ABM, Meet Your New Boss, GDPR – Part Three of Four

GDPR is set to hit on May 25th, which, depending on which source you read, is either the end of the marketing world, or a great way to increase conversion numbers on your email campaigns. Time will tell which is right, so, for now, this blog series is concerned with understanding and adjusting the tactics for account based marketing (ABM) as they relate to GDPR.

Solve for GDPR

For our company’s GDPR readiness, Treasure Data’s own ABM initiative was put to task by our very own product – the Treasure Data enterprise customer data platform (CDP). Using our own solution for GDPR has been exciting for both sales, marketing and product teams. Being that we have less than 250 employees, we aren’t subject to GDPR yet so we didn’t HAVE to do this, but it was great seeing how our CDP works in the areas of database segmentation, opt in / opt out management, inbound leads, cold emailing and more.

This is a 4-part blog series covering how we achieved GDPR readiness. Over the month of April we will release the following sections:
Part One: Segment and Sync Your Databases, Consent, List Vendors
Part Two: Inbound Leads, Managing Opt in /Opt out
Part Three: Outbound Marketing Tactics
Part Four: Advertising
Download the entire white paper here.

Outbound Marketing Tactics

Outbound marketing tactics include cold calls, emails, social media outreach and even direct mail. If you thought it was ironic how direct mail has come back into vogue recently, it’s going to get even bigger after GDPR.

How GDPR Affects ABM Tactics

An ABM strategy usually employs a variety of digital marketing and direct marketing tactics, so it’s important to look at each one closely at how it might be affected by GDPR. Keep in mind that the rules around GDPR are still being finalized and interpreted, and this blog series is written by marketers, for marketers: you should consult with your legal team and security officer for specific direction and guidance on how these rules may affect your organization.

Get Treasure Data blogs, news, use cases, and platform capabilities.

Thank you for subscribing to our blog!

One thing to note for outbound marketing is GDPR’s provisions for “legitimate interest,” which allows for data processing without consent under certain circumstances. Some marketers have viewed this as a potential loophole to be exploited; however, extreme caution is advisable.

Legitimate interest is one of the most complex elements of GDPR and it applies differently to different forms of outbound. For further information, see an official interpretation of “legitimate interest.”

-Cold calls

It sounds like cold calls are going to be popular again. Unlike emails and SMS, which are double opt in, cold calls are “opt out.” At least that’s how things seem to be for the foreseeable future, but GDPR is still evolving, so stay tuned. Also note that if a contact tells your agent to stop emailing him or her, the agent needs to record that in your system of record (e.g., Salesforce), with the change propagated across all systems.

Here are a few tactics we’re trying with our team at Treasure Data:

  • Ensuring all cold calls or voicemails to EU contacts include an opt out:
    • For voicemails, we’ve added, “if you’d like to stop receiving calls, just let me know.”
    • For live calls in which we’ve generated interest, we simply ask to schedule the next call right then, which should put follow up calls within “legitimate interest.”
    • If a call does not generate interest, we’re testing versions of “If I think of something I think you’ll like, mind if I call back?” This verbal opt out should be compliant.
  • Tracking opt outs:
    • We’ve added an “opted out of voice contact” field to call disposition records. Here are some examples of what we log in the task history in Salesforce:
      • Voicemail with opt out
      • Called, qualified, scheduled follow up
      • Called, incomplete, scheduled follow up
      • Called, sent [asset name], scheduled follow up
      • Called, sent [asset name],
      • Called, incomplete, opted out of calls
      • Called, incomplete, opted out of all communications

You also need to make sure sales agents check the “call opt out” check box described earlier in the contact preferences section. This will ensure these EU contacts are not included in any call lists your sales ops team might create.

Again, this area falls under “legitimate interest,” which is still being interpreted and may be updated. For the foreseeable future, however, we think this is a safe way to engage in outbound calls.

An additional tactic we’re trying is having inside sales agents ask for verbal consent to email the contact a link to a particular asset, which is contained behind a GDPR-compliant “gate.” If the prospect opts in with verbal consent to email, you’re good for future marketing emails.

If the contact doesn’t give verbal consent to email, but does download the gated asset, the sales person can follow up via email as part of “legitimate interest,” though the email would need to pertain to the specific asset the contact downloaded.

-Cold emails

Cold outbound emailing has been widely used in both B2C and B2B marketing for many years, but GDPR is changing the game. Cold outbound emailing is suddenly a very risky tactic.

Some marketers claim they’ve uncovered a “secret way” to cold email and still be GDPR-compliant. They argue that you can send a cold email introducing yourself and encourage interaction based on some contextual or real world event that arguably qualifies as “legitimate interest.” By this thinking, you could send one email, which can’t include a product but must include an opt out link. If the contact responds, great, you can continue to email the contact on the given subject. If not then you are prevented from further follow up.

We see a big flag in this: Under GDPR, it’s illegal to buy a cold list of emails unless the list vendor can provide proof that the list is made of people who’ve opted in. If a complaint is filed, however, you and your company will be on the hook, not the list provider.

From Treasure Data’s perspective, the only way to safely do cold emails may be to have a vendor send emails on your behalf (like an outsourced sales development team) and provide you with any warm leads it uncovers. As long as you’re only providing email copy to the vendor, and don’t have the contact information from the vendor’s list, you should be safe.

However, we would suggest holding off on this tactic until several months after GDPR takes effect to see how the rules are being enforced. If other companies prove that it works, you could consider joining the bandwagon.

-Social media outreach

Social media marketing will largely be unaffected by GDPR (except advertising, see more on that below) since the terms and conditions of sites like Facebook, LinkedIn and Twitter cover you.

Additionally, anyone you’re connected to, or who has liked your page, can sever your connection simply by un-following you, etc. This kind of control on the contact’s side is exactly what GDPR is trying to enforce across all marketing channels; it just so happens that social media already has this built-in.

What this likely means is that social media marketing is about to get even more sophisticated as companies learn to leverage it more in the absence of more traditional techniques like cold email.

-Direct mail

What’s old is new again. Direct mail is seeing a resurgence as marketers look for ways to cut through the digital noise and reach contacts higher up in the org chart. With GDPR, this tactic will likely become even more popular as it’s not as regulated as much as most digital forms of communication.

Like cold calls, direct mail is opt out vs. opt in and falls under “legitimate interest” so you’re free to send packages, etc., so long as you can show that it’s related to the contact’s interests and minimally intrusive to his or her life. Of course, if you receive a notification to stop, then you must.

There’s still a risk, however, and that comes in how well you track these opt out requests. Again, like cold calls, it’s recommended that you log direct mail activities in your CRM and create a disposition status that tracks the opt in / out status.

As with all things GDPR, caution and due diligence is advisable. Certain rules around GDPR are subject to interpretation, and will likely evolve over time. It’s best to consult with your own legal team and security professionals for specific direction and guidance on how GDPR may affect your organization.

End of Part Three of Four

Coming up next week in Part Four: Advertising with corporate IP targeting
Download the entire white paper here.

Erik Archer Smith
Erik Archer Smith
Erik Archer Smith is a data-driven marketing and sales professional at Treasure Data with 10+ years experience helping companies scale during phases of hyper-growth. Erik got involved with tech early and built the first social media site in Japan using open source technology in the early 2000s. When not working, he enjoys spending time at the beach with his wife and dog, and obsessing over character-build stats in whatever RPG currently has him hooked.
Related Posts