Picto Dropcontact - demi rond jaune et vertPicto Dropcontact - Shapes droite

The General Data Protection Regulation (GDPR) in B2B

GDPR rules to follow if you want to prospect B2B leads with Cold Email

One of the first questions you ask yourself when you want to develop your business is: can I prospect by email?

The answer is... not so obvious 😉

GDPR and email marketing

GDPR and B2C prospecting

In B2C, you can't prospect by Cold Email. It is strictly forbidden by the legislation in place in many regions.

All marketing emails must be opt-in. Meaning that each recipient must have explicitly agreed to receive an email.

There are several ways to give consent to the use AND resale of your data:

  • Via a registration form and validation of the general conditions
  • By subscribing to a newsletter, ticking the box to give consent that your email address and associated data will be used or sold to a third party or partner.

However, you may not, under any circumstances, email a person without their consent. The GDPR strictly forbids it.

It is therefore essential to know the source of your B2C data before launching any commercial approach.

GDPR and B2B prospecting

In B2B, the CNIL (the french administrative organisation that regulates data privacy law) recommends that you opt-in. This is a recommendation.

Nevertheless, a few rules must be followed: The person that you approach must have a legitimate interest in the reason why you are prospecting to them.

For example, if your business is selling computers, it is perfectly legitimate to prospect to IT managers, or companies with a need for computers.

However, if your business is catering and selling meals at home, then it is not legitimate to address employees of a company to their work email address. This is a "personal" activity with no connection to the company's activity: the interest is for the employee as an individual.

But, if your catering business offers lunchbox machines to be installed iat work, then it is legitimate.

The CNIL recently sanctioned for these reasons.

The nuance is important, it is what gives you the right or not to prospect companies that have not explicitly given their consent before reaching out.

In any B2B email prospecting process, it is essential that your contact can easily and immediately unsubscribe.

Cold Email prospecting - Don't forger the law
Your leads have to be able to unsubscribe

👉🏻 GDPR: can we send prospecting emails?

👉🏻 Going further: CNIL: commercial prospecting by e-mail in B2C and B2B

GDPR and B2B data enrichment

Having contacts is good. Being able to enrich them with all their useful data such as professional email address or telephone number is better!

Currently, to enrich a contact, all the solutions on the market use databases.... And your own contacts are probably used to enrich those of others 🌀

All of them... Except Dropcontact which uses NO database to find and enrich emails.

Dropcontact relies on proprietary algorithms and test servers.

With each search, the algorithm is launched to enrich data without having togo through any database.

If we talk about databases, today LinkedIn has the largest and most up-to-date database ~450/ million profiles regularly updated by the users themselves!

But is it allowed to store or extract data from LinkedIn?

GDPR and B2B database

A few years ago, you could scrape massively. Several companies have done so in very large quantities: tens, even hundreds of millions of profiles scraped from LinkedIn.

These companies have in fact built a copy of LinkedIn. Do you see the problem? 🤨

Other companies have found a quick "and efficient" way to build up personal databases: third-party extensions or applications (personalised contact directories, extensions, chrome...). By installing the application or extension, without even realising it, you "accept" the terms and conditions, including the sharing and resale of information from your email inbox, calendar, or other directories: first name, last name, personal telephone number, postal address....

Since March 2019 Google has, among other things, blocked such extensions. These techniques are now more complicated to implement.

This stored data was obviously intended for resale...

Storing a nominative database and reselling it is strictly forbidden by the GDPR.

Today, some companies are buying these databases on the dark web 🤐 Beyond the ethical problem, it is above all a matter of concealment.

Concealment is the act of holding or transmitting something, or acting as an intermediary to transmit it, knowing that the thing is the product of a crime.

The fact of knowingly benefiting, by any means, from the proceeds of a crime also constitutes concealment.

The hunt on the Dark Web has been on for several years and the responsible parties are starting to "fall".

You may not resell or transfer this data without a mandatory opt-in for resale: that is, a conscious and explicit agreement to resell the data to known and validated partners.

Have you already checked whether your contact data are in these databases? Have you ever explicitly given your consent to their resale?

It is quite clear that very (very very!) few people still give their consent to the resale of their data.

All data purchased this way is not GDPR compliant.

It is important to remember that there is a chain of responsibilities and that each link in the chain must know the source of each of the data used in the prospecting: reseller AND buyer.

Once the ethical and legal issues have been addressed, another major problem with the storage of contact data is data obsolescence.

In 2021, the obsolescence rate of professional personal data is about 33%.

And this figure does not take into account the Covid crisis. The crisis has led to an explosion in the number and speed of company changes.

Data obsolescence is accelerating globally.

At Dropcontact, we do not have a contact database:

  • No problem with data obsolescence; all data is fresh through algorithms and real-time test servers.
  • 100% GDPR-compliant.

🍒 A little icing on the cake, Dropcontact can identify the validity of Catch-Alls. Dropcontact is the only solution to crack this well-known problem for Sales, Marketing and Growth teams.

And it's not over...but

Stay tuned to Dropcontact

Go further 🧨

Most frequently asked questions

Is enriching data GDPR compliant?

Enriching contact data with professional information like professional email addresses ou professional phone number is possible. Yet, most of the solutions on the market are actually creating databases to enrich your contacts, leads or prospects. This practice is not GDPR compliant, since buying a contact database and storing it is prohibited.

What's data reselling?

Reselling means concealing, holding or sharing something, either directly or as an intermediary, in order to hand it over while knowing it comes from an infraction. Knowingly taking advantage of a product resulting from an infraction, by all means, is also considered as reselling, as part of the 321-1 article of the Code pénal.

What are the GDPR rules when it comes to B2B prospecting?

When it comes to B2B prospecting, your prospect must have a legitimate interest in being contacted.
Share this article

Let's Get Started !

Don't waste a single minute
on your CRM data!