Almost everything you say, do, search, or interact with online can be valuable to someone. Your Google image search of "lizards riding skateboards" or your visit to a Tumblr page that posts the same picture of the guy who played Uncle Joey on Full House every day might seem trivial — but can be very telling to who you might be as a consumer.
Businesses stand a lot to gain from the information your web presence provides, and some have taken some pretty invasive measures to get it. That trend led to the emergence of data privacy regulations around the world.
These laws help define what information companies can access, how they can access it, and how they have to notify the users it belongs to — among several other issues and concerns.
Businesses that violate these standards can incur steep penalties, so naturally, they have to make adjustments to fit the boundaries they set. Tailoring their sales efforts to work within the confines of these laws is part of that process.
Here, we'll look at two of the most prominent data privacy laws, how businesses are expected to comply with them, and what that compliance means for their sales efforts.
GDPR — or General Data Protection Regulation — is a series of regulations on data privacy, first implemented in 2018, enforced by the European Union for companies conducting business in Europe. It contains mandates addressing how companies should handle customer data. The specific stipulations of the measure rest on 8 core tenants:
- Right to information
- Right to access
- Right to rectification
- Right to withdraw consent
- Right to object
- Right to automated processing
- Right to be forgotten
- Right for data portability
If you're not GDPR compliant, you won't be able to do business online in Europe. If you ignore these regulations, you'll incur fines of up to €20 million or 4% of your company's revenue from the preceding financial year — whichever is greater. And the EU has been strict in enforcing these penalties. They're nothing to take lightly.
So what does this have to do with sales? Well, personal data has become a mainstay in many companies' sales efforts — particularly B2B companies with strong online presences.
Personal data is central to processes like prospect outreach and lead qualification. Without an idea of who your potential customers are, you're essentially shooting in the dark when identifying viable business opportunities.
GDPR doesn't necessarily disqualify you from using customer data in your sales efforts when doing business online in Europe. It just means you have to pay extra attention to how you're asking for, gathering, and storing it.
Actively maintain logs of the employees who control the data you gather. Be able to explain why you’re using it. Keep descriptions of the data and track any third parties within your company — like a CRM — that also process the data.
Have documentation on how and when you intend to delete the data. And ensure the measures you’re taking to keep the data secure are thorough and well-constructed.
If you're sending outbound sales emails, re-permission your contacts — make sure they still want to receive them. This transition can actually pose a benefit for sales teams.
If you can't leverage nonconsensual data, you're essentially forced to sift through your contacts, separating interested and uninterested prospects from one another. It gives you more direction in terms of more effectively engaging with potential customers.
Like I said, GDPR can't stop you from leveraging personal data for your sales efforts in Europe, but it might have you walking on eggshells. If you're mindful of its stipulations, you'll still be able to consistently do business online in the EU.
The California Consumer Privacy Act — or CCPA — is a measure that was passed by the California State Legislature in 2018 and officially went into effect at the beginning of this year. Unlike GDPR, which applies to any business leveraging personal data in Europe, CCPA only impacts certain kinds of businesses.
The companies it applies to must do business in the state of California, collect personal information, and determine the means or purposes of processing that data. They also must either have a gross annual revenue of over $25 million, handle data of over more than 50,000 people or devices, or have more than 50% of their revenue coming from selling from personal information.
If a company fits any of those bills. It has to abide by CCPA. The act has a fair amount of overlap with GDPR. Still, there are some differences in penalties, the types of data they protect, the information that must be provided to data subjects, and how they define, data collecting, selling, and processing — among other issues.
To say CCPA is just a variant of GDPR is an oversimplification. Though they do share considerable common ground, you can't expect to prepare for one and automatically be compliant with the other.
So how can CCPA impact your sales efforts? Just like with GDPR, you're going to have to take a good look and thoroughly scrub the data you use for outbound sales with CCPA. Understand what it means for customers to opt-in, opt-out, and give consent in the context of the law and adjust your marketing and online sales tactics accordingly.
Comb through your CRM and shed cold contacts. See if your business is leveraging tactics like data scraping, keeping mobile phone numbers, tracking website visitors who opted out of sharing data, or using third-party data.
If you're engaging in any of those practices, you need to re-evaluate how and why you're doing so. Those methods and resources aren't all necessarily forbidden under CCPA, but they're more strictly and specifically regulated than before — at the very least.
If GDPR and CCPA are any indication, data privacy measures could continue to become more stringent and protective of consumers' information as time goes on.
If your sales strategy relies on any online resources, you're going to have to continue to adapt as those regulations evolve. Be flexible and don't rely too heavily on any single tactic that involves consumer data. And stay abreast of any changes to these laws as they emerge.
If you're careful, compliant, and capable of adjusting your sales strategy to suit these kinds of measures, you'll be fine. Just be mindful of the changing landscape of data security and take these regulations seriously. No consumer information is worth having data privacy laws kneecap your entire business.