GDPR and Cold Email Explained in 4 Rules

A discussion on the rules to follow when prospecting in Europe.

5 key points to remember

GDPR & Cold Email

A discussion on the rules to follow when prospecting in Europe.

julienanthonypower

GDPR? What?

The GDPR is a law that came into force on May 25, 2018, and aims to protect European citizens data.

julien

Rule #1: Have a legitimate interest (Article 47)

This amounts to correctly targeting your prospects and cleaning up your lists.

anthony

Rule #2: Contact on a professional email

This rule has not changed. It is forbidden to send an email to someone on their personal email address.

julien

Rule #3: Unsubscription (Article 21)

There must be a clear and visible way to opt-out of your emails.

anthony

Rule #4: Accept deletion of data (Article 17)

A user can request that we delete all personal data concerning him (and his email address is one of them).

julien

Discover ProspectWith

Identify new prospects & companies automatically and put your lead generation on autopilot.

yoda

GDPR? What is that?

julien

Broadly speaking, the GDPR (or General Data Protection Regulation) is a law that came into force on May 25, 2018, and aims to protect European citizens' data.

anthony

Ah yes, is this new law preventing us from sending emails to people who have not given us their consent?

julien

Not really… To be honest with you, I've heard everything so I ended up doing my research. We will detail all you need to understand when it comes to B2B prospecting. And we're going to simplify it into 4 easy-to-remember rules.

power

The GDPR is a text that is 88 pages long if you have the courage or cannot sleep tonight, you can consult it here in the language of your choice.

Rule #1: Have a legitimate interest (Article 47)

julien

What we are trying to figure out by reading this text is: can I send a prospecting email to someone I have never met? And the answer is yes, provided that the latter has a legitimate interest in your solution.

anthony

Legitimate interest? What does that mean exactly? How do we define a legitimate interest?

julien

Well, it's not 100% clear. Legitimate interest is what they wrote in the text. This amounts to correctly targeting your prospects (and cleaning up your lists) so that they are at least interested in what you are selling to them. To caricature, sending an email to sell a TV to a blind man or accounting software to marketers breaks this rule.

anthony

I see. We can say that this legitimate interest clause was added to put spokes in the wheels of spammers who send hundreds of thousands of emails a month without taking time to target correctly.

julien

Yes, and it makes sense if you think about it a little. Prohibiting prospecting means reducing Europe's GDP in the coming years and putting a lot of people out of work because many B2B companies will be in trouble. The rule is simple. Your recipient must have a legitimate interest for you to contact them.

Rule #2: Contact on a professional email

julien

Another thing to know is that the GDPR has not reinvented everything. In France, for example, we have the CNIL, which has long set the rules concerning prospecting. For instance, it stipulated that c but that it was authorized on a professional email. This rule has not changed. Also, as you can imagine, each country has its regulations. Except for a few exceptions that I am unaware of, the vast majority prohibit prospecting on a personal email.

julien

So, I'm not a lawyer, so check well before if you are in this case, but there seems a profession that could derogate from this rule: recruiters. At least, that's what one of them told me. And after all, that would make sense. If you don't have a job, you don't have a professional email.

anthony

Interesting, but there's something I've been wondering about for a while now. If I am a company not in Europe, say, in the United States, does the GDPR concern me?

julien

If you are a non-European company, you do not have to comply with the GDPR if you do not prospect for any European citizen and establishment in Europe. Otherwise, you are concerned (and fortunately). We tend to forget that the European regulators did not make this law to prevent startups from prospecting but to put in place a well-defined legal framework to protect the data of European citizens. As if to avoid the digital giants of today and tomorrow from continuing to do anything.

Rule #3: Allow unsubscription (Article 21)

julien

Another critical point to respect concerns the fact of allowing the recipients of your emails to unsubscribe from your sequence. There must be a clear and visible way to opt-out of your emails.

anthony

There must be an unsubscribe link as we are used to in newsletters?

julien

Yes, for example. Or a sentence at the bottom of the email that states that they can reply to this email indicating that they are not interested and do not wish to be contacted again.

anthony

The problem with the link is that it shows that it's automated. It doesn't sound very human or natural.

julien

Yes, it's true. I tend to put a short sentence at the end of the message. Another benefit is that it slightly increases deliverability as mail services see people responding to our emails.

anthony

So clearly, if someone unsubscribes from my sequence, can no one in my company contact them again to offer them this same service?

julien

Yes. Hence, it is essential to use your CRM as a source of truth between teams and set it up properly to avoid this scenario.

Rule #4: Accept deletion of data (Article 17)

julien

Another point that must be anticipated when prospecting is that a user can request that we delete all personal data concerning him (and his email address is one of them).

anthony

So basically, I delete it from my CRM?

julien

Exactly and every other place it may be. It's something you have to honor and can sometimes be more complicated than you think, especially in large companies with many nested solutions. For startups, the process should be reasonably quick overall.

In conclusion ?

anthony

And what do we risk in the end if we do not respect any of these rules?

julien

Well… In most cases, a fine. The text stipulates that this can reach 20 million euros or 4% of annual income depending on the circumstances.

anthony

Alright. We put the key under the door in the end.

julien

I was able to see a few startups that were sanctioned, and of course, the fines did not reach an amount close to the maximum amount. It all depends on the context and the seriousness of the violation. In 2020, according to a study by DLA Piper, European regulators imposed $188 million in fines, the majority of which came from big players: Google ($56.6 million), British Airways ($26 million), and Marriott ($23.8 million).

julien

The bottom line is that the GDPR is overall (in my opinion) a good law. It aims to protect the interests of European citizens against the excesses of certain companies. If you do it right and follow the rules laid out here, you shouldn't worry. Again, this regulation aims not to kill email marketing but to prevent aggressive and harmful behavior. This law has also inspired countries such as Brazil, Australia, and Japan to toughen their rules on protecting their citizens' data. There is no reason why things should not continue to go in this direction in the years to come. Hence the interest in taking the wave now in your outbound strategy.

julien

Of course, I'm not a lawyer. If you still have doubts about what you can or cannot do, I encourage you to contact people who are experts on the subject to answer your questions.

Discover ProspectWith
Start by defining your companies to target
Search 14M companies
Enrich your companies
Industries
=
country
=
Add a new condition