The following is our personal opinion about the GDPR legislation.  As with the other legislation of this type, it is open to interpretation.  If you are looking for legal advice, please contact your Lawyer.


What is GDPR

GDPR (The EU General Data Protection Regulation) will come into force on 25th of May 2018 and will apply to anyone globally who is dealing with personal data of the EU citizens. It provides rules for the processing and movement of personal data. Failure to comply with the regulations can result in hefty fines. 


Personal data is anything that can be used to identify a person. For example, ian.cleary@outreachplus.com is personal data. This strengthens the rights of individuals and increases the obligations for organizations.


How does this affect emailing people?

In an ideal world, everyone you email would have opted in to receive emails from your company.  For example, if someone signs up for your newsletter on your website, they need to specifically say (e.g. select a checkbox) that they are happy to receive ongoing marketing-related material from you.


But how about reaching out to someone that you have never communicated with before (i.e. a cold email)?

The legislation says you can communicate with someone without consent if you can demonstrate ‘legitimate interests’ that aren’t overridden by the individual’s fundamental rights and freedoms.


It’s perfectly reasonable (in our opinion) to go to a company website, find an email of a relevant contact, and email them with a highly personalized and relevant email.  If you are reluctant to do this because of the GDPR then just email the info@ address because that does not address anyone specifically. 

You could be emailing them because:

  •          You have a potential solution that will help them
  •          You want to partner with them
  •          You want to talk about the solution they have that might be of interest to your business
  •          You want to interview them on a podcast
  •          Etc.

But in the first email, I’d always ask permission to send more detailed information, mention how I got the person’s email, and give them the option to opt out.

For example:

Hey John, I found your contact information on your website and I’m reaching out because we have a product which helps companies similar to yours to generate leads, PR and drive more traffic.  Company X used this solution and increased leads by 25%.Is this be something you’d be interested in hearing more about?
All the best,
Ian
p.s. If you think this email is not relevant to you let me know and I won’t send another email ever again!


Don’t buy a list of 10,000 people and send them a generic email about promoting your product.  That is just spam.

But…you can send highly personalized emails to a well-researched group of people with something that could be beneficial to them.

Storage of personal data

Personal data is anything that can be used to identify an individual.  For example, ian.cleary@outreachplus.com is personal data because you know who the person behind the email is. You are not allowed to store information related to a person on an ongoing basis without permission.


Here’s what this means. When you email someone in Europe and don’t get a response within an adequate period of time, this person should be removed from your prospect list. Even if you do get a response it’s advisable to ask for their permission and store the record of that permission if you want to market to them in the future.


If you don’t get a response from someone, we think it’s reasonable to remove the record within 30 days.

Requesting information

Any of your prospects are entitled to ask for information you have stored in relation to them and ask for it to be removed. If they do ask, make sure to provide them what is necessary.