All About GDPR :Penalties, Assumptions and How to Sell Without breaking the law using GDPR Compliant Data

B2B sales is not and was never easy. About 50% of all sales go to the first company that responds. Whenever you cold call your prospects, meet them while networking at events, there are proven strategies to turn prospects into customers that have always worked for ages. This is because selling is a science and is process-oriented. Once you master sales, you can use various techniques to quickly reach your targets and earn that incentive.

However, things have radically changed now. The way you prospect has changed forever since May 2018 – after the implementation of the EU Data Protection Regulation call GDPR (Global Data Protection Regulation).

Penalties involved

GDPR penalties can be €20 million or 4% of the company’s global revenue. However, there are two tiers of penalties depending on the severity and kind of violation. GDPR penalties issued for violations pertaining to data processors typically fall under the first tier, which guidelines state can be as severe as €10 million or 2% of global revenue.

Data protection authorities have frequently demonstrated their ability to issue penalties. British Airways was fined up to €200 million for a data breach that in September 2018. Marriot International was fined almost €99 million for a data breach between 2014 and 2018. Even small and medium-size enterprises were not spared.


GDPR was EU’s most path-breaking privacy update in over two decades. Yet, over 57% of B2B sales professionals are not aware of what GDPR is (source: Demand Gen Report). If you fall in that category, it is high time you took a good hard look at how GDPR has affected your sales team and how you can “legally” prospect while staying compliant with GDPR.

Here are few common misconceptions.

“GDPR will not be affect my sales team”

You may assume that GDPR does not apply to you. But for many companies, GDPR has forced a big shift in your prospecting efforts and strategies. GDPR will definitely have an impact on you if –

1. You purchase leads to fill up your sales pipeline

2. You add leads collected from events to your mailing lists

3. You ask your loyal customers for referrals

“GDPR can only impact European businesses”

The whole point of the GDPR is to protect data belonging to EU citizens and residents. However, GDPR still applies to you if you

a. Process personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed

b. Were established outside the EU and is offering goods/services or is monitoring the behaviour of individuals in the EU

It does not matter if your business is based in the EU or not – if the personal data you collect on your prospects belongs to an EU citizen then you’re liable to comply with GDPR. Read in detail here.

“Once I have sought permission to store data, I can use it the way I want”

GDPR restricts the way you can process (use) personal data. When you have possession of personal data (eg. Email address), you have to make sure that your prospects have actively chosen to opt-in to your email before you start sending marketing communications. You can’t assume you can run mass email campaigns just because you possess the data.

GDPR compliance means your sales teams would have to make some changes to stay within the law. Here are some sales prospecting techniques you should use to sell without breaking the law.

GDPR Compliant Data: Collect Data and Seek Permission

The most typical example of seeking permission is through a web form. Post-implementation of GDPR, the prospect must not only know what data you collect but also why and how you intend to use it. Individuals also have the right to be informed of the period for which their personal data will be stored. (Read more here – Article 13 and Article 14)

Cold Calling

Cold calling is one of the most effective ways to reach out to potential customers. Cold calling doesn’t fall under the same regulation like the GDPR. Every time you add a new prospect to your CRM database, you need to get their consent before you send them promotional emails. While you are on the call, ask them if they would like to receive a newsletter. If they say yes, send them the link where they can subscribe (or opt-in) to your content.

Since it is difficult to document their consent (unless you are recording the conversation), it makes sense to send a follow-up email summing up everything you discussed over the call. If your prospect demands to be removed from the list, you have to honor that request.

Marketing and Lead lists

Marketing Lead lists were always a great way to fill up your pipeline. Things changed a bit after GDPR. If you acquire leads from third-party data vendors, they have to take consent to share that information with you. You also will need specific consent to use email addresses on the list, unless they have agreed to have their data transferred to third parties. SMARTe provides you GDPR compliant data with custom-built double opt-in company data and customer data lists with verified emails and direct-dial phone numbers across 200+ countries.

Email Marketing

If you have been bombarding your prospects with cold prospecting emails and sales pitches, you should stop immediately! If you have never contacted the prospect earlier, make sure you have tried to contact them through the phone before emailing them.

Although, you can continue to send cold sales emails to prospects if the email is sent to an individual and not to a group of recipients and you have put up a privacy statement explaining why you are contacting them in the first place (i.e. you have a legitimate interest).


You may be already using a web form to capture contact information. However, you need to be sure as GDPR requires you to legally justify the personal data you capture from your web forms. You can ask only for the information you need. If you ask for additional information like income (to prioritize leads), you have to make sure you have a legit purpose. Else, just ask for name, company, and business email address only. Also, just because they signed up for your eBook or webinar doesn’t mean they have opted-in for all your email communication.

Social Media

GDPR doesn’t stop you from finding and connecting with potential customers on social media platforms like LinkedIn. You can continue to use social media as part of your overall sales prospecting strategy. Once your prospect accepts your connection request, you can reach out and message them to gain consent to contact them and sell to them.

However, it is mandatory to establish that there is a legitimate interest to be able to contact them by email or by phone. You’ll have to take consent. However, consent to contact them cannot be considered as consent to send them mass marketing campaigns!


Networking at events is a great way to meet new prospects. It basically means storing contact information on a business card in your CRM. Post GDPR, you may continue to exchange and store business card information, but you cannot use their contact data and email address for email marketing purposes unless you have taken their consent and they have opted-in to receive your promotional emails.

SMARTe is committed to complying with GDPR and we follow privacy and security best practices that are applicable to our industry and offers. We have developed GDPR aligned processes by setting stringent rules on how we process, gather, and protect individual data. Ensure data relevancy through our rich data taxonomies, dictionaries, and ontologies. Stay GDPR compliant with accurate, double opt-in data with verified phone numbers.

SMARTe is GDPR compliant in sourcing our business contact data and in processing personal data. We enable our customers to adhere to laws and regulations that apply to their business. Anytime our customers send marketing emails to their own customers, our data ensures that they adhere to digital marketing laws that apply in the particular data subject’s geographic locale.

Is your data GDPR compliant? If not, we can help.

Leave a Comment