GDPR & Email Tracking: What Sales and Marketing Pro’s Need to Know

GDPR & Email Tracking: What Sales and Marketing Pro’s Need to Know

GDPR is officially live.

That digital tsunami of opt-in emails is over.

Your email inbox is celebrating. Your spam filter can breathe again!

But while your personal inbox might be cleaner than ever – your job is about to become a little more complicated.

The GDPR Email Responsibilities Sales Reps Need to Understand

If you’re a sales or marketing pro sending any type of email to prospects or leads who may be EU residents, you need to understand how to make sure your email marketing activities are GDPR compliant.

GDPR might seem like a massive irritating bureaucratic burden for a fast growing business, but the regulations are not meant to torment sales managers.

The changes are designed to make life easier for your leads and customers (and those bulging inboxes). The intention of the law makes sense. GDPR gives more control to people over their data. Helpful, permission-based sales and marketing activities will work best. Unsolicited communication will put businesses at risk of a €20 million fine.

GDPR compliance is all about developing helpful marketing practices that give customers more control over their personal data. Under GDPR, people have better knowledge of what data is being collected and how their personal data is being stored.

With any sales or marketing communication to EU residents (who are not customers), you need to offer the prospect:

  • The right to not be contacted
  • The right to know who is tracking the emails sent to them
  • The right to have their data deleted
  • The prospect must be able to opt out of being contacted at any time

In your private life, you’re likely someone’s customer yourself and you are already seeing the changes brought by the GDPR. There are fewer newsletters in your inbox, and the updated privacy agreements (if for some reason you decided to actually read one) are much more customer friendly, explaining what data is being collected and why.

For this article, we want to zoom in our focus on one of the most challenging aspects of the GDPR changes for any sales pro – the ramifications on email tracking.

Pipedrive’s GDPR expert and dedicated Data Protection Officer, Martin Ojala has rummaged through the detail of the legislation to allows us to give you a lawyer-free guide to understanding your GDPR email tracking responsibilities.

If you want to understand your general GDPR email marketing responsibilities, we developed a specific guide to handling 7 common sales scenarios correctly for you to share across your team.

(Oh, and even if you are working for a sales team outside of Europe – if there’s any possibility of you contacting an EU resident – you need to understand the GDPR responsibilities for non-EU salespeople).

Why You Need to Reconsider Your Email Tracking Right Now or You Risk a €20 Million Fine

How does GDPR work to encourage more helpful selling practices exactly?

This is the intention – and the way your sales team should treat GDPR.

The changes force sales and marketing pro’s to focus their attention on those prospects who have agreed to be contacted. This is effective lead qualification. Your sales reps will be more likely to close deals by focusing more time on hot prospects rather than spreading themselves thin trying to sell to every lead in a bloated pipeline.

But one of the most trustworthy tools of lead qualification in any good sales pro’s weaponry is email tracking.

Under GDPR, you need a explicit permission to track any EU resident’s emails – prospects and customers.

Basically, you now need people to ‘opt-in’ to email tracking.

If you haven’t thrown your computer out of your window in a fit of sheer frustration, it’s time to answer the question you are probably screaming inside your head…

How Do You Get Your Prospects to Opt-In to Email Tracking?

Before we get started, however, let’s be very clear on one point: GDPR does not affect email tracking relating on important group of people:

  • People who do not live in the European Union

If you’re definitely only tracking the emails of non-EU resident – you’re safe from the GDPR police and that potential €20 million fine!

There’s some good news to go with your searing frustration.

Back to how you can still use email tracking under GDPR

According to the legislation, email tracking is any service that allows a subscriber to know:

  • If an email they sent was opened or read
  • When that email was opened
  • How many times it was opened
  • If it was transferred to others
  • To which email server it was sent, including its location
  • What kind of web navigator and operating system the recipient of the email uses

Email tracking is not a delivery or read receipt.

Those services allow a sender to request a delivery receipt for an important email and the recipient must agree before a receipt. GDPR doesn’t govern those.

What’s the difference? Permission.

Email trackers are governed by GDPR because the recipient’s actions are being monitored without their knowledge – by the sender using tracking pixels that collect personal information.

This is a problem for two reasons:

  • Under the GDPR, “personal data” is defined as any information that identifies an individual. That includes email addresses, what browser a person is using, and their actions.
  • The collection of the email tracking information listed above without consent is strictly prohibited by GDPR.

Let’s break the law down a little.

Below are the five points of GDPR most relevant to sales teams:

  • Individuals have to agree to the collection of their personal data
  • They must know how and when that data is collected
  • People must be able to request copies of their data
  • These individuals also must be able to ask for their data to be edited or deleted
  • They must explicitly agree to be contacted by salespeople

While GDPR isn’t trying to keep you from selling to prospects and in fact recognizes your right to do business, you can see why email trackers would be a problem.

Your prospects now have more control over their contact with you. In order for you to legally contact them, collect their data and use their data, they must explicitly agree that it’s fine for you to do any of those things.

Can You Ever Use Email Tracking on a Message Sent to a Prospect in the EU?

Did you explicitly get that prospect’s permission to track the message you sent them?

You need the prospect to opt-in to allow you to:

  • Monitor how many times your email has been opened
  • Monitor if the email has been forwarded
  • Monitor what browser the prospect is using

If you can manage to convince a prospect to give you this permission – you deserve to close that deal right then and there.

Let’s be real honest here…

Getting a lead to opt in to email tracking sounds like a painful, near-impossible task.

If you can’t get that explicit email tracking opt in – you can’t track and house that data under GDPR

That’s the simple answer, but it doesn’t stop there.

What if Other People are Using Email Trackers on Your Company’s Behalf?

GDPR has little mercy.

Your business could be heading to court if anyone within your organization is found to be using email tracking that violates the GDPR.

Your organization may decide to stop using email trackers, but an individual employee may be unwittingly using a tool with an email tracker to monitor clients – blissfully unaware that they’re violating the GDPR. Worse still, a company, consultant or agency you’re working with may be using email trackers that put you in the crosshairs of the GDPR patrol.

This will almost certainly add to your computer-hurling levels of frustration, but now is probably a good time for an audit by your IT resource and some serious employee education.

Sadly, if anyone in your sales organization is associated with using an email tracker on your behalf without an opt-in, your business is liable.

You Really Need to Make Sure Your Sales CRM is Ready for GDPR?

Your CRM is your data processor for the information you have stored about your clients and leads. Are they tracking emails on your behalf? You need to know now.

Check your terms of service and your CRM’s privacy policy to find out now. If you can’t find a simple answer online, you’re going to have to pick up the phone and ask.

Pipedrive is Estonia-based, so because we are in the EU, we know exactly how serious the ramifications of these law changes will be for our customers. We’ve been preparing for GDPR for years, and we’ve even moved our European customer data to a new data warehouse based in Frankfurt, Germany to give our users the best possible protection for their data.

You should expect a clear and explicit explanation of how your sales CRM is making GDPR compliance as easy as possible for you and your sales team.

Here’s the Pipedrive guide for your reference > How Pipedrive is preparing our customers for GDPR.

If your CRM is based in the US or another non-EU country, that’s fine, as long as they understand GDPR and compliance. If after a phone conversation with them, you’re still not sure if they’re GDPR-ready, you really need to consider an alternative. It’s time to consider a new, compliant CRM.

Email Tracking: Do You Actually Need It?

Before you throw your hands up and submit to the constraints of GDPR – ask yourself this hard question and come up with an honest answer:

Does your organization really need to know what your prospects are doing with your emails?

The benefits of knowing who opened an email don’t outweigh the costs of getting smacked with a huge fine. We know that based on the sheer size of the punishment.

There are so many other ways outside of email tracking to help to develop a lead qualification machine.

If the answer to the question above is no, you don’t need an email tracker.

Instead, plan to rely on more customer-centric sales techniques. Make sure all your employees and vendors are onboard with your new decision. If you discover that someone is using an email tracker, quickly and quietly lose the email tracking to minimize your risk (you can’t be penalized unless someone reports you).

If You Do Still Need Email Tracking, Take These Steps to Prepare for GDPR

  • Make sure you’ve created a system that allows leads to explicitly opt in to email tracking and all it involves
  • Work with your IT department to make sure that when an email goes out, only those leads who have consented to tracking are being tracked
  • Make sure the leads who have opted in to tracking can opt out at any time – just as easily as they opted in.

Your CRM should have detailed information available to help you understand how to setup and disable email tracking.

Pipedrive users can refer to this dedicated support article about email tracking setup. If you have any doubts at all about the possibility of a contact in your system residing in the EU – we strongly recommend you do not implement email tracking to make sure you are not in violation of GDPR.

Maybe Now is the Time to Make All of Your Sales Activity GDPR-Ready

The EU has made the first move.

But are you willing to gamble that other regions around the world will not invoke similar data protection laws in future?

Maybe you should take the opportunity to bring all of your marketing and sales practices in line with GDPR to futureproof your business.

You’ll notice plenty of businesses have rolled out their GDPR changes to all their prospects and customers, not just EU prospects, and for good reason.

You’ll find it very difficult to abide by one set of email tracking rules for one list of prospects and one for another.

There’s so many things that can go wrong. What if a person on the non-E.U. list has moved from Michigan to Munich and you never got the memo?

The stakes are so high. If your organization is found to be in violation, the punishments will cripple your business.

Do you really want to take the risk?

Now is just a good time to build a GDPR-compliant email tracking system that serves all of your customers. You’re already building one for your EU prospects, and if similar legislation is passed in other regions you’ll be better prepared to respond.

Companies have long talked about putting the customer first. Use GDPR as the trigger to create a truly best-in-class experience for your customers and prospects. Your bottom line will thank you for it!

Join Pipedrive CTA
mm

James Dillon

James D is the Content Manager here at Pipedrive. He’s responsible for preparing and sharing only the most helpful, inspirational and insightful stories with our entire tribe of loyal Pipedrive readers. James is passionate (read:obsessive) about making sure you trust Pipedrive as your regular source of light-bulb moments.