Do I need to inform recipients that they are being tracked?
You will need to consider the following if you need to inform recipients that they are being tracked:
Lawfulness of Processing under Article 6 of regulation
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
For example, if you need the information to carry out the duties of your job.
When is it ok to process information?
Processing of data is okay if it’s:
- Being done under the consent of the individual
- Necessary to perform a task in public interest
- Necessary for initiating a contract
- Required under a legal obligation
- Needed to protect the vital interests of an individual
- Within the category of legitimate interest
What is legitimate interest and how can I use it within my cold outreach?
Recital 47 Overriding legitimate interest
Legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. If the company has a justified interest in ‘cold’ acquisition through email marketing and sales outreach, the marketing and sales emails can be allowed to potential customers without consent.
What do I need to consider when defining legitimate interest?
If your job does not require you to collect, obtain, retain or process personal data, then legitimate interest will not apply.
Is it possible to GDPR Compliant when it comes to cold outreach?
You will need to ensure that you are targeting the right market. For example, if you sell HR software, you need to segment your cold outreach strategy. Target those who would be interested or deal with your product like, HR Directors, Head of HR, HR Managers etc. This way, legitimate interest can easily be proven when coming up against strict GDPR laws against cold outreach.
How can I adapt my outbound strategy to prove legitimate interest?
When it comes to GDPR, you will need to add a few more steps to your outbound strategy when contacting prospects within the EU. You will need to add questions like the following to your profiling and prospecting process.
Do I have a valid legitimate interest for processing the prospect’s data?
Does the processing of this data threaten the rights and freedoms of the individual?
If you answer ‘yes’ to question one and ‘no’ to question two, a legal basis for processing the data likely exists.