Despite concerns to the contrary, GDPR is not the end of cold calling. So take a deep breath, sales and marketing teams. You can still conduct outreach over the phone while meeting GDPR cold calling data protection requirements. However, you’ll likely have to rethink and revise your outreach strategy to stay compliant.
For those of us in the RegTech space, the way we engage in B2B cold calling is an important demonstration of GDPR expertise. The compliance decision makers you reach out to will be well aware of whether your communications are or are not lawful. Compliant cold calling is a compelling way to start gaining their trust. The same goes for anyone, whatever industry you’re in. Respectful, clear, and focused communications are the best way to catch someone’s ear — GDPR or no.
The General Data Protection Regulation (GDPR) went into effect in May 2018 and substantially reformed the way organizations can collect, process, and store the personal data of EU citizens. The regulation caused quite a stir among sales and marketing leaders, who use such data daily in their email and B2B cold calling outreach.
At its core, the regulation is meant to improve data protection standards to keep individual’s personal data secure. There are several key components of GDPR compliance to know about to ensure your data collection and subsequent cold calling are up to standard. We share five of them below.
5 Aspects of Compliant GDPR Cold Calling
At Gungho, what we do best is connecting with compliance decision makers by striking up genuine conversations via cold calling outreach. Naturally, we’ve thought long and hard about the implications of GDPR, and we’ve identified five core pieces of the compliance puzzle.
Establish legitimate interest
Sales calls, in their ideal state, are meant to be helpful and informative. B2B cold calling is not all about getting someone to buy today. That’s just pushy. Effective outreach focuses on contacts that would have a genuine interest in what you are offering, not on unqualified prospects, and starts up a conversation, rather than a hard pitch.
Makes sense, right? If so, you’re well on your way to grasping legitimate interest.
GDPR requires businesses to identify a legitimate interest for processing the personal data of individuals who haven’t previously opted in to receive outreach. The regulation identifies several possible sources of legitimate interest:
1. Your own interests, as a business
2. The interests of those you are reaching out to
3. Commercial interests, including client or employee data, marketing, and fraud prevention
The first step to GDPR cold calling, just like any good outreach, is to confirm that a prospect would be interested in your product or service. For example, if you offer a compliance solution, it’s reasonable to conduct cold calling to someone in a compliance function (like a chief compliance officer) at a financial institution.
Apply the balance test
Keep in mind that an individual’s rights come first, before yours as an organization. Ask yourself, will my cold calling benefit my company more than the individual I’m reaching out to?
If there’s any chance that your outreach is unnecessary, unexpected, or could cause an individual harm, take a step back and evaluate. The balance test is all about weighing a prospect’s rights against your own to confirm that you do in fact have grounds for legitimate interest.
Consent is a big piece of GDPR compliance. You’ve probably heard it discussed in connection to email opt-ins. But for cold calling, consent is a bit different.
In email marketing, you must clearly state how data you collect will be put to use and openly provide the opportunity for individuals to opt in or out. With cold calling, simply by taking your call and engaging in conversation, your contact is providing consent. Although you don’t have to ask for consent directly, it’s still best practice to be upfront about who you are and why you are calling.
Guarantee the ability to opt-out
Not everyone is open to your product or service, and that’s alright. Under GDPR, companies must explicitly offer a way for individuals to opt out of marketing and sales communications. Maybe the person you are cold calling isn’t the right decision maker, simply isn’t interested at the time, or doesn’t want your business storing their data.
Either way, if someone objects to your cold calling, you must stop processing their data.
Develop clear workflows and documentation standards
Documentation standards are one of GDPR’s biggest additions. Companies are required to clearly document legitimate interest, consent, and their reasoning for processing data — aka the balance test.
Setting up clear workflows is the best way to guide sales and marketing teams through GDPR cold calling. Workflows ensure documentation is completed properly and that sufficient thought is put into your outreach. Further, workflows establish a process for opting individuals in and out at their request.
Regulatory change is always tough to navigate. GDPR is no different, but by refining your approach to B2B cold calling, it’s still possible to conduct effective outreach while respecting an individual’s rights to data privacy.
Still have questions about cold calling under GDPR? We’re here to talk more about our process and how you can comply with GDPR while implementing a strong outbound sales program.