Business is clearly fearful about how robust their ‘new sales acquisition strategies’ are under GDPR legislation. And so we should be!
Is cold calling now a dead duck?
• For Business to Customer (B2C) sales, the answer appears to be Yes
• For Business to Business (B2B) sales, the answer is No (T&C’s apply)
Under GDPR, any unsolicited sales contact with a ‘B2B’ prospect needs to be measured carefully. Balance your right to conduct business {under legitimate interest} against the prospects right to protection. You should only target prospects who will be interested in what you have to sell but then that was always good business sense.
It is your given right, under the law, to market your business. However, sales teams must clearly balance that right against their ‘B2B’ prospects’ rights and interests – ‘the balance test’. That is, to weigh up your right to do business against the prospect’s right not to be called. Recital 47 of the GDPR explicitly states direct marketing can be considered a legitimate interest {“The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”} Whilst it implies that cold calling, under the right conditions, is permissible the onus is on you alone to prove “legitimate interest” exists.
You can contact existing customers to offer them products and services related to what they’ve bought from you in the past. That’s added value and a legitimate reason to call.
If on a sales call you ask for permission to email the prospect. Follow up immediately by emailing the prospect documenting the nature of your call and what actions were agreed to (just good sales practice and record-keeping). You must always provide your prospects with the option of deleting or requesting their data under Article 21.
Logically, big brother is not watching. It does not have the budget or inclination to micro-manage this. Use the ‘balance test’ and your business head when creating your prospect lists. Show respect and good manners on the phone. Follow your prospects instructions clearly and you should not fall foul of GDPR.
Remember: GDPR does not regulate how you contact people. It regulates your permissions for doing so.