Marketing

10 things you need to know about prospecting in the GDPR era

Post by
David Chevalier
10 things you need to know about prospecting in the GDPR era

Use these tips to effectively prospect without violating GDPR policies.

Photo by Markus Winkler from Pexels

Prospecting is a little different these days. Ever since GDPR came into play in May of 2018, companies need to be more careful than ever not to violate these European privacy policies.

In case you weren’t aware, GDPR stands for General Data Protection Regulation. It’s a law related to data protection and privacy in the European Union and the European Economic Area. GDPR aims to create best practices when it comes to handling data and data compliance in order to protect individuals and their personal data. 

It’s extremely important for businesses, especially those in the field of sales, to understand and cooperate with GDPR rules in order to prospect effectively and safely without putting their clients’ data or their own company at risk. 

Here are 10 things you need to know about prospecting in the GDPR era.

For more information on the policy itself and navigating sales without breaking the rules, read the first article in our GDPR playbook, What is GDPR? How to navigate sales in the GDPR era with Leadjet.


1. You can contact people whose information you’ve found on the internet for legitimate business purposes

Salespeople can cold contact people they’ve found on the internet assuming it’s for B2B, legitimate business interests. For example, if you’re a salesperson for a biomedical company contacting a hospital rep in hopes of selling them your products, this is a legitimate business interest and you can legally contact them. However, you can’t contact a person in the computer industry — this would not be deemed legal as it’s not legitimately relevant to your industry. 


In order to ensure you comply with this, it’s best to avoid overusing mass automation tools and carefully hand-select your prospects, ensuring they are a good fit for your business proposals.

2. It’s legal to prospect on LinkedIn (just follow the rules)


Assuming you follow tip number one and are prospecting to those for which you have legitimate business interests, you can continue to prospect on LinkedIn, as well as on other social media channels.

However, it’s worth noting that LinkedIn will flag robotic or clearly automated behaviors (like adding 1000 people at once), and this could get you banned, which is why you have to be careful when using automation. 


When social selling, sending the same mass message to hundreds of prospects may not get you banned, but your messages will likely end up in spam folders, so it’s best, as we suggested above, to carefully select prospects and approach them in a more personalized manner. This way, you’ll get the reply rates you’ve hoped for. If you send 1000 automated messages and they all go into spam, you may not get a single response! Meanwhile, if you send 40 personalized messages, even if only a few prospects respond, you’re already ahead of the game.

For more information on LinkedIn and GDPR, click here.


3. You can (and should) obtain permission to contact your prospects through opt-in/opt-out


This doesn’t have to be as complicated as it sounds. Permission to contact or for a prospect to opt-in can easily be obtained at the beginning of the conversation. In a cold email, connection request, or message, simply state “If you reply/accept, this means you want more information.” Any reply or acceptance means the prospect has given you the okay on contacting them, and you can begin to further this prospect down your sales pipeline.

4. Inform your prospects and clients about how you plan to use their data


Just because you have a client’s email address doesn’t mean you can add them to all your marketing email lists. They must opt-in, accept terms and conditions of data use, or join an email list. Make sure that any clients you plan to send marketing materials to have agreed to a user agreement. Having a privacy policy page on your website to notify users on how you’ll use their data is important, and proves to any interested parties that you’re GDPR compliant.

5. Proceed with caution when using automation to reply

Technically, auto replies don’t breach any GDPR policies. That being said, an auto reply can seem unprofessional, as prospects will easily realize when they’re talking to a robot/autoreply. Personalization is key when responding, just as it is when sending those first messages.


We get it though — not every sales rep has hours on end to think up savvy, personalized replies. Here at Leadjet, we have special template features that allow users to start with a generic reply, but then personalize it a little to best fit the prospect and situation. 


Automation isn’t all bad — just use it sparingly and in the right ways to avoid running into issues. Limit your daily email/Linkedin connection requests to what’s actually feasible for the average salesperson. (For example, LinkedIn limits connection requests at 100 weekly).


6. Be careful when purchasing bulk lead lists

It is legal to contact prospects from a purchased list assuming these parties have given consent to their data being transferred to a third party (you). That being said, you must document proof of consent, so it’s important that you trust your seller on this one. Make sure you give prospects the option to unsubscribe from your emails or messages. This way, your emails will be GDPR compliant.

7. Utilizing referrals is legal

Under GDPR, it’s perfectly legal to contact people that have been recommended or referred to you by existing customers. The best way to do this is to have your customer put you both in touch so there’s clear proof there was a recommendation. 


8. Be careful when collecting certain types of data (and with the tools you use to do so)

When prospecting, it’s best to be cautious about personal data. While it’s appropriate to collect a prospect’s full name, email, position in the company, and phone number (especially when social selling on a site like LinkedIn), you shouldn’t be collecting or tracking their emails or links for your marketing and sales purposes. This ensures you’ll be complying with the data minimization aspect of GDPR.


You also need to be careful with the tools you use to collect data. Here at Leadjet, we don’t store our users’ business data. We merely act as a bridge between two external systems. In other words, we are unaware of who our clients have talked to or been prospected by on Linkedin. We also don’t record or store anything that’s going on in their CRM.

Leadjet acts as a data processor, assisting our users (the data controllers), to transfer information automatically from LinkedIn to their CRM. This process itself respects GDPR guidelines, as it’s essentially equivalent to writing down this information manually on an Excel sheet/CRM from a Linkedin profile that is publicly available.

9. Location matters

First off, remember that GDPR is related to European law. So if you’re located in other parts of the world, do you still have to respect this law? 


The answer is yes, you still do. For example, if you are a company based in the US or Asia and you want to sell to a European customer, then you would have to respect GDPR rules. And as more countries, states, and territories are adopting similar privacy policies (for example, the California data protection law), it’s even more essential to comply. Individuals are more aware of how precious their data is, and won’t stand for companies doing whatever they want with it.


When GDPR policies were first implemented, it seemed quite sudden for European companies, halting their workflow significantly. So, even if you’re not located in Europe it's better to be prepared and anticipate any possible data regulation changes. 


Even within the EU, policy standards can differ. Depending on what country a prospect is located in, they may have to either opt-in or opt-out to receive your communications. Stay tuned for the third and final post in our GDPR playbook to find out which countries require which style of message, as well as example templates to use when contacting prospects.


10. Leadjet is fully GDPR compliant: Sign your team up today!

Sign up for your 14-day free Leadjet trial and begin to prospect quickly and efficiently without stressing about GDPR compliance.

Leadjet is:

✅ Here to make prospecting easy, legal, and hassle-free.

✅ Ready to connect your LinkedIn prospect’s data to your CRM in one simple click.

✅ Fully GDPR compliant.


Leadjet is not:

❌ A mass automation tool.

❌ A robotic tool.

❌ Going against any LinkedIn or GDPR guidelines/policies.


Bottom line

If you’re stressed about complying with GDPR, don’t be. The data privacy rules actually benefit salespeople and organizations as well as individuals and prospects, ensuring that the right people are being contacted and receiving information. When you can focus and emphasize your efforts on a market that’s really apt for your business, it’s more likely prospects will want to engage, making it easier for you to turn prospects into customers and increase that ROI.

Welcome to our GDPR playbook. Make sure to read about navigating sales in the GDPR era here, and stay tuned for our next article on opt-in/opt-out policies, including helpful templates you can use.

Ready to dive in?
Start your free 14-days trial.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.