Skip to content

Why You Need GDPR Compliant Data for Sales

Stop!

🚨 Are you breaking the law?

Your answer to this is likely, “Of course not, I’m a professional salesperson!”

However, you and your team may be doing so without even knowing it.

How can you avoid this pitfall?

Our blog post explains how your sales team can stay on the right side of the law with B2B sales data under the GDPR.

Scroll for more or use the menu to jump to a section 👇

What is the GDPR?

In May 2018, The General Data Protection Regulation (GDPR) came into effect across the whole of the EU and the EEA.

It’s a privacy law that aims to give citizens more control over their personal data. It does this by providing some robust data protection measures.

The GDPR sets out ways companies must process and protect the data they hold about their clients and potential customers.

Cognism’s legal team said:

“The GDPR automatically applies where a company processes the data subject’s data who is an EEA resident.”

The GDPR allows companies to carry out direct marketing and sales practices if they can prove a lawful basis.

The most commonly used, and arguably most flexible lawful basis B2B companies use for processing personal data, is legitimate interest.

If your company is asked to provide a service such as cold outreach, you must ensure that you serve the appropriate notices, records, assessment documentation, privacy policies, DPIA and legitimate interest assessments.

It’s important to note that under the GDPR, the processor of the information and the controller of the information can be different entities.

In the case of B2B sales, the controller is usually the sales rep.

You’re probably thinking, “How does the GDPR apply to sales prospecting?”

Keep scrolling to find out how to use GDPR compliant data for sales 👇

GDPR and cold calling

Believe it or not, cold calling isn’t directly affected by the GDPR. Calling is covered by the Privacy and Electronic Communications Directive.

But the GDPR does govern how personal data, such as phone numbers, can be used to make cold calls.

Under Article 6 of the GDPR, there are six laws that allow sales and marketing teams to use personal data:

  • Explicit consent from the customer to use their data.
  • To fulfil a legal obligation.
  • To fulfil a contract with a customer.
  • To carry out a task in the public interest.
  • To protect the vital interests of an individual.
  • To pursue legitimate interest.

When it comes to your reps and cold calling with GDPR compliant data for sales, you must comply with consent and legitimate interest. It’s how you build trust with customers.

Let’s take an in-depth look 👇

Consent

Having a prospect’s phone number/contact details doesn’t mean you have their explicit consent to contact them.

If your sales team is going to cold call prospects, they’ve got to ensure that the consent is:

Clear and explicit

In order to remain GDPR compliant, the prospect must actively give the controller of the information permission to use their data for the purpose of being contacted via the telephone.

For a specific purpose or organisation

The prospect must give explicit consent to your organisation. You cannot transfer this consent to pass on their personal data to a third party.

The prospect must give you consent for cold calling. If a prospect opts in to receive an email, this does not extend the consent for your sales reps to cold call them.

Easy opt-out

If a client wishes to withdraw their consent, your reps need to make this as easy as possible and you must delete their data within one month.

Although your reps cannot cold call a prospect without their explicit consent, legitimate interest allows cold calling to occur.

And here’s how 👇

Legitimate interest

Your SDRs are allowed to cold call prospects on the grounds of legitimate interest depending on the targeted jurisdiction. However, this can be overridden by the prospects’ right to not be contacted.

So, how do you ensure your cold calling is GDPR compliant?

  • Set up clear roles and rules that adhere to the GDPR requirements for handling personal data.
  • Record conversations and store them securely.
  • Get proof of consent if your leads are from a third party.
  • Ensure there is legitimate interest before calling prospects.
  • Ensure you have clear opt-in and opt-out messages.

GDPR and sales emails

The GDPR doesn’t stop your reps from sending cold emails; it simply puts rules in place that they must follow.

This means that your business needs to be careful of how you store, manage, and collect your mailing list data.

When cold emailing prospects, your sales reps must remember that they should only reach out to people they believe will benefit from your product.

This means that your data collection needs to be adequate and relevant for the purpose of lawful processing.

In other words, whatever your salespeople offer in their cold email must be connected to the prospect’s business in some way.

Next, your reps need to be completely transparent in their cold prospecting emails.

The email copy must explain:

  • Why the prospective customer is hearing from the salesperson.
  • Exactly where the salesperson got the prospect’s contact details from (i.e. LinkedIn).

If the prospect responds by asking to be removed from your database, your sales reps need to ensure this happens ASAP.

Finally, you’ve got to provide an easy opt-out option for your prospects, in the form of a clear unsubscribe link.

Cognism’s legal team said:

“At Cognism, we always make it clear as to where our outbound sales emails are coming from and how to contact us with any questions.” 

“Also, we always ensure emails to our data subjects contain opt-out unsubscribe links.”

Ensure your cold emails are GDPR compliant by:

  • Segmenting your email lists very carefully based on your prospects’ business needs - this only applies to personalised email addresses and not generic ‘info@’ email addresses.
  • Being able to explain exactly how you got the prospect’s email address.
  • Protecting the data and only keeping it for as long as required.
  • Providing an easy way for the prospect to opt out of your cold sales emails.

Follow this checklist and you’ll have a GDPR compliant cold email!

GDPR and social selling

Your salespeople could land your company a huge fine if their approach to social selling isn’t GDPR compliant.

What’s the number one social platform your reps will be prospecting on?

You guessed it - LinkedIn! The B2B industry’s number one social network.

When it comes to social selling on LinkedIn, the sales rep is no longer the data controller, but rather, LinkedIn is.

LinkedIn is also the processor of the data. That means LinkedIn is responsible for protecting all of the personal information of its users as per the GDPR requirements.

Why is this the case?

Well, when a user signs up for LinkedIn, they’re agreeing to expect a two-way flow of marketing communication. This includes connection requests from outbound sales teams.

So, as long as your salespeople are reaching out to LinkedIn connections on LinkedIn, all is well and compliant.

Cognism’s globally compliant data

This article got you a bit stressed about compliance and your sales process?

Not to worry, Cognism’s got your back! It’s a sales and marketing tool with GDPR compliant data at its heart.

Build your sales pipeline with the world’s best GDPR compliant data - click to speak with one of our experts 👇

Book your Cognism demo

The contents of this article are for the purposes of general awareness only. They do not constitute legal or professional advice. The content may have changed since this article was published. Readers should take appropriate professional advice for their own particular circumstances.

Read similar stories

Sales

Email list providers pull-resource card
The Best B2B Email List Providers for 2025
What B2B email list provider is right for your business? Click to compare the best on the market. Includes updated feature comparisons, pricing and more.
demandDrive Case Study
How Cognism Helps demandDrive Generate 200 Meetings a Week
Find out how sales and marketing firm demandDrive uses Cognism’s data to generate high-quality leads, deliver amazing customer service, and crack EMEA.
RevOps vs. Sales Ops: What’s the Difference?
RevOps vs. Sales Ops: What’s the Difference?
Confused about RevOps and Sales Ops? This guide breaks down the key differences, roles, and how they can work together to achieve business success.

Experience the Diamond difference.

See how our phone verified contact data can increase your connect rate by 3x. Book a demo today.

Skyrocket your sales

Cognism gives you access to a global database and a wealth of data points with numbers that result in a live conversation.

Find customers ready to buy

Cognism intent data helps you identify accounts actively searching for your product or service – and target key decision makers when they’re ready to buy.