How GDPR Will Impact The Way Your Business Collects Data and Builds Lists


Disclaimer: This article is not meant to replace legal advice for GDPR compliance. Instead, Skaled’s expertise in Sales and Marketing is used to provide a better understanding of how the new EU privacy laws might impact your business. We ask that you do not rely on this as legal advice, or as a recommendation of any particular legal understanding.

Data is now considered the world’s most valuable resource. And any modern B2B sales or marketing team would have to agree.

Gathering information about a target audience is key to generating leads and driving sales. Beyond that, a successful sales strategy in today’s B2B landscape calls for a personalized approach at every phase of the funnel. This requires capturing detailed personal and behavioral data about prospective clients.

Naturally, individuals want to know what their information is being used for, who has access to it, and how to get it back if they want it deleted.

Although the US does not yet have federal data protection laws, Europe and the UK will soon adopt the strictest data privacy laws to date. Yes, we’re talking about the General Data Protection Regulation (GDPR) and its twin Data Protection Bill in the UK.

Due to be enforced on May 25th, the laws will apply to anyone collecting data from individuals in the EU or UK – no matter where your business is based. However, the latest estimates predict that 35% of affected US businesses will not meet the deadline for compliance; many companies simply do not understand how the regulations will touch their business.

In our most recent article, we talked about the top 6 issues executives should know about GDPR’s impact on sales. Now we’ll take a deeper dive into how GDPR will impact the way you collect data and use lists for sales and marketing.

What does personal data really mean for GDPR?

Before we dig into the details, let’s define  “personal data” in this context. Simply put, it includes anything that can directly or indirectly identify a person or their device; names, IP addresses, location data, and cookies. It also covers physical, physiological, genetic, economic, cultural or social characteristics of an individual.

So, basically everything.

And since the sales process usually begins with data collection in order to build a prospecting list, GDPR will change how you collect and store data on anyone located in the UK or EU.

How to collect data in a GDPR compliant way

GDPR’s requirement for consent is the most talked about article of the regulation – and rightly so. Any time you collect personal data, you will now have to ask for permission.

For example, if you want to add someone to your email list, you will need to:

  • Request authorization to use their email
  • Phrase your request in clear and simple language
  • Explain your purpose for obtaining the data and how you plan to use it
  • Be able to prove you received consent

What’s more, consent must be unambiguously affirmative – so, no pre-checked boxes or settings switched on by default. Once you obtain consent, the data owner still has the right to withdraw consent or request for you to erase their data. In practical terms, this can mean adding an unsubscribe link in emails you send, along with a link to edit and manage data preferences.

In short, your sales team should be aware of these new requirements and work closely with marketing to ensure compliance at every personal data entry point.

Now that you’ve collected data in a GDPR compliant way, let’s move on to building and storing your prospecting lists.

How to create and manage prospecting lists under GDPR

As you’ve probably guessed – you will need to ask everyone on your current list to re-opt-in. For many, this will mean losing between 20-60% of your mailing list.

Needless to say, you will need to rebuild it.

And regardless of your strategy, you’ll be dealing with personal data – so let’s look at a few approaches to list building and how they will be affected by GDPR.

Four common list building strategies affected by GDPR

  1. Lead magnets

Whether you offer a white paper, e-book or video training, chances are you’re asking for at least an email address in exchange. B2B businesses tend to take it a step further and request more details, such as position, company name, and phone number.

Under GDPR there are a few things to keep in mind here.

You already know the first – you’ll need consent to use the information. For example, if you plan to use the data for marketing purposes, it must be clearly stated and consent must be obtained separately from other activities.

In addition to that, the data minimization requirement also applies. That is, personal data you request must be relevant and necessary; asking for someone’s phone number might seem useful, but if you only plan to send an email it won’t be considered necessary.

A good question to ask yourself is whether you need that piece of data to achieve your goal – if you don’t, then stay on the safe side and don’t ask for it.

  1. Webinars

Like lead magnets, webinars are an excellent way to engage with your ideal target audience by providing value in exchange for contact information.

Many of the same requirements for consent and data minimization will apply. What’s more, when someone signs up for your webinar you cannot simply add them to your mailing list.

Instead, you’ll have to gain permission to send marketing emails and let them know what they’ll be receiving.

  1. Social Media

This is where GDPR gets a little fuzzy.

Clearly, mining email addresses from social media channels to use in unauthorized email campaigns or data processing activities will be considered illegal.

But there is still a degree of uncertainty around how to use social media. For the most part, networks such as LinkedIn, Twitter and Facebook automatically require consent when someone signs up. However, this does not mean you should double down on finding leads through social media.

Instead, this is a good time to update your ideal customer profiles and assess whether your content identifies with your audience’s pain points and objectives. Then, whether you guide someone back to your website or engage with them on social media, make sure you keep GDPR compliance in mind.

  1. Buying lists and personal data

Many data and list brokers offer consumer information for sale. But make no mistake about it – buying email lists will be strictly forbidden under GDPR.

Even if a data broker claims they have permission to use the data. unless it was obtained specifically for your business, you and the broker would be violating the regulation.

Now that you have a better idea of how to review your data collection and list building strategy, the next step is to ensure privacy and secure storage. Read on to find out the main points to keep in mind.

What you should know about storing your collected lists and data

Not surprisingly, privacy is one of the biggest concerns people have when it comes to their personal data.

Under GDPR, businesses must keep lists private by design. That is, you’re responsible for technical and organizational measures to ensure the data is protected against loss, disclosure or alteration.

Considering that 40% of salespeople keep customer data in Excel or Outlook, now would be a good time to rethink how your business organizes and stores collected information.

And if you plan to share lists across departments or with other companies, you must ask for consent to do so. This will require closer collaboration between departments to ensure everyone is on the same page about the processes used to update and securely store lists.

In practice, you can start by taking an inventory of data you currently hold, what you plan to collect in the future and how you will use it. You should also ensure your CRM database automatically updates anytime someone opts out of a list.

All of this can sound overwhelming, but you can use GDPR to your advantage.

How to use GDPR to make your business stronger

GDPR presents an opportunity to rethink and revamp your current marketing and sales strategy.

For your company, this could mean getting the right technology in place to host and store consent records of individuals who interact with your business.

Or perhaps it’s time to move towards an account-based approach to focus your campaigns on a target audience genuinely engaged with your brand.

As we’ve already mentioned, this article does not replace legal advice for GDPR compliance, however, Skaled can help you figure out how to align your sales and marketing teams with the right technology to bring your sales strategy into the GDPR age.

For more information on how you can prepare your sales and marketing teams for the GDPR, make sure to download your copy of the eBook: The GDPR Guide for B2B Executives and Sales Leaders.

Achieve double and triple client acquisition rates with demand generation and growth hacking.

Get Free Assessment See Resources