Changes in how you collect, manage, store, and transfer data are about to be introduced and will affect how you and your sales team do business. Are you ready for that change?
Welcome to GDPR
May 25th next heralds a major change for EU residents and how their personal data is handled. The about to be enacted EU GDPR (EU General Data Protection Regulation) is a game-changing EU data protection protocol which governs the rules for those gathering, handling or storing the personal data of EU residents.
This enactment holds special significance for sales teams and those charged with the handling of personal information during the sales process.
Regardless of how you go about your day to day selling it’s a safe bet that you will be charged with the management of large amounts of personal data. But, are you aware how the new GDPR will affect you, and your daily business?
What are the new laws?
The new laws are ultimately designed to protect every EU individual’s personal data, and offer legislative guidance to organisations on the manner in how they may, and may not manage the personal data of individuals. As it has been described by many, the new GDPR 2018 is all about good data hygiene, being aware of the data you collect, how it is used, and how it is protected.
New technologies have come into play since original data protection laws were introduced. The revised GDPR compliance will aim to take account of these new technologies and practices, with the aim of putting data control back in the hands of the individual. It will also offer a clearer picture to companies which need to comply with data protection laws in the EU, and introduce a single set of privacy laws with which they need to comply.
The new GDPR extends far beyond the EU borders, and will affect any company or individual storing, managing, or handing the information of an EU resident, regardless of where they are situated worldwide. Even beyond the EU borders, non-compliance with the new laws will be enforced regardless of location, with significant penalties, which may be as much as 4% of a company’s global gross revenue – or up to $20 million, whichever is higher.
Who will be at risk?
As mentioned; anyone gathering, handling, storing, or managing personal data of EU residents will need to be in compliance with the GDPR 2018. In particular, the governing authorities see salespeople as prime data-controllers who will be most affected and scrutinised under the legislation. Being ill-prepared for these changes offers no protection to any sector of the market.
With 99 articles to negotiate in the new EU data protection laws, the GDPR can appear overly daunting to any sales team. However, there is no need for undue panic. But, the more you fully understand the new laws, the better it is for you and your sales team. However, here are some simple tips which those involved in sales might need to take note of:
1. Collect only the data you need
Within the new GDPR, there exists a list of acceptable reasons for the collection of data which you do not need. One of those reasons is NOT ‘that the information may be useful in the future’.
To comply correctly with the GDPR, it is best to design, and implement a data gathering process which eliminates the collection of unnecessary data. Plus, keeping data gathered to an absolute minimum makes the salesperson’s job easier, with less information to trawl through while lead hunting.
If you need a subject’s data in order to fulfill a contract, or for your legitimate interests, all should be well. As long as you have defined and explained your need for this data collection with the subject and they have subsequently agreed, in compliance with GDPR consent regulations.
However, collecting this information, and the consent to collect the information, can be a difficult task. Consent has to be freely given, clearly-defined, well-informed, and explicit. This information needs to come willingly, and through affirmative-action – the inclusion of pre-ticked boxes in no longer permissible. Consent for the collection of this data needs to be recorded, and must come with the ability to remove the data should the subject request.
The new EU general data protection regulation requires that companies look carefully at their data collection practices; what they collect, how it is used, and how this data is available and used throughout their whole organisation. They need to be fully aware of what data their customer services are collecting (names, emails, address, contact numbers, etc.) They also need to know what data is being collected in order to fulfill orders (credit card numbers, purchasing history, billing addresses). Also, which types of data is being collected on websites, apps, and connected devices (cookie-tracking, and cross-device tracking). Companies will have to take this process very seriously, and have a full understanding of that process.
2. Openness about your data collection and readiness for data subject requests
The privacy rights of the subject are at the heart of the GDPR. Sales managers and sales personnel are responsible for clarifying to their customers what you will do with their data, and why you will do it.
Additionally, you will need to be completely prepared for customer requests to have access to all of their data when they require it. This process needs to be open and easy to access with the clear ability to delete data on request.
3. Secure and deletable data
Security is paramount to your customers’ privacy. The new GDPR implementation insists that a stringent code of pertinent security measures are in place. This must consist of industry standard security protocols with assured access control, and strong password safeguards.
You should also take into consideration what protocols should be followed when data needs to be deleted, and implement a secure and transparent system to make this happen. Deletion of such data should be automated once certain predetermined conditions and criteria have been met.
GDPR and sales functionality
Cold calling, for the purpose of lead generation, is at present permissible, however, best practice would be to ensure that all calls are noted and recorded in a secure manner; with dates, times, personnel involved, and call subject noted.
In addition to the recording of the above information, notes should be taken on whether the subject was open to the contact and a willingness to make further contact. Within your Sales CRM, this functionality already exists via the many communications and record keeping integrations. These measures help to ensure full GDPR compliance.
This is not as clear-cut as the cold-calling process, and one which will see further changes in the near future (within the next 12 months). As it stands, the EU GDPR permits the process of cold-emailing for the purpose of direct marketing, but be aware that these protocols are subject to change and a new ePrivacy Regulation will replace the current ePrivacy Directive. The word to the wise is to be extremely careful regarding your cold-emailing process. How you operate this process will be measured by your interests, and your subject’s right to privacy. If your reasons for contact are not copper-fastened, and you can not reasonably outline the reasons why this subject may want to receive your contact, you may be in breach of legislation.
This heralds good news for the individual and puts an end to purchased marketing lists. If, in the past, your business relied on this form of lead generation it will spell and end to that practice and you will need to employ a new system before the implementation of the new GDPR. It is expected that the number of new opt-in leads which you do manage to generate will be smaller, but of a remarkably higher quality.
One exception to the rule is that you may still reach out to subject’s whose email you have already acquired through the process of a completed sale – unless the subject has specifically denied and refused this option, and which you have recorded in your communication history. And, in addition, you will be required to prove that the email contact you send is concerned directly with products, features, customer notification, or updates related to the initial completed sale.
Tracking of emails
A historical email tracking system – usually within your sales CRM – offers sales teams highly valuable information regarding future actions which may be taken with any lead. From now on, any data collected via email interactions will be regarded and viewed as personal data and is subject to the laws of the new GDPR. Email tracking is of specific interest to the GDPR governing bodies as the subject is unaware of the tracking process, and is a fundamental breach of their privacy. This is bad news for sales teams as the process demands that prior GDPR consent is requested and gained in all cases.
Email tracking is one of the ‘grey-areas’ of the new GDPR, as it is still uncertain as to how the practice will be policed and enforced effectively. It is best to follow the general policy of the GDPR, which is one of transparency and openness. The more information you record, store, and hold open and available to the public, the easier it will be to avoid any future problems, or penalties.
The soundest, and safest policy to stick to is if you and your business keep in mind that an individual has the right to access their personal data, they have the right to have it corrected on request, they have the right to ask for their data, and they have the ‘right to be forgotten’ – that is, to have their data erased on request.
The advantages of Teamgate and GDPR
The people behind Teamgate Sales CRM have been ‘early-risers’ when it comes to compliance with GDPR. Since news of the inception of GDPR, and the EU data protection protocol was announced, Teamgate has been in preparation for changes which will come into play, and any other future changes which may occur.
We have tried to take into consideration all aspects of the new legislation and to clarify and ease the data management process within our organisation, and within our sales CRM. Along with the technical aspects and changes which will occur with the introduction of the GDPR, we are also engaging in staff training programmes to ensure full compliance.
Should you require any additional information on Teamgate’s commitment to the proper implementation of the GDPR please contact our support team who will be happy to offer you advice, and guide you through the whole process.