GDPR best practices for commercial prospecting

The main principles of the GDPR

 

The GDPR has two parts: A visible side and a hidden side. These two parts are:

Keeping clients and prospects informed! (the tip of the iceberg)

• Publish a privacy policy clients compliant
• Publish a compliant cookie privacy policy
• Publish a compliant cookie banner
• Publish information wherever necessary
• Publish a label of conformity

 

Control your technical service providers! (the hidden side of the iceberg)

If you're a provider, you need to publish the DPA (Data Protection Agreement) online. In any case, audit your providers and make sure they comply with GDPR.

In principle, compliance can take a long time, but it's more of a start-up investment. Thereafter, it's mostly a question of evolution.

The 5 tips to be GDPR compliant when commercial prospecting

Prospecting is almost free in B2B

Prospecting is almost free in B2B. Everyone thinks that prior consent is required, but that's not true, because there's no need to opt in, and there's no limit on the duration of Data retention.

However, there are some simple conditions to meet:

• Provide information to prospects about the sources from which their data was collected
• Give prospects the option of unsubscribing (The option of unsubscribing can take several forms: instruction, button, ...
• Only prospect people who are relevant to your business.

Within this framework, the transfer of databases is free and the scraping of public information is authorized.

 

Postal and telephone canvassing is virtually unrestricted

• Opt in only concerns SMS and email
• This exception applies to both B2B and B2C sales.
• Beware of Bloctel in B2C
• Free database transfer

 

Use GDPR service providers

There are different types of providers. It is mandatory to check providers to verify their GDPR compliance. Care must also be taken whether or not the provider is located within the EUe.g : USA). The use of tools such as Crisp or Calendly, which are in the USA, requires a prior contract.

Alternatives to Google Analytics :

• Very complicated and risky: you can ask Google Analytics 3 not to display your IP address.
• With Google Analytics 4, it's far too early to say whether they're really compliant or not.
• Alternatives proposed by the CNIL (National Commission for Information Technology and Civil Liberties) : Matomo, ...

 

Always respect the Opt out

You must never forget to allow your prospects to unsubscribe. You need to make unsubscribing as accessible and easy as possible, otherwise it can lead to an aggressive exchange, or you can end up with spam.

Prospects should also be informed of the sources of their data collection at the end of each e-mail.

Always respect the Data retention retention period

Data may be kept for 3 years from the last contact.

In B2C, you should never delete the bases, but transfer them to an "unsubscribed" database, otherwise you'll have no trace of the Opt out, or you'll potentially prospect these people again.

How to take advantage of the GDPR to prospect

 

Competitive advantage

The CNIL (National Commission for Information Technology and Civil Liberties) indicated in its report for 2022 that prospecting would be its main focus this year.

• 72% of French people are opposed to their personal data being stored outside the European Union
• 66% of French people say they could change provider if it's not GDPR according to Ifop poll for OVH in 2021.
• Leadjet, Dropcontact, etc. are now staking their success on GDPR compliance
• Possibility of a label

 

Remove checkboxes from forms

Regarding newsletter, contact and registration, you need to remove the checkbox from the forms, as this wastes prospects unnecessarily and prospecting is already authorized. In B2B, when a prospect registers on your site, you can prospect her. However, you need to be careful with B2C partners!

 

Prepare explanatory responses on GDPR compliance for prospecting campaigns

This preparation greatly reduces the number of CNIL (National Commission for Information Technology and Civil Liberties) ) complaints and improves the company's image.

 

Prospect generic emails

The GDPR doesn't apply with generic emails so there's no Opt in or Op out.

Generic emails are not personal data. The GDPR only applies to personal data.

The best commercial prospecting techniques and the GDPR compliance that goes with them.

 

No technique is "non-compliant" in principle, i.e. all techniques (marketing, automation, etc.) are legal as long as the basic rules are respected. However, some techniques are more dangerous than otherse.g marketing automation) or information scraping.

What's important is the working method. Any technique can be compliant. You need to know whether you're following the rules or not.

Pay attention to the tools used and the quality of messages

The different options for managing compliance over the long term: costs and planning

 

Options for managing compliance over the long term

• Professional DPO software => requires good knowledge and an in-house expert
• outsourced DPO firm outsourced > good compromise
• In-house DPO => less and less used, as in many cases it is less effective and the cost is high.
• Law firm => Very high level of compliance but less and less used because prices are excessive and time-consuming
• Average budget: 5/6k per year
• Schedule: several months for initial compliance on average

GDPR and commercial prospecting: Questions / answers

What about bulk emailing for sports associations?

If the information relates to an association, it's not canvassing. So there's no problem if people have a vocation to receive these emails.

 

What's the solution for freelancers?

For freelancers, it depends. But generally speaking, there's no recurring need. So you need a one-shot approach. For example, hiring a lawyer because there's not a lot to do.

 

If we're reselling leads: - Creating a site with a form (where we clearly indicate that we're working with partner companies) - And we contact partners who will recontact the end client ; What about GDPR in this case?

Selling, reselling or even renting leads is legal in B2B.

In B2C, it's different because you need Opt in, so you have to go through a checkbox to send information to partners.

 

More questions about the GDPR ? See our FAQ page

Webinar organized with WordPress digital agency Pilot'in