paint-brush
Best Practices for Cold Emailing Under GDPRby@denis
879 reads
879 reads

Best Practices for Cold Emailing Under GDPR

by DenisNovember 22nd, 2019
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

As a growth hacker I do cold emailing. A lot of companies rely on this lead source for marketing campaigns. Some people think that GDPR does not allow cold emails. But, no, they are wrong. Cold emails is direct marketing. You can do cold emails for your business if you do it right. You cannot write cold emails to individuals (B2C) without their implicit consent. You should always introduce yourself — both your full name and the company you represent. You should use only email addresses available in public lists.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Best Practices for Cold Emailing Under GDPR
Denis HackerNoon profile picture

As a growth hacker I do cold emailing. A lot! 

If you thought that growth hackers don’t do them — you are totally wrong! Sometimes it one of the best lead source for a startup that don’t have a lot of money to spend for huge marketing campaigns. A lot of even big companies rely on this lead source. 

However, some people (most of them) consider cold emailing as a spam. And yeah, sometimes it is spam if you do it wrong. Some people think that GDPR does not allow cold emailing. And, no, they are wrong. 

You can do cold emailing for your business if you do it right. 

I read GDPR original text several times with all reticles, read several official bodies (like British ICO) additional guidelines and spent several several dozens of hours with different legal consultants and now I’m ready to share definitive guide with dos and don’ts for GDPR compliant cold emailing.

Just small clarification and disclaimer: 
- I will talk only about cold emailing. Only emails and only cold. I will cover other types of communication under GDPR next time.
Cold emails is direct marketing. Direct marketing is not only cold emails.
- All things that will be listed below are true only for the date of publishing and everything can be changed by the date you read it or in some specific countries. 

Below you may find all my findings regarding GDPR compliant cold emailing

  1. You cannot write cold emails to individuals (B2C) without their implicit consent. Never
  2. Should always be able to answer to the three “simple” questions: 
    - Is there really a legitimate interest/purpose to process data?
    - Is data processing really necessary and can directly contribute to meeting that purpose?
    - Is data processing conducted with respect to the rights and freedoms of data subjects?
    Yeah these are simple questions with hard answers. I will cover these questions below. 
  3. You should always introduce yourself — both your full name and the company you represent. 
  4. You should use only email addresses that are available in public lists
    To put it simply, emails you use for cold emailing should be available somewhere on the web.
    That was the main reason why I droped my favorite snov.io and moved to hunter.io — Hunter let me use only those emails that are available publicly. 
    Note: Hunter by default provides awful emails in terms of deliverability, so don’t forget to verify all of them. 
     
    It is not necessary to show the source of each email in your template, but you should always have an ability to provide the source to any of your prospect on request. 
  5. You should always provide your prospects clear and easy-to-use way to opt-out and stop receiving your emails.
  6. You should have a Legal Notice in your signature. 
    Why? — to show your prospects all this shit I’ve mentioned above: that their contact details were found publicly, that they can opt-out, that they have a right to object, why you reach them and what is the basis, etc.
    In this article you may found several great examples of legal notices for your cold emails
  7. If someone decided to opt-out (clicked your unsubscribe link or replied you that they want to opt-out) — never reply them write them again. 
    Even such innocuous things like “yeah, sure, I won’t reach out to you again”. 
    Yeah, that’s a bit strange, but they decided that they don’t want to receive ANY email from you. So, stop right away. 

That’s all Dos and Don’ts if you are doing cold emailing while you want to keep your GDPR compliance safe. Of course, all other “cold emailing best practices” you may find over the web apply as well.

Sources
https://eur-lex.europa.eu/eli/reg/2016/679/oj
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32002L0058
https://ico.org.uk/media/1555/direct-marketing-guidance.pdf
https://ico.org.uk/media/about-the-ico/disclosure-log/2014536/irq0680151-disclosure.pdf