for sales is the legitimate interest. In other words, the sender of the email campaign must make sure that the offer presented to the prospect is relevant to them. But, how do you confirm the reasons for legitimate interest? Here’s a few examples of reasons for legitimate interest:
- Check to see if the company is in or expanding into a relevant area for your service.
- Research the company’s LinkedIn profile and/or website to see if your offer of service would support their goals and objectives.
- Ask for referrals from your professional network.
- Check for any recent investment/funding if your offer supports growth.
Therefore, it’s important to do some background research on your prospects and provide some simple context in your emails. In order to include legitimate interest in your cold emails and be GDPR compliant, it is important to include three key pieces of information:
- A statement advising the recipient how you have processed their data.
- A short explanation of why you are processing it.
- Instructions that the receiver of your email can follow in order to change the data you process or request the removal of your data from your list.
3. Make it Quick and Easy to Unsubscribe/Opt-out
If you are involved in sending cold email campaigns, you need to inform your prospects how to exercise their right to erasure. In other words, you need to advise people a straightforward way to opt-out.
One way to automate this process is to include an unsubscribe link at the foot of your email. Alternatively you could add some text at the bottom of your email advising your prospect that if they are not interested and do not wish to hear from you again, then they can reply “no thank you” and their details will be removed from your list.
The most important facet of opting out is that it is clear, easy to follow and any requests are physically carried out. This means when someone asks you to delete their data, you delete it! It’s therefore vital to create a “do not contact” list of the companies and individuals that have opted out, to ensure they are not contacted again.
4. Cleanse and Maintain Your Database Regularly
As an extension to removing prospects that have opted out or unsubscribed, GDPR states that you must not retain information for months and months or hold onto inaccurate contact information. You must therefore cleanse your CRM regularly of inactive leads. You also need to check that your contact information is up to date.
5. Prepare Replies to GDPR Complaints and Questions
Finally, expect some unfavourable responses or reactions from your prospects. Privacy is a huge topic and some people will not be happy to have received your (cold) emails, even if they are GDPR compliant. Therefore, expect some questions such as:
“What rights do you have emailing me?”
Even though you’ve sent your email to a corporate email address, it will still contain somebody’s name, making it personal. Your legitimate interest therefore needs bringing to the forefront. If your product/service does not relate specifically to your prospect’s line of business, then explain the reason(s) you thought them a relevant person to get in touch with. It could be their LinkedIn profile, their website or a recently shared article. A typical response might be:
“We have collected and processed your data on the basis of legitimate interest. Given how beneficial our (product/service) has been to (company profile/prospect profile) in the past, I believed our offer to be of benefit to you.”
“Where did you get my information from?”
Another expected question. Explain where you found their data, why you thought they were an appropriate person to contact and why you thought they would be interested in your offer. A lot of data is publicly or openly available information, i.e. websites, online directories etc. Typically, you might reply:
“I found your profile on LinkedIn as you fit our typical customer profile. I then guessed your email address using publicly available information and ran it through an online verification tool.”
“What information do you hold about me?”
GDPR enforces peoples’ right to be informed and right of access (subject access request), which means if you are asked, you must provide the information you have collected and how it has been processed. A model answer might read:
“Your name, email address, company name and job title are the only data that we hold. As per your rights, we will delete this from our database if you are not interested in our services or wish us to do so. Your data is not being held in any other databases or being resold.”
Conclusion
Prima facie, it might seem like a lot of work to be GDPR compliant when sending cold emails, but by lead generators adding a greater level of adequacy, relevance and accuracy, all you are doing is adding a few changes to your current emailing process to make sure that you as a sender, are fully compliant.
