Privacy for Sales: How to do it right

PrivacyTeam August 9, 2022
privacy and sales

Privacy has always been a double-edged sword for sales. On the one hand, it poses a lot of obligations on sales, how they can and can’t get leads and how to reach them. But on the other hand, privacy could be significant sale leverage, and unique offer companies could offer – “We are compliant! Let’s do business.”

But you must be careful – a good salesperson knows not to sell what the company doesn’t have, and what you should know, as a salesperson, is that NO ONE IS 100% COMPLIANT. That’s just an idea to seek inspiration from. It’s not achievable. Furthermore, as your company is most likely the processor or sub-processor (as defined under the GDPR), it’s often not a relevant thing to say.

Privacy is an excellent sale leverage. If a company invests in privacy (as it should), it could be a unique value proposition that sales personnel can use during a sale call. However, when trying to sell your company as compliant, you are exposing your company to a higher risk of being identified as not compliant because trolls are out there and are looking for such openings.

sales and privacy

Here are a few tips to boost your sales while still considering privacy principles:

1. Know your role under the GDPR

If you are working in sales for a B2B company or SaaS, you are the processor or sub-processor of the personal data, and your customers are the data controllers in most cases. This means that your customers decide how to process the data and for which purposes. As given by the name, most of the control is in the controller’s hands.

If you are being asked by prospects, “how will you process the data?” or “how will the data be shared?” you can simply reply that this is up to the controller to decide. As you operate as the processor – you wait for their instructions. The only way you can help is to assist the controller to remain compliant (as much as possible) by providing the ability to manage privacy preferences promptly, and that’s exactly what you should mention on a sale call.

On the other hand, if you are making sales for a B2C company (e-commerce, etc.), you are most likely the data controller. Your company decides how personal data will be used and for what purposes. Make sure that you have the answers to those questions.

2. Have sufficient understanding in privacy

Privacy is no longer the sole responsibility of IT, Legal, and Security. Every personnel and employee in the company should be familiar with key privacy terms and principles.

Although it helps to have a broad understanding of the entire GDPR – you need to make sure you understand the principles of the GDPR, which are set out in Article 5.

Think about it this way – how impressed would your prospects be if you could answer their privacy questions and understand the terminology from the very beginning without urging your DPO to get on the call?

This is a creative way to show privacy awareness to the other side, and it is priceless.

3. Know where did you get your leads from

If you are purchasing a leads list from third parties (such as data brokers and lead enrichment tools), then your risk is high.

When you are getting your leads from a third party, you simply don’t know if those people gave their consent for you to contact them and if they expect that. If they didn’t, they might file a complaint.

Limit your exposure and contact only leads and prospects you are certain that they expect to hear from you.

I know that they may be “less valuable leads”, but the risk doesn’t worth the risk of violation of the GDPR. The GDPR fines aren’t small as they can be 4% of the annual revenue or 20m euros, whichever is highest.

Is that a fine you can tolerate?

4. Cold outreach

With GDPR, you cannot send automated or manual sales emails to prospects without getting their permission first. This includes a product demo and “just reaching out” emails or any other communications that your prospects didn’t ask to receive.

If you’re going to send out these kinds of outreach emails in a post-GDPR world, then you need to have been granted consent by the prospect first. Without it, you’re failing to comply.

Always follow through in your email copy and explain exactly why your offering is relevant and why you are reaching out.

Don’t forget to include a way to opt-out. As it said on the UK’s official Marketing & Advertising guidelines: “You must make it easy to opt-out — for example, by sending a ‘STOP’ text to a short number, or using an ‘unsubscribe’ link.”

Furthermore, make sure to check and clean your database regularly. Beyond simply removing people who have opted out or unsubscribed, the GDPR also means that you shouldn’t be holding onto leads for months on end or inaccurate contact information.

sales and privacy

Key takeaways

Indeed, GDPR has changed the work practices of sales. However, if you master those changes and mitigate your risks, you could use it to boost your sales and show your customers and prospects that you are reliable and trustworthy.

Sales in the post GDPR area means you should be cautious and consider privacy principles. Respect the privacy of your leads and prospects.

As a salesperson, you want to get those numbers up, but a GDPR fine will obviously get them down.

Categories: Blog

Related Articles