3 Data Privacy Responsibilities of Cold Outreach
Though email is still one of the most effective forms of marketing out there, you should be aware that using email marketing – especially in cold outreach – comes with certain responsibilities.
If you are based in Europe, you are probably already acutely aware of this. The General Data Protection Regulation (GDPR) is a legal regulation issued by the Council of the European Union and the European Parliament. Its main purpose is to protect the personal data of EU citizens, and it includes detailed and stringent processes that companies have to follow. Even if you are not in the EU, though, the GDPR still forms the gold standard of how to work with customer information, and so is worth paying attention to.
In addition, managing cold outreach emails is as much about managing customer expectations as working with data at a technical level. One of the reasons why email outreach is so effective is that email is still the “most personal” form of communication for most people, and they can react strongly to emails that they think are inappropriate or unnecessary.
In this guide, we’ll look at three key principles of managing your data privacy responsibilities when it comes to cold email outreach. These principles include both technical measures, and also tips on how to avoid alienating your customers.
1. Make Legitimate Offers
If you’ve done your targeting correctly, it should be obvious to your customers why they have received an email from you. That doesn’t mean your email copy can assume that, though. Any cold outreach email should use a feature-benefit tactic to show the clear benefits that you are offering your customers.
Not only is this a basic principle of writing emails that actually get read, but it can often help to control any potential concerns that your customers have about you having access to their contact details. As we mentioned above, customers can react strongly (and negatively) to a flood of emails that they don’t think are relevant. If your emails are clearly relevant to them, they are less likely to raise issues about the way that you are working with their data.
The idea of “legitimate interest” was, in fact, encoded into the GDPR, but it is a good principle to follow even for companies outside Europe. In this legislation, it is defined as when your data is not covered by the law, “but is of a clear benefit to you or others.” That means that you should only collect and process data on your customers if your interest outweighs an individual’s right to privacy.
In short: unless you actually have something to offer your customers, and make this clear in your emails, you are not treating their data responsibly, and they are likely to call you out on this.
2. Ensure Your Prospecting is Targeted and Appropriate
The first step in any email campaign is to build a list of targeted prospects, and this is also where your data privacy responsibilities begin. The headline here is that the data you collect on your prospective customers should be “adequate and relevant to the purpose of its processing”, as the GDPR puts it.
More practically, there is a simple test when it comes to identifying the leads that you are actually going to email: would they be surprised to hear from you? If the answer is yes, then your targeting is not specific enough. Given the business of your customers and your business, it should be obvious why you are contacting them.
This targeting needs to take into account a number of key factors. Most companies are aware of the fact that you need to target key players in your industry, but many also overlook the importance of geographical targeting. In a world where a small but growing minority of your customers use a top VPN to hide their location, geographical targeting can be tricky, but again there is a simple principle at play here: if you don’t know where someone is, don’t collect data on them.
Finally, when it comes to email targeting, you should also be aware that you have data privacy responsibilities even when you have bought a list of pre-identified customers. You should undertake the same auditing and checking procedures on these lists as those that you have generated yourself.
3. Unsubscribing and Opt-out
Finally, you need to ensure that your customers have an easy way to stop receiving your cold outreach emails. Again, this was a right written into Europe’s GDPR, which says that you need to inform your recipients how to exercise their right to erasure and their right to restriction, but is also a feature of legislation in some other territories.
This is not a difficult process to implement. You can include an opt-out link in your emails, or inform customers that they can reply and say that they don’t need your emails anymore.
The important thing to recognize, when it comes to opt-outs, is that you have to enforce this.
That means creating a list of customers who have opted out, and checking that you don’t contact them again. It also means deleting any data (beyond their email address) that you hold on them. If you don’t do that, you are opening yourself up to both criticism and (potentially) lawsuits.
Responsibility and Brand Image
You could, of course, ignore this advice and just send emails to everyone you can find. We don’t recommend that, though, for at least two reasons.
The first is that, depending on where you are based, you could be breaking the law.
The second reason is more complex but arguably more important. In a world where consumers are acutely aware of phishing scams, sending unsolicited emails is a quick way to get a bad reputation. Keep in mind, while targeting is a great idea, a small but growing minority of your customers use a VPN to hide their location, making geo-targeting less effective. If customers start receiving a flood of poorly-targeted, poorly-researched, un-opt-outable emails, they are going to tell their friends about it. And ultimately, that can hugely damage the reputation of your brand.
Make sure you follow the three principles above, though, and your cold email outreach campaign will be safe from this risk.