May 25th, the start date for GDPR (the General Data Protection Regulation), is fast approaching. With these new regulations come changes to how businesses handle customer data and prospect clients. You’ll want to ensure you’ve looked at how you handle data in order to be GDPR complaint.
SalesLoft’s VP of Information Security, Mike Meyer, is sharing valuable insights into how these changes will affect your business and how to ensure you’re compliant.
For more on GDPR, check out this 3-part series that covers:
- What the heck GDPR is,
- How GDPR affects prospecting, and
- How it will impact your revenue tech stack.
Mike Meyer, VP of Information Security at SalesLoft here. I’m going to talk to you about something that you probably heard of, but may not fully understand, and that’s GDPR, the General Data Protection Regulation.
GDPR is the European privacy regulation that goes into effect May 25th, 2018. Fines for non-compliance can be up to the greater of 20 million euros, or 4% of global revenue. It’s a complicated regulation, but there are a few specific ways it will apply to your sales team.
Let’s start by taking a look at how GDPR will affect prospecting. The regulation doesn’t directly call out cold calling and cold email, but it does require you to have a legal basis to process data. Two common legal bases for processing are consent of the data subject, which is your prospect, and legitimate interest of the controller, which is you.
When you’re contacting prospects in Europe, a couple best practices to keep in mind are using relaxed cadences, so contacting your prospects a little less frequently. Using the Do Not Contact field in Salesforce. Paying attention to Do Not Contact lists that are put out by each member state. France, Germany, for example, have their own Do Not Call lists that you want to pay attention to. Using opt-out links and privacy notice in your email communication, those will be key. And then also using templates and automation rules to ensure that your European prospects are on the right cadences.
A second key part of GDPR is data minimization. Data minimization is the idea that you only process the data that you absolutely need. A couple examples of this in the sales world are call recordings and tracking features that you may want to disable if you haven’t obtained explicit consent from your prospect. It’s important to use software that allows you to control what data you process.
A third way that GDPR impacts your sales team is its new requirements for vendor management. As a modern sales team, you have all kinds of tools at your disposal ranging from video software like Vidyard to insights with tools like Crystal. Under GDPR, you’re responsible now for your vendors’ compliance as well as your own. This means it’s critical to partner with vendors who put security and privacy first. This means conducting security and privacy reviews for new vendors as well as ongoing assessments for high-risk vendors. It’s also important to have a data processing addendum, or DPA, in place with each vendor that processes personal data in your environment.
That’s all for today. Hope you feel a little more comfortable with GDPR. If you do have any questions or comments, feel free to leave them below. Thanks again and have a great day.