The last year has seen business organizations reviewing data policies, implementing reforms, and strengthening data privacy and security measures in their companies.

All these to satisfy one document–the General Data Protection Regulation (GDPR).

The GDPR is an EU policy for the protection of personal data that’s set for enforcement this coming May 25. By now, we’re well aware that the GDPR will have huge impacts on marketing and IT. But how should sales teams adjust to the GDPR? Will sales teams be affected, or should sales go on as usual?

In business, everything is connected, and so we expect the effects of GDPR on marketing and IT to trickle down to sales, the lifeblood of any company.

Here are five things sales teams should know about the GDPR and its possible impacts on their work.

  1. Data subjects have expanded rights under the GDPR.

The GDPR introduces these rights for data subjects:

  1. Right of access. This refers to a subject’s right to know details about the use of his/her data.
  2. Right to rectification. Controllers have a responsibility to correct inaccurate data or complete information about a subject.
  3. Right to erasure or right to “be forgotten.” This means that a subject can request the immediate erasure, deletion or removal of his/her personal data.
  4. Right to restriction of processing. With this right, a subject can request controllers to limit processing done to their data.
  5. Right to data portability. Controllers are obligated to provide data in a “structured” form, or simply, in an easily digestible form.
  6. Right to object to processing. This means that subjects can, at any point, object to processing done to their data.
  7. Right to refuse automated decision-making and profiling. A subject can refuse to let non-humans (read: AI) process his/her data.

Understanding these rights is essential to grasping the full impact of GDPR on your sales funnel. If you know what the subject is entitled to, then you can adjust your sales process and prepare for possible conflicts.

  1. You’re likely to get fewer but higher-quality marketing leads.

If you source leads from third-party sources, then chances are high that those are acquired without consent– a possible violation of the GDPR.

Requirements regarding consent will force marketers to be more conscientious in lead generation. Instead of grabbing every searchable email, marketers would need to secure permission from prospects before inputting their names and emails in your marketing list.

This will inevitably lead to sales teams working with fewer but warmer leads. This can yield higher conversion rates, but the smaller pool means salespeople may also need to source leads on their own.

  1. You need consent for cold emailing and email tracking.

Cold emailing and tracking both involve the recording and use of personal data and are thus subject to the GDPR. They are complicated as they can be construed as spamming, an absolute no-no in the GDPR.

To be on the safe side, it’s best to get your subjects’ consent for these purposes. Explicit consent is one of the six lawful grounds for processing data cited by the GDPR. You could get consent by sending prospects opt-in forms and explaining why you’ll be sending them emails and tracking their email activity.

  1. Contacting prospects via phone isn’t prohibited–but it needs to be justified.

Chapter 2, Article 6 (1)(f) of the GDPR recognizes the intention of companies to market their products or services as a legitimate reason for contacting prospects. This sounds like a win for sales, but this recital is countered by the EU’s Data Protection Working Party with a document emphasizing checks and balances regarding “legitimate interest.”

So, to be clear: you can still cold call but you need to justify it. A tip here would be to record calls and secure consent first before uploading personal data obtained during these calls to any database.

  1. Sales teams have to work closely with marketing to reduce risks of violating the GDPR.

Personal data flows into an organization from various channels. Sometimes, they’re collected by the marketing team from second or third-party sources. Sometimes, sales reps get personal information directly from prospects. This multichannel situation isn’t a problem–it’s just part of reality.

The GDPR, with its stricter regulations on personal data privacy and security, challenges sales and marketing teams to work together to ensure that every bit of info we have on our customers is properly acquired (with the consent or lawful basis) and stored for a legitimate purpose. To avoid fines and penalties, we have to scrutinize sales and marketing processes, bridge gaps, and align overall data policies and procedures with the GDPR.

With the GDPR coming into force soon, it’s imperative to get the whole organization on board with GDPR compliance. When all teams are actively engaged for GDPR compliance, your business will survive this new wave of data regulations–and possibly, benefit from it.