(Please also consult your internal counsel and data privacy officer for how your company should approach GDPR (General Data Protection Regulation)).

While there are several strict laws of data privacy throughout the globe to include countries like Canada, Australia, and China, GDPR is a European-wide framework that is the strictest treatment of data globally and is consistent pan Europe effective May 25, 2018. GDPR enforces accountability for ANY company selling or marketing into Europe and emphasizes the collection and processing of data.  This law impacts all companies, and their sales’ and marketers’ communication.

If you are a company considering implementing GDPR, there are several business advantages to following this law:

• With clean, opt in data, better chance of demonstrating meaningful metrics internally
• Improved targeting for selling and nurturing purposes
• Less infrastructure carrying cost on dead contacts or contacts that have no conversion chance
• By following the law, there is no 4% penalty on global revenues that could be assessed

There are several elements of GDPR legally to abide by, but the two largest concerns are making sure that Individuals give consent to data use and that the 3^rd party has a legitimate interest, this link shows examples of the definition of legitimate interest.

Tips for planning for GDPR:

• A plan should be put in place around the collection and storage of information that can identify the person, such as IP address, first name, last name, mobile numbers, and phone numbers among other information.
• The company itself is accountable for GDPR compliance regardless of whether the data was sourced by a 3^rd party or not, so it’s important to understand how data is collected and how it is processed.
• It is critical that the marketer think through opt-in procedures, updates preference centers, and ensures sure that sales and marketing systems are properly processing data consistent with this new law.
• The law also includes unstructured data – for example, an email that is sent from Outlook must ensure that the individual receiving the email has consented to receiving information.
• A double opt in email approach is highly recommended as best in class way of ensuring clean data practices and is more likely found in a marketing automation system than in that of a sales automation system.
• Data input from 3^rd party sources, whether purchased lists or through trade show uploads require specialized treatment from a data governance perspective.
• Consider a double opt in approach for all events, as an example of this special data governance treatment.
• Some sales technologies enable phone calls to be recorded and collected. Explicit consent will be required to record phone calls.  You should clearly communicate to customers why their data is being requested for collection and how you intend to use it in any future activities.
• Other outbound phone calls must not be listed on a ‘do not call list.’ Other calls must give explicit permission for follow up communication to occur.
• Lastly, it is important that all tools are in compliance to governance – which would include sales automation tools (Outreach, Salesloft, etc.) as well as marketing automation tools. Marketers, make sure your sales team is compliant with their email automation tools.

The future around e-privacy and cookies is likely the next law to come out next.  It is an exciting time to be in Sales and Marketing in 2018!