That’s right, GDPR is here in two months. On May 25th the biggest security and privacy law comes into effect with direct and immediate impacts on every organization managing the personal data of EU residents, including, crucially, non-EU firms operating inside EU borders.
By now you’re probably wondering how this will impact your sales operations in the EU and UK. Simply put, the regulation will place unprecedented restraints on how your sales and marketing teams contact prospects and consumers, store and manage personal data. And if you haven’t already done so – now is the time to take serious action towards preparing your employees, processes, and technology for GDPR compliance.
Over the last two months, our team has been dissecting the new law and meeting with some of the largest data providers in the world to understand what these regulations will mean to U.S. sales reps and why GDPR is different than anything we have seen before.
Keep in mind, we are not a law firm; the information provided in this article is not meant to serve as a comprehensive guide or substitute for sound legal advice. The goal is to highlight areas of concern for your business and help you figure out how GDPR will affect your sales process.
Until now, the B2B world remained somewhat immune to privacy laws, but this is going to change with GDPR. To summarize, the General Data Protection Regulation, and it’s twin Data Protection Bill in the UK, transfer the ownership of personal contact information to the individual themselves. Companies, on the other hand, become data holders.
My next article will focus on the MANY impacts this will have on your marketing efforts, but for now, let’s take a look at the main ways GDPR will impact the sales process.
(Looking for an in-depth guide on how the GDPR will affect your Sales and Marketing Strategy? You can download the eBook GDPR For B2B Executives and Sales Leaders here.)
Understanding and obtaining consent:
1. From now on, you will need to obtain digital confirmation – or at the very minimum – recorded verbal confirmation that you received permission to contact someone. This law will be strictly enforced, so you will need proof of when and how you were granted consent to contact a person. In most cases, digital authorization will be the requirement.
2. You will need consent for every method of outreach. For example: If Roger says, yes you can call me, this DOES NOT mean you can email, text or send him letters. That’s right – you must gain and hold proof of consent for each channel separately. However, there are some exceptions; LinkedIn is a professional networking site with implied consent to connect and in these cases, the requirements may vary.
3. Every department using contact information will need separate consent. Let’s say marketing obtains a lead; unless the prospect specifically agrees to be contacted by sales, you are not authorized to use that lead for sales based outreach. Obviously, there are some gray areas, but the law requires separate consent for each department.
4. When you ask for consent, it must be clear, simple and explicit. If you bury your request or try to use vague language – this may not be compliant.
Data communication and usage:
1. Here’s a big one: your prospect has the right to access all data you have about them. What’s more, they have the right to correct their data and even ask you to permanently delete all or parts of their information from ALL your systems. This will be a big headache for companies that store prospect data in multiple systems but don’t communicate well between each other.
2. Personal data needs to be portable. What does this mean exactly? Basically, as the official owner of my own information, I have the right to ask you to share it with your biggest competitor. Naturally, this is a much bigger deal for consumer businesses, but you can see the potential impact on B2B companies; you spend time sourcing and augmenting a prospects data only to have them ask you to hand it over to your competitors and permanently delete all of it from your system.
To sum up, GDPR and the UK Data Protection Bill are both very dense with numerous implications. We are not a law firm and the above is not meant to offer legal advice or serve as a complete guide to all possible implications.
As a leader in global sales consulting, Skaled is dedicated to helping our clients tackle GDPR and adapt their typical outbound strategies to this new world. These six issues should serve as conversation starting points for your executive team. Please reach out to matt.lopez@skaled from our team to learn more about what GDPR may mean for your business and strategy.
For a complete GDPR guide to help your prepare your sales and marketing strategy, make sure to download your copy of GDPR For B2B Executives and Sales Leaders to help you prepare.