Back to Newsroom
Product News

The SalesLoft Guide to GDPR

May 7, 2018

GDPR. On their own, just four harmless letters. But combined, they have a certain power to make sales and marketing leaders feel at once overwhelmed, apathetic and possibly just plain confused.

While we’ve talked about it elsewhere, here’s a quick reminder of what GDPR actually is. The General Data Protection Regulation (GDPR) is the new privacy regulation in the European Union that will go into effect May 25, 2018. The regulation is unprecedented in terms of scope and financial impact; penalties for noncompliance with GDPR are up to the greater of 20 million Euros (translation: US$24.5M) or 4% of global revenue.

GDPR is the single most important piece of privacy legislation in the past 20 years. The regulation will be a catalyst for the adoption of selling tactics focused on authenticity and value in Europe and beyond.

There is, unfortunately, no silver bullet or magic wand that can ensure compliance. Adhering to the directive will come through a confluence of your processes, your technology, and your people.

The team here at Salesloft has been working diligently for the last 18 months to ensure that we’re prepared. As a GDPR leader, we’re one of a select group of technology companies to have gone through an independent third-party readiness assessment of our privacy controls – with results evidencing all controls are in place to address the articles of the GDPR. We’ve also been busy building Salesloft into the most competent GDPR leader in the sales engagement space in order to assist your readiness efforts.

We wanted to share some best practices that you can use to assist in your GDPR readiness efforts and how those best practices can be realized in the Salesloft platform.

GDPR Best Practices

1. Mark Contacts as “GDPR Contacts” in Salesforce and Sync with Salesloft
With Salesloft’s bidirectional Salesforce sync, it’s easy to map a Salesloft field to a Salesforce field designating that a particular lead/contact is an EU resident, or in some way falls under the domain of GDPR. To populate this field in Salesforce, companies can use a combination of workflows combined with information from either internal or external data sources. For example, many data vendors are able to provide city/country data, or you may already have information such as billing or shipping address to identify contacts as being an EU resident. Once Salesloft is “aware” of this GDPR designation for a lead/contact it can kick-off a number of other processes designed to help with your GDPR readiness.

2. Remove People from Cadences with Automation Rules
Automation Rules within Salesloft allow you use data to help ensure the right processes are being followed and the right safeguards are in place for your team. Our sales team has put in place an automation rule – using the GDPR designation field outlined above – to ensure that EU residents are removed from all cadences except those “relaxed” cadences which have been specifically designed for customers and prospects within the European Union.

3. Start Using “Relaxed” Cadences
Although somewhat of a gray area, with GDPR it is advisable to use discretion with the frequency and number of touchpoints to ensure that you do not intrude on the “rights and freedoms” of the individual. Our sales team has built “relaxed” cadences specifically designed for engaging with prospects in the EU. They contain fewer touches and are spread over longer periods of time.

4. Leverage Customized Templates with Opt-out and Privacy Notice Links
Ensuring that you’re providing both opt-out and privacy notice links in your emails – and honoring opt-out requests – is crucial when communicating with EU residents. Our team has adopted the use of these GDPR templates when engaging with EU residents and is also relying on data insights and snippets to hyper-personalize their messages to their prospects.

5. Consider Your Tracking & Recording Controls
Under GDPR, there is a concept of data minimization – it’s the idea that you only process the data that you absolutely need. With this in mind, sales teams need to be cognizant of the collection of data that falls outside of a legitimate purpose of selling. Email open tracking and click tracking can currently be disabled at the template and individual email level. We’ve added the ability for admins to automate which tracking controls are disabled when a contact is marked as an EU resident (whether manually or through a bi-directional sync to a Salesforce field). Our call recording governance capabilities allow admins to add specific country codes to automatically disable calls into those countries. Live Call Studio, and the ability to live listen, whisper and even join calls, still facilitates the desire for managers to help coach their reps, even when calling into countries where no call recordings are being made.

6. Honor Do Not Contact Lists
While your reps are reaching out to prospects, they may be unaware of certain specific accounts that should not be contacted. Do Not Contact (DNC) designations help ensure your reps do not mistakenly violate the privacy rights of EU data subjects. As an admin, you can add account domains to the Do Not Contact list, and enforce a global Do Not Contact list so prospects/customers can’t be contacted by reps. The Do Not Contact field can also be synced to a field in Salesforce to ensure that Salesloft always has the most up to date information if you’re tracking this centrally. Anyone opting out of an email will automatically be added to the DNC list. It’s also worth being aware that some European countries (e.g. France, Netherlands, and Belgium) provide their own central “Do Not Call” lists which customers can reference.

Check out these other pieces we’ve shared about GDPR:

Curious about how we approach security overall? Click here to learn more about how we store, process and secure sensitive information.

We hope that you find the above best practices useful. We are always excited to hear your feedback, so if you have any questions please check out our Knowledge Base to learn more about any of the capabilities listed above, or contact [email protected].