What is GDPR?
GDPR (General Data Protection Regulation) - is a legal regulation issued by the Council of the European Union and The European Parliament. Its primary purpose is to protect the personal data of EU citizens.
The main idea of the GDPR is that you need the consent of the data subject to process any data. If you’re reaching out to someone who doesn’t know you, you obviously don’t have any consent. Does that mean you should stop cold emailing?
Fortunately, consent isn’t the only case where processing is considered lawful. In particular when the «processing is necessary for the purposes of the legitimate interests pursued by the controller» (Article 6). The controller is the company sending the email, i.e., you.
Recital 47 provides some additional clarification on the idea of legitimate interests. It states that:
- «The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.»
- «At any rate, the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.»
Nevertheless, the recipient has the right to object to the processing, because you are processing his/her data to send emails and potentially store the status in your CRM.
Tip: include an unsubscribe link to your mail.
If you send through Gmail, you can install a free Chrome extension: StopList.
What is important when you send an email?
- Step one: ensure your prospecting is targeted and appropriate
- Step two: explain the legitimate interest in your email copy
- Step three: make it quick and easy to unsubscribe or opt-out
- Step four: regularly cleanse and maintain your database
- Step five: prepare an informative reply for GDPR complaints and questions
Collect only what is relevant
Ensure you are precise choosing your ideal prospect.
We help set the target criteria for our client’s prospecting activities routinely.
Here are a few simple qualifiers to work with:
- Geographical location: where are the prospects you want to speak to? Where will your service or product be most relevant?
- Target industries: who do you already work with? What your clients are the most profitable/find your service most useful?
- Company size: are the companies you are approaching large enough or small enough to require your service? How many employees do they have?
- Titles: are you contacting the right person from your chose company? Are they senior enough to make a decision?
What else should your first email include?
According to Article 14, in particular, you should share:
- «the identity and the contact details of the controller and, where applicable, of the controller’s representative » & « the contact details of the data protection officer, where applicable»:
It would be best if you made it clear who you and your company are. However having in every sales email information regarding your DPO and/or representative might be a lot. A « know more » link could be enough to redirect to a page where everything would be.
- «the purposes of the processing for which the personal data are intended as well as the legal basis for the processing»
It might be obvious but be clear on the fact that this is a sales email. B2B sales fall into the “legitimate interest” category, so there’s no reason to hide it.
- «from which source the personal data originate, and if applicable, whether it came from publicly accessible sources»
GDPR and GetProspect
On GetProspect, we use publicly available information found in user’s LinkedIn profile. It means you can easily let the user know on which website his / her information was displayed.
So how do we do that?
- We search the website of the company the person is currently working for.
- We search all the email addresses we have in our base using the same domain name (i.e., all email addresses with @company.com)
- Depending on what we get, GetProspect automatically generates the most likely email pattern used in the company.
- After GetProspect gets the pattern, it generates the email address, using the person's name and company pattern.
What should you write if you are asked where you found the email?
We suggest the following reply:
"We are using a third party prospecting service (https://getprospect.com) and they found your profile on LinkedIn as you fit our typical customer profile. They guessed your email using publicly available information and company email pattern and ran it through a verification tool. If you want me to change the data I used to contact you or remove your data from my list, please reply ‘No thanks’ and I’ll remove you from our database.”
Right of access, rectification, restriction of processing, erasure
The data subject can request access to the data which we keep in our database about him/her; request to change, update or complete any missing data we process; request to stop processing the data. or to remove in completely. The personal data actions can be held here.
If you have more questions, do not hesitate to contact our support: [email protected]