Is Your Sales Team Truly GDPR-Ready?

Published on:

The clock is ticking. The time has almost come. The 25th of May 2018 is the date when most businesses around the globe will need to start paying close attention to how they deal with user data. Is your sales team ready for it?

Some startups have already given up and decided it was easier (and cheaper) to shut down, rather than try to comply with this new regulation. But what is the General Data Protection Regulation (GDPR)?

The GDPR’s aim is to:



Most businesses are prepping for these changes by getting squads of lawyers to understand what are the implications for the company and its employees.

Let’s start with the basics.

Is GDPR Relevant To My Organization?

The first important thing to understand is whether the GDPR has a direct impact on your business or not. This regulation is limited to European Union and not all businesses around the globe are dealing with the region. However, if your organization has any business contact with European users, it is safe to say this regulation will affect your company.

The GDPR is very strict and can be harmful to businesses of any size, from big corporations to startups. Fines can either be up to €20 million or 4% of the global annual turnover, whichever is greater. This is no joke. If you are in doubt, it’s better you get everything ready.

Key Points Of The GDPR

The GDPR is made of a complex set of rules. However, there are few key changes to keep in mind when trying to understand the implications of GDPR for your organization.

#1 Increased Territorial Scope

The biggest change that this regulation brings to the table is that every company (regardless of their physical location) dealing with “personal data of data subjects residing in the Union” will be affected by it.

#2 Consent

The GDPR puts a great pressure on making user consent its focus. Companies need to ask for consent in an “intelligible and easily accessible form“. No more long forms, no more complex legalese. Consent must be clear and the users must opt-in.

#3 Breach Notification

Starting on 25th of May 2018, breach notification will become mandatory. This means that whenever a data breach happens that can “result in a risk for the rights and freedom of individuals”, the breach must be communicated to affected users within 72 hours.

#4 Right To Access

This is an important step towards data transparency. Any user now has the right to ask for confirmation about whether or not his or her data has been processed and for what reasons. On top of that, businesses must provide this data in an “electronic format, free of charge“, if requested to do so.

#5 Right To Be Forgotten

Users can now also request that their data gets erased from the database and stop being shared with 3rd parties at any time.

As a startup founder, you might be thinking that aligning IT and Marketing to these procedures will be enough. However, you might be facing (a not so pleasant) surprise if you keep thinking that way. Making sure every single department and activity in your company follow this new regulation will become crucial for your survival.

One of the teams that deal the most with user data is your sales team. Let’s take a look at the implications of the GDPR on sales teams:

Is Your Sales Team GDRP-Ready?

Most likely the answer is no.

Sales professionals might not be thinking that data privacy has something to do with sales activities. There are, however, a few key questions you want to start asking yourself to re-evaluate this conclusion:

  • How is your sales team currently getting leads?
  • Are you purchasing lead lists for your sales team?
  • Is your marketing team using leads generated by your sales team for marketing campaigns?
  • Is your sales team sending out cold emails?

If you have answered yes to any of these questions then your organization will need to consider how to comply with the GDPR.

How To Get Your Sales Team GDPR-Ready

Personal data is at the heart of sales prospecting. The GDPR will have a direct impact on how sales teams think about and handle personal data. Personal data means name, emails, phone numbers and anything else that relates to individuals.

By looking at the most common sales activities, it is possible to understand the DO’s and DON’Ts to get your sales team GDPR-ready.

Cold Calling & GDPR

Cold calling is the most common practice sales professionals go through on a daily basis. At this stage, the GDPR has nothing to control cold calling. It is important, however, to remember that consent plays an important role in this new regulation. This means that in case you want to add the prospect to your sales CRM or want to call them again, you will need to make sure to ask the prospect for their consent. Asking over the phone won’t be enough tough. The consent must be put in writing. We suggest a short and clear cold call follow-up email where you repeat few important things:

  • The purpose of the call
  • What you agreed on during the call
  • Why you are following up via email

Your sales team will need to mention that this is a process to comply with the GDPR. On top of that, if your marketing team is planning to add that lead on to the email marketing list, there will be a need for further consent by the prospect. Remember, if a prospect asks to delete his or her data from the database, you will need to comply.

Action Item: Follow up via email to make sure your prospect agrees to receive new communications from your company.

Cold Email & GDPR

In case your sales reps are sending out personalized emails to specific prospects you should not have any issues. However, it is important that you consider how those email addresses are collected.

Did you buy a list of email addresses? In this case, you should not use this data, as the users did not consent to receive emails from your business specifically.

Once again, it is extremely important to think about how your sales team collected those email addresses. It is crucial because email outreach needs to be personalized and relevant to that specific person.

The best way to proceed is to make sure that your sales team includes a comment in their email about why they think this email is relevant to the prospect and how he or she would benefit from this communication. Your sales reps also need to keep asking for the consent of the prospect to add their data to internal tools (meaning collecting name, email address and add them to the company CRM). Consent is crucial and it’s important to keep those replies in an accessible database for proof.

The GDPR translates into stopping a “spread & pray” approach and having more a “laser focus” approach.

Action Item: Your sales team will need to become more focused in their approach. As a manager or CEO, two things will be very important for pure cold emailing, “how” the email address was collected, and “why” that email was sent. Create an internal process to handle user data to comply with the GDPR.

Email Tracking & GDPR

We need to also address email tracking, a tool many sales reps use daily. The Article 29 Working Party has called out this practice because the recipient has no idea he or she has been tracked.

The GDPR directly addresses “monitoring” users for the purpose of making a decision.

Website usage tracking is an example of user monitoring, a common practice among marketers to decide what’s relevant for users. However, monitoring per se refers also to tracking email openings. It is still unclear how this section of the regulation will be actually applied, but we go back to the main idea behind the GDPR – consent. Your sales team should be honest about tracking emails to avoid issues. However, being transparent will also limit the power of such tools.

Action Item: Although still unclear on how this will be applied and controlled, it is safe to start asking for consent, if your sales team wants to keep using email tracking tools.

Social Selling & GDPR

Social selling has gained more and more traction in recent years because it is more relevant to prospects if used correctly. Companies that implement social selling practices consistently are 40% more likely to achieve their goals than organizations using traditional methods.

The good news here is that the GDPR doesn’t prevent your sales team from using social media to connect, approach and talk with potential prospects. Once the prospect accepts the invite to connect, he or she has given consent.

If the conversation moves out of social media, it is a good practice to request their consent again. This is an extra step that will just make your sales team (and your company) complaint with the GDPR. Remember, however, that having a new connection on LinkedIn doesn’t mean you can add their email address for mass marketing email.

Action Item: Make use of social media platforms more often to get in contact with prospects. Social selling is still on the “safe” side and if used correctly can give better results than traditional methods.

Networking & GDPR

Business events, conferences, and meetups are great occasions to meet potential new clients. The GDPR has nothing against your sales team meeting other people (obviously). However, your organization will need to start paying attention to how the marketing team will use that data.

Sales reps will still be able to use those business cards for follow-up emails and cold calls, they just need to make sure to follow the above-mentioned tips. However, what companies will need to stop doing is to get that data into the marketing database for email marketing without users’ permission.

Action Item: Get consent from users to be part of your marketing database and make sure they have opted-in to receive those emails.

Referrals & GDPR

Referrals are another great “warm” way to get introduced to potential customers. Considering this practice is very common in some industries, it is good news to know that the GDPR has nothing against it.

The best (and safest) way is to ask the client/person who is willing to do the introduction is to do so via email, in a clear and simple way. By doing so, your team will have a recorded communication to prove how the contact was received.

Action Item: Ask for a formal introduction by the contacts who are willing to give a referral.

Final Thoughts On GDPR & Sales

The GDPR will have an enormous impact on how your sales team and your company deal with prospects. Some might think these changes will have an overall negative impact on businesses. However, I don’t think so.

First of all, the GDPR gives more rights to users and how businesses can track and use their data. Who among us is not somewhat fed up with the number of non-personalized marketing emails we receive daily? Don’t you wonder sometimes how your data ended up in someone’s database?

On the other hand, the GDPR will also benefit organizations that put great attention to sales and marketing processes. Sales professionals who follow the right procedures and leverage their networks, combined with companies who have strong processes in place will keep being profitable also under the GDPR. The focus moving forward will be on building strong relationships with prospects and stop treating them just like numbers.

Your sales team funnel will be slimmer without any doubts, but it will have only relevant prospects. The GDPR’s ultimate aim is to protect users data, however, by applying the regulation in the right way, your sales team and company should end up focusing mainly on qualified prospects.


*This article is not a legal instruction. This information is supplied without liability.*



Sharing is caring!