Contrary to popular belief, it is still legal and effective to send businesses sales emails now the GDPR is enforceable. This article dispels the myths around cold emailing under the new regulations and gives you some simple, actionable tips to ensure your campaigns stay compliant.
First off, I am sure you have seen a few definitions of what the GDPR is and what it means so I will keep this brief. The General Data Protection Regulation is a legal regulation issued by the Council of the European Union and The European Parliament. Its main purpose is to protect the personal data of EU citizens. The GDPR is not about cold emailing. It is not about businesses. It is about personal data protection. However, sending business emails does mean processing personal data so there are some key things you need to keep in mind when emailing in a post-GDPR environment.
Ensure Your Prospecting Is Targeted and Appropriate
Explain Legitimate Interest in Your Email Copy
Make It Quick and Easy To Unsubscribe or Opt-Out
Regularly Cleanse and Maintain Your Database
Prepare An Informative Reply For GDPR Complaints And Questions
First off, I am going to briefly deal with this question as I know that anyone who has experienced the onslaught of GDPR articles and emails from B2C companies will be confused about this point.
The EU even declares: “The proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private life and open up new opportunities for business.” The ePrivacy Regulation specifically leaves it up to the individual countries within the EU to decide whether ‘unsolicited commercial communications’ (a.k.a B2B cold email campaigns) should be opt-in or opt-out. In the UK we have opted to follow PECR (the Privacy and Electronic Communications Regulations of 2003) which means that business to business communications do not require opt-in consent.
Lead generation and prospecting are essentially sourcing personal data to use in sales campaigns. Despite protecting personal data, the GDPR doesn’t stop people prospecting or collecting leads, it simply demands a greater level of care and accuracy from lead generators. Under the GDPR, the personal data you collect should be adequate and relevant to the purpose of its processing. That means you have to consider two key things: the adequacy of your data collection (how much data do you really need for what you are going to achieve) and the relevancy of your data collection (is the data you are collecting the right data for your purposes).As professional lead generators, we help set the target criteria for our client’s prospecting activities routinely.
where are the prospects you want to speak to? Where will your service or product be most relevant?
who do you already work with? Which of your clients are most profitable/find your service most useful? Who have you spoken to who has a use for your service? What experts can you consult to evaluate industry need?
are the companies you are approaching large enough or small enough to require your service? How many employees do they have? What is their annual revenue?
are you contacting the right person from your chose company? Are they senior enough to make a decision? Are they in a department with a use for your product or service?
It is your responsibility to ensure any lists you buy are fully compliant under the new regulations. As a supplier of email lists and leads for countries across Europe WEBPHLOX Media has taken steps to ensure total compliance.
How do we do this? We build and verify lists for ourselves and for our clients from scratch according to very specific targeting criteria, from publicly available sources. Building the lists ourselves with target criteria in mind means we can ensure the adequacy and relevance of the data collected, and that we can keep detailed records of our lead generation process.
Explain Your Legitimate Interest In Your Email Copy
With effective targeting your reasons for contacting a prospect should be self-evident, but always follow through in your email copy and explain exactly why your offering is relevant and why you are reaching out.
You need to immediately cut to why you think your recipient is a relevant person for you to be contacting and how you have then processed their data to make contact.
Legitimate interest is one of the 6 lawful bases of processing data under the GDPR and covers business interests. The ICO describe it as the most appropriate basis when “the processing is not required by law but is of a clear benefit to you or others”.
However, the legitimate interest basis is NOT a catchall excuse you can use to cover anything in the realm of business. A process needs to be followed to ensure you remain compliant with the GDPR. Using legitimate interest as a lawful reason for processing data is only legal if your interest outweighs an individual’s right to privacy.
As Article 6, Clause 1 in the GDPR Legislative Acts states, legitimate interest is only legal if “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Look up the company’s LinkedIn profile or website and check to see if your offering would support their goals
Check for recent investment or funding if your offering supports growth
Check to see if any of our past clients are in a similar industry or have a similar offering
Look for referrals or inside information from our network
Check to see if the company is expanding into a relevant area for your service, or expanding generally if your offering supports growth
Check to see if the contact has asked for any information or has begun a search for a service or product your provide
There are a few ways to do this. Woodpecker in their excellent guide to GDPR preparation suggests including a disclaimer that informs the recipient of your email their data has been processed. This should include three key pieces of information:
a statement informing the recipient how you keep their data confidential;
a short explanation of why are you contacting them;
Instructions the recipient can follow to change the data you process or request removal of their data from your list.
Look up the company’s LinkedIn profile or website and check to see if your offering would support their goals
As someone sending cold email campaigns, you need to inform your recipients how to exercise their right to erasure and their right to restriction. In layman’s terms — you need to give people a clear way to opt-out. An ‘unsubscribe link’ at the bottom of your email is the easiest way to automate that process and ensure compliance across your lists. Any outreach program or software today will have an automated unsubscribe feature as a basic part of the service. However an unsubscribe link is only one of the suggested ways of opting out. In gov.uk’s official Marketing & Advertising guidelines, they say: “You must make it easy to opt-out — for example by sending a ‘STOP’ text to a short number, or using an ‘unsubscribe’ link.”
Beyond simply removing people who have opted out or unsubscribed, the GDPR also means that you shouldn’t be holding onto leads for months on end or inaccurate contact information. You must cleanse your CRM database regularly of inactive or unresponsive leads, check that your contact records are fully up-to-date, and appropriately label and tag your data to record how you have collected and processed personal data.
Finally, expect some pushback from your prospects. There is a lot of misinformation about the GDPR and what it means for sales and marketing strategies going forward. Some people are going to be angry you emailed.
Of course, if your targeting is accurate and your copy is respectful and informative, your offer may carry you through. However, if a few cases prospects will lash out. Cold emails are still cold emails, regardless of how relevant they are. Here are a few questions you might get asked and what to cover in your answer. Any response can include a combination of these three main points.
This is completely within a prospect’s rights to ask, even if the email address in question is corporate. The fact their name is written out within the email address makes it personal. Your legitimate interest needs context. If your service does not specifically relate to the company’s statute, explain the reasons you thought them a relevant person to contact. By keeping detailed records of your lead generation process, you will be able to give a detailed answer about how and why you sourced a person’s data.
If your service does not specifically relate to the company’s statute, explain the reasons you thought them a relevant person to contact. A new company project? Their website? Their LinkedIn profile? An article they have recently shared?
If you are emailing people at scale, take care in researching the companies you are contacting. Is there something on their website or in the press which gives you particular reason to email them? Have you been helpful to other companies in this industry? There are more general answers that do not require a deep dive into someone’s LinkedIn likes.
If you have used past customers to build out your target criteria (a typical customer profile), a response you can use across your campaign is:
“We have collected and processed your data on the basis of legitimate interest. Given how beneficial our [product/service] has been for [company profile/prospect profile] in the past, I believed our offering to be of benefit to you.”
Here is an example of an answer one of our reps might use: “I was researching [company name] as I thought our services might be of interest given success we have seen for FinTech solutions in the past and after finding your public profile on LinkedIn I believed you to be the most relevant person to contact regarding our services. I then guessed your email address and ran it through a verification tool we use to build lists for all our clients.”
Explain where you found their data, why you thought they were appropriate to contact and why you thought they’d be interested in your offering.
Again, if you keep detailed lead generation records, or ask for these from your suppliers, then you have a detailed response to this question.
If you are using WEBPHLOX Media for list building, check with your account manager what sourcing process we are using. For example, if we are using LinkedIn to source your leads, a good response to the prospect would be:
“We are using a third party prospecting service (www.webphloxmedia.com) and they found your profile on LinkedIn as you fit our typical customer profile. They then guessed your email using publicly available information and ran it through a verification tool.”
The GDPR enforces your prospects’ right to be informed and right of access (subject request), which means if asked you must provide the information you have collected and how it has been processed. At WEBPHLOX Media, we collect minimal prospect information all of which is exclusively B2B and publicly available. A good response for our process would be:
“Your name, email address, company name and job title are the only data that we hold. As per your rights, we will delete this from our database if you are not interested in our services or wish us to do so. Your data is not being held in any other database or being resold.”an it through a verification tool we use to build lists for all our clients.”
OVERVIEW FOR BUSINESSES: What the act covers
PRIMARY REQUIREMENTS OF THE LAW: Respect for non-compliance & International laws apart from relevant professional practices.
CAN-‐SPAM ACT 2003: Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003). 2008: Commission voted to approve a Federal Register Notice clarifying various elements of the original Act CAN-SPAM addresses U.S., not other countries
TWO PRIMARY TYPES OF MESSAGES COMMERCIAL CONTENT: Transactional or Advertises or promotes a Relationship Content: commercial product or Facilitates an already service, including content agreed-upon transaction or on a website operated for a updates a customer about commercial purpose. Inform the primary purpose
Question: How do I know if what I’m sending is a transactional or relationship message?
Answer: The primary purpose of an email is transactional or relationship if it consists only of content that
facilitates or confirms a commercial transaction that the recipient already has agreed to;
gives warranty, recall, safety, or security information about a product or service;
gives information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship;
provides information about an employment relationship or employee benefits; or delivers goods or services as part of a transaction that the recipient already has agreed to. Contact WEBPHLOX Media at [email protected] for a copy of the OUR DESK document.
Know the primary purpose | Look at the subject line | Determining factor | Look at the content | Location of transactional portion.
A COMMERCIAL EMAIL EXAMPLE: Subject Line: [First Name], it’s the LAST DAY for FREE SHIPPING & a FREE $20 Reward E-Card
PRIMARY REQUIREMENT# 1: Do not use false or misleading header information – From, To, Reply-to, etc. routing information (originating domain name). Be accurate—identify the person who initiated the message.
PRIMARY REQUIREMENT# 2: Do not use deceptive subject lines Examples – Guilt free eating, Try it FREE, Here’s Money You Never Knew You Had, etc.
PRIMARY REQUIREMENT# 3: Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement. Do not hide the fact that your message is commercial in nature, if it is. .
PRIMARY REQUIREMENT# 4: Tell your recipients where you are located. Valid physical postal address. Post office box registered with the U.S. Postal Service. Private mailbox registered with a commercial mail receiving agency established under Postal Service regulations.
PRIMARY REQUIREMENT# 5: Tell recipients how to opt-out of receiving future email from you. Clear and conspicuous explanation of how to opt-out. Ordinary person must be able to understand. Use type size, colour, and location for clarity. Provide a return email address or another easy Internet-based way to communicate choice. Opt out menu allowed, but must include option to stop all commercial messages from you.
PRIMARY REQUIREMENT# 6: Honour opt-out requests promptly. Opt-out mechanism must last for at least 30 days AFTER you send your message. Must honour opt-out request within 10 business days. Can’t charge a fee. Can’t require any personally identifying information beyond email address. Can’t require any step other than sending a reply email or visiting a single page on an Internet website as a condition for honouring opt-out request. Can’t sell or transfer opt-out email addresses, except to a company you’ve hired to help comply with CAN-SPAM.
PRIMARY REQUIREMENT# 7: Monitor what others are doing on your behalf§. Even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law
One can be designated as sender IF they Meet definition of “sender” according to CAN-SPAM (i.e. initiate a commercial message advertising or promoting their own goods, services, or website. Are identified in the “from” line. Comply with the “initiator” provisions of the Act. Initiator—non-deceptive transmission information, no deceptive subject heading, valid postal address, working opt out link; proper identification of message’s commercial or sexually explicit nature
Messages with sexually oriented material must include the warning below at the beginning of the subject line: “SEXUALLY-EXPLICIT” Brown paper wrapper—no images, UNLESS, recipient has given affirmative consent to receive the sender’s sexually oriented messages
HOW MUCH? Each separate email in violation of the law is subject to penalties of up to $16,000, and more than one person may be held responsible for violations.
Aggravated – if Violation was wilful, one or more violations.
Reduced – if Defendant established and implemented, with due care, commercially reasonable practices and procedures designed to effectively prevent such violations, Violation occurred despite commercially reasonable efforts to maintain compliance.
“This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.”
CANADA Opt-in law – “It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied”. “Implied” suggests “existing business relationship,” but 2-year limit§. Unsubscribe requirements: similar to CAN-SPAM§. No harvesting; no dictionary attacks.
Any material advertising the commercial availability or quality of any property, goods, or services which is transmitted to any person without that person’s prior express invitation or permission, in writing or otherwise.