Written by Vincenzo Ruggiero Updated over a week ago
The General Data Protection Regulation (GDPR), coming into law on the 25th of May 2018, intends to improve data protection for individuals in the EU. Over these last few weeks, we have worked hard to ensure our compliance.
However, as a user of Prospect.io, are you GDPR compliant?
Well.. Let's find out!
In this article, I will detail and underline some important points about how and why you are GDPR compliant by prospecting and/or by sending cold emails campaigns.
Prospecting and GPDR
Don’t worry, you are GDPR compliant by prospecting on website and linkedIn without the agreement of the person. However, the GDPR requires companies to have a “legal basis” for processing personal data about EU residents
• Article 6 of the GDPR allows the collection of data without consent if you have a legitimate interest in doing the processing.
• Article 6 (paragraph F) says « Processing shall be lawful only if […] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the […] fundamental rights […] of the data subject”.
• The term “legitimate interest” is not clearly defined. The recital 47 of the GDPR states that a legitimate interest may provide a legal basis for processing data (except “where such interests are overridden by the […] fundamental rights […] of the data subject”).
Hence, you should ask the following questions:
1. Do I have a valid legitimate interest for processing the prospect’s data?
2. Does the processing of this data threaten the rights and freedoms of the individual?
To sum up, if the answer to the question 1 is “yes” and the answer of the question 2 is “no” you are GDPR compliant as a legal basis for processing the data likely exists.
GDPR to cold email campaigns
Again, don’t worry, sending cold email campaign is GDPR compliant if you send emails to people who will find their content useful.
In this way, some requirements need to be fulfilled:
• The topic of the email must be clearly identified.
• There must be a clear way to opt out from future emails.
• A genuine physical address must be included in the email.
• The sender must be clearly identified.
Let’s develop these points.
A. The topic of the email must be clearly identified.
You can contact an non-client if you have a clear reason to claim that this is a contact relevant to your business purposes, and that at the same time, this contact could be beneficial to the contacted person.
B. There must be a clear way to opt out from future emails.
From a legal stand point: you must always allow your prospect to opt out but it doesn’t need to be through a link. It needs to be clear. and when your recipients request to be unsubscribed, you must comply. We have 2 pieces of advice as an alternative to unsubscribe links:
- PS in your signature: we recommend you adding a PS to your signature or a friendly mention in the content of your emails, inviting anyone not interested and wanting to opt out to let you know about it.
- Set your Goal: Prospect.io will automatically stop campaigns for prospects who reply (if that is the goal you set); you just have to archive the ones who ask to be unsubscribed in order to ensure they are never contacted again.
You are obliged to immediately stop contacting prospects who request their wish not to be contacted again. If a prospect of yours demands that their data gets removed from your contact lists, you are obliged to remove it (in accordance with the ‘right to be forgotten’.). This is something you need to do manually by archiving them on Prospect.io.
C. Genuine physical address must be included in the email.
D. The sender must be clearly identified.
The sender has to be clear. If the prospect is trying to contact you, it has to be easy. The email should also contain a clear and easily available information about how your prospect can request change or removal of their personal data.
To sum up, the GDPR does not outlaw the use of cold emailing, as long as the emails you are sending are directed to people who will find their content useful.
We will also keep updated a page dedicated to the GDPR on the website and will answer any questions by email at email@example.com.