GDPR is here, everyone freak out!

We’re kidding. But that does seem to be the sentiment emanating from sales and marketing teams in Europe and around the world. Can I still send cold emails? How will this affect prospecting? ARE WE GOING TO BE OKAY? The answers to those questions are: yes; you’ll have to be better at it; and yes, respectively.

GDPR compliance

As we recently wrote, this new legislation is all about giving more power to the individual, making sure that his or her personal data is collected, stored, and used ethically and transparently — all principles that form part of who we’ve been as a company since the beginning.

For that reason, our practices haven’t changed much since GDPR has been the talk of the town. (Below we’ll go over how you can also remain calm about GDPR by following very easy steps).

Since our family of now 100,000+ happy monkeys consists of internal comms professionals and sales teams, we’ve worked hard to be in the vanguard of best practices for emailing and story telling, of course, but also for data privacy and security.

In terms of GDPR compliance, here are some concrete steps we’ve taken:

  • Familiarize ourselves and understanding the rules and regulations of the new law
  • Updating our Privacy Policy and Terms of Service documents
  • Developing a list of all the plugin sections of our product in order to comply with the regulation
  • Implementing changes to  ensure all our users can comply with GDPR when sending emails via ContactMonkey
  • Developing a list of all the sections within our website to ensure we fully comply with GDPR
  • Ensure personal data of ContactMonkey users and email lists subscribers is protected and GDPR compliant
  • Educate our users and subscribers about GDPR in relation to email outreach, email tracking and develop best practice documentation

That’s what we’re doing. Now, in terms of what YOU can do to make sure you’re being compliant, here are some of the best practices we’ve also implemented at ContactMonkey HQ that you should follow.

1) Always adhere to Do Not Contact Lists

Whether it’s a promotional marketing email or your sales team reaching out to prospects, you need to be impeccable when it comes to cleaning up your lists and adhering to people who have asked you to not contact them or unsubscribe them from your list. Although in the past you could simply reply to a complaint with a one liner like “Our apologies, you have no been removed from our list”, those types of mistakes could expose you to violation claims. As marketers we also need to ensure that we are always cleansing our email lists to ensure we prioritize quality over quantity.  

2) Data Minimization

Another key tenet of GDPR is that, even when your contacts have entered their data consensually, you should only process the data that is necessary and of legitimate interest. For example, it’s normal that your sales team collects data such as first name, last name, email and phone numbers but anything beyond that could be seen as a violation unless within your sales process it’s deemed necessary for the duties carried out, for example with cold outreach.

3) Be Mindful of Frequency and Cadence

Even when you obtain someone’s email through a legitimate form, abusively frequent emailing can be seen as an intrusion on the rights of the individual. We know, this does sound like a grey area but use common sense when it comes to emailing prospects and don’t abuse the trust they’ve put in you.

4) Always include Opt-Outs

Although this is fairly common practice, as a writer who subscribes to hundreds of newsletters and blogs I always find a couple that don’t really give me an option to opt-out or unsubscribe from their emailing list. Always make sure to add opt-out and privacy notice information in all of your correspondence. When it comes to GDPR compliance, the rule of thumb is to err on the side of safety, so make those opt-out buttons super prominent!

5) Use ContactMonkey to add your EU prospects to a GPDR List

This is not even a shameless plug but rather a no brainer! Whether from Gmail or Outlook, you can use our Salesforce integration feature to add notes or assign a EU contact to your GDPR list, all from your email client, why not even create a custom field and we’ll display it for you in our sidebar and become a habit for you. That way, whenever someone in your sales team comes across the lead, they’ll know their email practices will have to adhere to GDPR legislation.

How to Practice GDPR Compliance as an Internal Communicator

Although above we went over general guidelines to comply with GDPR, sometimes it can be tricky to identify what applies to you as an internal communicator. Although sales and marketing are the most affected by GDPR regulation, there are a few ways internal communications plays role. Here are some tips to make sure your IC team is GDPR compliant.

1) Transparency: whether it’s part of your contracts, job offers, or training materials when interacting with employees they need to be aware of what data you are storing and what you are using it for. For example, like Sales and Marketing teams, Internal Communicators rely on personal data to personalize communications to boost employee engagement and participation. With ContactMonkey, for example, you can personalize your subject lines and body copy to increase email open rates and engagement. You need to be thorough when communicating what exact data you’re collecting, why you’re collecting it, where it is stored and who employees can get in touch with if they have concerns about their personal data.

2) Business Case for Data Collection: another important thing to keep in mind is that you need to be able to prove the business case for collecting data from your employees. When it comes to IC, that’s an easy task, given that by tracking internal comms emails you are able to measure and improve employee engagement, which has been proven to have a direct impact on the bottom line.

3) Train your Employees to Be Mindful of GDPR: whether it’s sales and marketing, or HR and IC, you need to make sure old and new employees know exactly how to be GDPR compliant. Just because you, as a company, have taken every step to adhere to regulations doesn’t mean that one careless employee can get you in hot waters. We suggest you begin by sharing this guide with them so they know how to go about handling data and reaching out to external people.

4) Ensure All of your Third Party Tools are GDPR Compliant: as we covered above, ContactMonkey has taken every step to be GDPR compliant. However, as you add more tools to your repertoire of communications weapons, you need to keep updating your employees regarding what data, if any, you’ll start to collect.

Although the language in your contracts may give you legal cover for any sort of data collection, for transparency’s sake you should be updating your workforce any time you implement a tool that collects data.

Get Started With Internal Email Tracking


There you have it. Although it is a normal reaction to freak out about such robust (and sometimes vague) legislation, ultimately it will help internal comms and sales teams send better email by building relationships based on trust, mutual benefit, and transparency.

Let us know in the comments below, or tweet at us if you have any questions or concerns regarding GPDR compliance. We’re more than happy to lend a monkey hand?

Get Started With Internal Email Tracking