The good news is that operating a successful sales and marketing function is absolutely still possible under GDPR. The key is to ensure that data processes are fully considered with a compliance first mindset. To help, we’ve listed below some of the main considerations sales and marketing teams will need to comply with:
The right to be informed
The right of access
Data subjects can request a full copy of the information your business holds about them at any time. You are obliged to provide this in a commonly used electronic format and this must be provided within 30 days of receiving the request. Whilst you have the right to refuse any requests that are deemed deliberately unfounded or excessive (particularly if they’re repetitive or in quick succession), you must tell them you are doing so within one month, and at the same time informing them of their right to complain to the supervisory authority or take legal action.
The right of rectification
If at any point an individual finds the information you hold on them is incomplete or incorrect, then they can request that you rectify it. These changes must be made within one month.
The right to erasure
The individual has a right to have their personally identifiable information deleted completely from your system on request. This is also known as the ‘right to be forgotten’. It is important to know the difference between erasure and opt out. In order to opt out, your organisation will need to retain some personally identifiable information. For example in email marketing, to ensure suppression of opt outs organisations will have to keep a database of all email addresses that do not wish to receive email communication. If a request for erasure is received, the data subject is effectively asking for all data that is held to be removed – including any data held on suppression files. The result of this could be that in the future, if data is erased that it could be added again, however if it is permitted to be suppressed, the business is in a position to be able ensure any future email correspondence is suppressed. Organisations should look to manage the expectations of requests to ensure that the data subjects understand the difference between erasure and suppression.
The right to restrict processing
An individual can object to you processing their data for any task they wish. While you must abide by their wishes, you can continue to hold data that does not conflict with their request. An example of this would be in email marketing when a person requests to opt out.
The right to data portability
If someone has willingly provided their information to you, they also have the right to request that you transfer this data to another organisation, in a standard electronic format. If this service is requested, you must comply within one month, free of charge.
The right to object
Individuals have the right to object to any form of data processing and marketing, at any point, including to retract consent they have previously given.
Right to object to automated decision making
To protect individuals from potentially damaging decisions being made by automated systems, users can request the manual intervention of a human. Any systems you currently have need to be updated, to allow cases to be referred to decision makers that can speak to the user directly in the case of a dispute.
In summary, individuals are being given far greater control over their data and the onus is on organisations to ensure these rights are met in a timely manner (typically being one calendar month from the date of a request).
In the past, marketers would traditionally have tried to gather as much information as possible about potential customers, to better understand and target them (profiling). But under the new GDPR rules, marketers will only be allowed to gather the information that is required to fulfil the purpose of the data processing. Any information gathered must be relevant and targeted, to be considered legally justified.
This means, for example, that if you run a competition or campaign to gather data, it can only be used for the purpose initially agreed.
If you gather information which is deemed unnecessary, or are found to be using data for purposes other than it was given, then you could be in breach of GDPR rules and find yourself on the receiving end of a hefty fine.
In the B2B world, marketers will be able to leverage ‘consent’ or legitimate interest’ as a lawful basis for processing. Emails that target a B2B audience and which leverage a segmented target database are likely to be able leverage ‘legitimate interests’ as the reason for collecting and processing data.
For example, if an organisation sells HR Software, and sends an email about the HR software to HR Managers at their business email address, it could be feasible that the recipient would be interested in the software based upon their current job role, which could be deemed as a legitimate interest. If however, that same HR Manager becomes the Sales Manager, the individual is unlikely to still be interested in HR software and therefore the need for businesses to keep data up-to date and current is critical.
Regardless of who you’re sending your email to, you must never conceal your identity and must always clearly identify the marketing context of the message itself. Each email or message needs to provide clear information about how to withdraw consent, which must be simple to do.
The Opportunity Presented by GDPR
At first glance, these new rules may seem like a headache for marketers, but it’s not all doom and gloom. The reality is, that marketing will adopt a data first mentality, and the importance of safeguarding the interests of the data subjects with be front of mind – which can only be a good thing!
Marketers will be encouraged to think about how they are handling data, what they are using it for and why they are using it? And, should look to document their thought processes and rationale in extensive policy documentation to show effective due diligence. It is right that marketers adopt a more segmented, relevant approach to marketing – which should in turn actually yield a better overall result for the business whilst protecting the rights and freedoms of the data subjects at the same time. A double bonus.
Will GDPR Kill Off Sales?
GDPR doesn’t mean the end of sales!
Like marketing teams, sales teams should be looking to take a highly targeted, segmented approach contacting only those that have either consented to receive sales correspondence or those that are likely to have a well thought out legitimate interest in the product or services being sold.
Sales professionals need to take heed of the right to withdraw consent, and therefore an effective CRM system is a must to ensure that sales professionals can centrally log a withdraw request from a data subject.
What can Lead Forensics do for your business?
Imagine if you could take control of your lead generation activity and convert sales-ready prospects, before your competitors even get close? Lead Forensics is the software that reveals the identity of your anonymous website visitors, and turns them into actionable sales-ready leads. In real-time.
Lead Forensics can:
- Tell you who is visiting your website
- Provide highly valuable contact information including telephone numbers and email addresses
- Give insight into what each visitor has looked at, as well as where they came from.
Take a look for yourself with a free, no obligation trial – you can get started today!