GDPR and Sales

1. Organise the Data

a. What data do you have on your employees, suppliers and customers?

b. It should be organised and in one central location

c. It should be password protected if it is stored in a soft format

d. I recommend a silo format of storage which will hopefully reduce the threat should you have a data breach

  • HR

  • Departments

  • Suppliers

  • Products

  • Customers

  • Regions

e. If multiple people need to access the information they should be restricted by passwords and IT server permissions to only access the information they need.

f. Personal Data is information that could be used to identify a person

  • Name

  • Address

  • IP address

  • Email

  • Phone number

  • Photos of the person

2. The information should be safely secured

a. You need to take all precautions to prevent leaking or hacking.

b. Latest Anti-virus software.

c. Could you remotely wipe devices if they were lost or stolen?

d. Is the information on the device password-protected?

e. Hard copies how are they secured – Fire-proof cabinet

f. Like Health and Safety, a Risk Assessment of how you secure the date is required with regular audits, changes of passwords etc. If you are audited, you can show assessments of each risk and how you have tried to mitigate against each risk.

3. Don’t hold onto data unnecessarily

a. If you have stored business cards from a trade show 3 years ago and you don’t engage with some of the prospects today you need to contact the people and ask if you can retain their information.

4. Write a clear and fair processing policy

a. This is like your Privacy policy and should be found on your website (if you have one) or made available to prospects and customers.

b. The document should be explaining what information you are going to take and what you are going to do with it.

c. NO JARGON and there must be no ambiguous text or legal text. This is written clearly in the GDPR law.

d. The document should have the following information.

  • What information is being collected

  • Who is collecting it?

  • How is it collected?

  • Why is it being collected?

  • How will it be used?

  • Who will it be shared with?

  • What will be the effect on the individual concerned?

  • Is the intended use likely to cause individuals to object or complain?

5. Have a process for providing what information you have on a person

  • You must do this within one month.

  • You must do it free of charge.

6. Have a process in place to delete all information on the person, employee, supplier, and customer.

  • This is how I believe companies could fall foul of the law, a prospect asks to be removed from the marketing email and they keep receiving emails.

7. Allow people to Positively opt-in for marketing

  • They must act to say yes (possibly tick a box) that you can have their specific data and use it in the way that you have stated.

  • Consider double opt-in – with an email to confirm the subscription to your email marketing.

  • Signed a document to say they are happy for you to use the data

8. Try a layered opt-in form – they can subscribe to the monthly newsletter but not the daily digest.

When a prospect clicks on a box there should be text beside it with a Link to bring them to the document on GDPR so that they can clearly see how the information will be used.

9. You must make it easy for the person to opt-out

  • Unsubscribe from an email

  • Unsubscribe via the website

  • Either option should be clear with no small text.

  • You need a strict policy that someone does not get any further information.

10. Make sure all your team is aware of the laws.

  • Appoint someone to be a Data protection

  • They should have agreed in writing

  • Each employee should be trained on GDPR

  • Each employee should agree that they understand GDPR and sign to say they will agree to uphold the law.


1. What if I want to buy Data

2. The person you’re buying the data from must be GDPR

3. The person on the list must have agreed to 3rd party contact

4. What if I want to sell the business in the future can I sell my data on to the new business owner

5. Add an assignment clause if someone buys your business, they will have the data and will use it for the same purposes

6. The new owner must agree in writing that they will do the same

7. What about the old data you have?

8. Contact all your database employees, suppliers and customers; they need to positively opt back into the data you hold

9. Email template informing someone you’re holding their information


Hi David,

We just wanted to inform you that your contact details have now been stored in our CRM system. Your contact details may include name, email address, company information, role and phone number. We do this to be able to serve you in the best possible way in the future. All information is stored securely and according to current laws and regulations.

If you have questions or objections to this, please let us know by replying to this email or by contacting our customer service team. For more information on this topic please visit our Privacy Statement here.

In the spirit of helping you succeed and sell more, we would like to share with you links to our Sales Tips and Advice through our newsletter and sales training events and more.

Best Regards


Email Marketing opt-in


Please update the subscription list below to reflect the information you would like to receive from us in the future and press confirm.

Sales Training Course


Sales Tips and Advice

Press Releases

Privacy Statement CONFIRM

If you found this article useful you will enjoy our sales training courses.

15 views0 comments

Recent Posts

See All