{"id":4613,"date":"2020-07-14T09:00:19","date_gmt":"2020-07-14T07:00:19","guid":{"rendered":"https:\/\/woodpecker.co\/blog\/?p=4613"},"modified":"2025-01-21T10:24:28","modified_gmt":"2025-01-21T09:24:28","slug":"gdpr-faq","status":"publish","type":"post","link":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/","title":{"rendered":"GDPR for Cold Sales Email Senders &#8211; FAQ"},"content":{"rendered":"<p><iframe loading=\"lazy\" src=\"https:\/\/w.soundcloud.com\/player\/?url=https%3A\/\/api.soundcloud.com\/tracks\/1129676416&amp;color=%23ff5500&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false&amp;show_teaser=true\" width=\"100%\" height=\"166\" frameborder=\"no\" scrolling=\"no\"><\/iframe><\/p>\n<div style=\"font-size: 10px; color: #cccccc; line-break: anywhere; word-break: normal; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; font-family: Interstate,Lucida Grande,Lucida Sans Unicode,Lucida Sans,Garuda,Verdana,Tahoma,sans-serif; font-weight: 100;\"><a style=\"color: #cccccc; text-decoration: none;\" title=\"Woodpecker.co\" href=\"https:\/\/soundcloud.com\/woodpeckerco\" target=\"_blank\" rel=\"noopener\">Woodpecker.co<\/a> \u00b7 <a style=\"color: #cccccc; text-decoration: none;\" title=\"GDPR For Cold Sales Email Senders | Blog Post Recordings\" href=\"https:\/\/soundcloud.com\/woodpeckerco\/gdpr-for-cold-sales-email-senders-blog-post-recordings\" target=\"_blank\" rel=\"noopener\">GDPR For Cold Sales Email Senders | Blog Post Recordings<\/a><\/div>\n<p data-pm-slice=\"1 1 []\">We get lots of questions from Woodpecker users about GDPR (General Data Protection Regulation) and how it affects cold email outreach. It&#8217;s still a new topic but very important to anyone using things like automation software, a crm database and other tools for direct marketing purposes or reaching out to prospective clients.<\/p>\n<p>That\u2019s why we\u2019ve put together a GDPR FAQ \u2013 a list of frequently asked questions about the regulations along with our answers. We hope you\u2019ll find some useful information and practical tips about <a class=\"inlinks\" href=\"https:\/\/woodpecker.co\/blog\/align-marketing-sales\/\" target=\"_blank\" rel=\"noopener noreferrer\">processing data and managing your <\/a>email campaigns according to the GDPR principles.<\/p>\n<p>After all, sending GDPR-compliant cold emails is a must if you want to stay on the right side of the law.<\/p>\n<p>If you want some background on the basics of GDPR first, take a look at this post:<\/p>\n<h4><a href=\"https:\/\/woodpecker.co\/blog\/cold-email\/general-data-protection-regulation\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR \u2013 General Data Protection Regulation Practical Guide for Email Senders &gt;&gt;<\/a><\/h4>\n<p><strong>Disclaimer:<\/strong> You should treat this post as a guide that will help you understand GDPR, not as legal advice. If you are unsure about how to organize your marketing activities in accordance with GDPR, contact a lawyer to get definitive answers to your questions and help you stay GDPR compliant.<\/p>\n<h2>GDPR FAQ<\/h2>\n<p><strong><a class=\"gdpr-popupclick\" href=\"https:\/\/woodpecker.co\/bonuses\/gdpr-checklist\/\" target=\"_blank\" rel=\"noopener\">Download\u00a0GDPR Compliance Checklist\u00a0&gt;&gt;<\/a><\/strong><\/p>\n<h3><strong>Q1: I\u2019m based in the US, do I have to be GDPR compliant?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">It depends. GDPR is designed to protect EU citizens, so it\u2019s not really a matter of your company&#8217;s location. It\u2019s about whose personal data you process. If your company is based in the US but some of your clients, partners, subscribers or prospects are EU citizens, you should process their data in a way that is compliant with the provisions of GDPR. This is your obligation as a data administrator.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you have a company that offers a piece of software, and this software allows other data administrators to process data, it would be reasonable to assume that at least a part of this processed data will belong to EU citizens. GDPR defines some obligations not only for data<\/span><a href=\"https:\/\/woodpecker.co\/blog\/predictable-prospecting\/\"> <span style=\"font-weight: 400;\">administrators but also for data processors<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So in short, if there\u2019s a chance your US-based company is an administrator of processed personal data, or a processor of personal data of EU citizens, you should be GDPR compliant.<\/span><\/p>\n<h3><strong>Q2:<\/strong><b>I send numerous email campaigns a year. Should I stop doing that when GDPR becomes legally binding?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Not at all. First of all, GDPR has not been designed to kill email marketing or cold emails. It\u2019s not even a regulation about emails, or marketing, or cold calling, or business. It\u2019s about protecting personal data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You have to remember, though, that in the course of sending your email campaigns and running a business you probably process personal data. If at any point you process the personal data of EU citizens, make sure you follow the rules. Processing personal data should be GDPR compliant \u2013 that is, you must follow certain principles. Read more about the<\/span><a href=\"https:\/\/woodpecker.co\/blog\/cold-email\/general-data-protection-regulation\/\"> <span style=\"font-weight: 400;\">GDPR principles here<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So no, you don\u2019t have to stop your email marketing campaigns, or your cold email campaigns when GDPR becomes binding. You should make sure the data used in those campaigns are being processed according to the rules of GDPR.<\/span><\/p>\n<h3><strong>Q3: Can I send cold emails to people under GDPR?\u00a0<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Yes, you can send cold emails to people at companies under GDPR. Again, the point of GDR is not to limit cold email marketing or make it contacting prospects difficult. It&#8217;s all about protecting the legitimate interest of EU citizens when it comes to the handling and use of their personal data in the digital world.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Back to cold emails. You need to target your prospects very carefully. You need to have a compelling reason to claim that the company the person works for can benefit from what your company offers in the email. Moreover, your business activity should be logically connected with the business activity of your prospect. That will be the <\/span><b><i>legal basis<\/i><\/b><span style=\"font-weight: 400;\"> to send someone an email without their previous consent to process their data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In other words, both parties have business interests and your aim is to help both sides benefit.<\/span><span style=\"font-weight: 400;\">Secondly, in each of your email messages, you need to inform your cold email recipients about exactly what personal data you are processing, for what purpose, and how they can remove their data from your mailing list, or change the data. That\u2019s how you fulfill the<\/span><b><i> information duty <\/i><\/b><span style=\"font-weight: 400;\">described in GDPR.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Thirdly, you should not process your cold email recipients&#8217; personal data for longer than necessary to complete the task of the purpose for which you are using it. GDPR does not specify any particular period of time. We advise removing from your lists the data of prospects who have not replied within 30 days from sending a cold email campaign to them. This will keep you in compliance with the data <\/span><b><i>storage limitation<\/i><\/b><span style=\"font-weight: 400;\"> principle while sending<\/span><a href=\"https:\/\/woodpecker.co\/blog\/how-to-write-a-cold-email-that-actually-works-six-step-tutorial\/\"> <span style=\"font-weight: 400;\">cold emails<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In summary, GDPR allows cold email outreach, just there has to be some real, legitimate reason why you pick a particular recipient for your cold email campaign.<\/span><\/p>\n<h3><strong>Q4: Is follow-up email a violation of GDPR?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Sending follow-ups does not violate GDPR as long as it meets the three requirements described in the answer above.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Processing data in case of sending a follow-up is not much different from processing the same data to send the first message. The only thing that changes is the time you have for sending follow-ups to non-responsive prospects in the EU. Again, GDPR does not define a time span for that, but we advise removing from your lists the data of prospects who have not replied within 30 days from the first email you sent them.<\/span><\/p>\n<h3><strong>Q5: Do I always need to have consent before emailing anybody?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">You can send B2B cold emails without the previous consent of your addressees to process their personal data only if the emails meet the three requirements described in detail in the answer to Q3 above:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><i><span style=\"font-weight: 400;\">a legal basis<\/span><\/i><span style=\"font-weight: 400;\"> for data processing<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">fulfillment of <\/span><i><span style=\"font-weight: 400;\">information duty<\/span><\/i><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">compliance with data <\/span><i><span style=\"font-weight: 400;\">storage limitation<\/span><\/i><\/li>\n<\/ul>\n<h3><strong>Q6: What about my current list of email subscribers? Should I remind\u00a0them why they are on my list and ask them again for permission to continue sending them the emails?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">If you asked their permission at the very beginning and they granted you their consent to process their data for specified purposes, you don\u2019t need to ask them for permission again.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, if the purpose of data processing has changed, or you plan to change it soon, you should inform them about the change and give them an easy way to decide if they agree to the new purpose of processing their data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Or, at the moment of their sign-up to your newsletter, if they were informed that their data will be processed for a specified period of time but the period has already ended, you should also ask if they agree to further data processing for specific purposes.<\/span><\/p>\n<p>\n<aside class=\"cta-block cta-block--a-version js-cta-block ab-no-10-cta-block ab-no-11-cta-block\">\n  <p class=\"cta-block__heading u-heading-preset-md-600\">Create better cold mailing campaigns<\/p>\n  <div class=\"cta-block__form-container\">\n    <form class=\"js-cta-block-form\" action=\"https:\/\/woodpecker.co\/signup\/\" class=\"cta-block__button-only-form js-cta-block-no-input-form\">\n      \n\n\n\n\n\n\n\n\n<button class=\"c-button js-button c-button--color-main c-button--size-small u-focus-visible-outline\">\nStart free trial\n<\/button>    <\/form>\n    \n    <form class=\"c-input-button-form js-cta-block-form cta-block__form\" action=\"https:\/\/woodpecker.co\/signup\/\" method=\"POST\" novalidate>\n        \n  <div class=\"c-form-field js-form-field  c-input-button-form__form-field\">\n    \n    <label class=\"c-label c-form-field__label\" for=\"cta-block-form-email-150058523\">Work email<\/label>\n\n                    \n  <input class=\"c-input  js-input c-input-button-form__input\" placeholder=\"will@woodpecker.co\" name=\"email\" id=\"cta-block-form-email-150058523\" type=\"email\" \/>\n            \n    <span class=\"c-form-field__error js-error\">\n                                      Invalid email format\n        \n\n                <\/span>\n  <\/div>\n\n        <div class=\"c-input-button-form__button\">\n          \n\n\n\n\n\n\n\n\n<button class=\"cta-block__button c-button js-button c-button--color-main c-button--size-small u-focus-visible-outline\">\n                Start free trial\n        \n\n<\/button>        <\/div>\n\n            <\/form>\n  <\/div>\n<\/aside><\/p>\n<p><aside class=\"cta-ebook-bundle js-cta-ebook-bundle ab-no-11-cta-ebook-bundle\">\n\t<div class=\"cta-ebook-bundle__container\">\n\t\t<div class=\"cta-ebook-bundle__content\">\n\t\t\t<div class=\"u-heading-preset-md-600\">\n\t\t\t\tSign up now and get our exclusive 3-ebook pack\n\t\t\t<\/div>\n\n\t\t\t<div class=\"cta-ebook-bundle__subheading u-heading-sm-400 u-text-l-400@mobile\">\n\t\t\t\t<span class=\"u-text-bg cta-ebook-bundle__accent\">Beginners Bundle<\/span> for free!\n\t\t\t<\/div>\n\n\t\t\t<img src=\"https:\/\/woodpecker.co\/blog\/app\/themes\/woodpecker-blog\/assets\/img\/cta-ebook-bundle-drawing.svg\" alt=\"\" class=\"cta-ebook-bundle__image\">\n\n\t\t\t\n    <form class=\"c-input-button-form js-cta-ebook-bundle-form\" action=\"https:\/\/woodpecker.co\/signup\/?variant=ebook-bundle\" method=\"POST\" novalidate>\n        \n  <div class=\"c-form-field js-form-field  c-input-button-form__form-field\">\n    \n    <label class=\"c-label c-form-field__label\">Work email<\/label>\n\n                    \n  <input class=\"c-input  js-input c-input-button-form__input\" placeholder=\"will@woodpecker.co\" name=\"email\" type=\"email\" \/>\n            \n    <span class=\"c-form-field__error js-error\">\n                          \t\t\t\t\tInvalid email format\n\t\t\t\t\n\n                <\/span>\n  <\/div>\n\n        <div class=\"c-input-button-form__button\">\n          \n\n\n\n\n\n\n\n\n<button class=\" c-button js-button c-button--color-main c-button--size-small u-focus-visible-outline\">\n    \t\t\t\t\tGet free TRIAL & ebook pack\n\t\t\t\t\n\n<\/button>        <\/div>\n\n            <\/form>\n\t\t<\/div>\n\t<\/div>\n<\/aside>\n<\/p>\n<h3><strong>Q7: Should all outbound emails (or emails in general) have an unsubscribe link included as mandatory under GDPR now?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Absolutely. The GDPR unsubscribe rule states that all emails should specify clearly the way in which the recipient can remove his or her data from your list, or change it. GDPR does not specify the way, so it does not say \u201cYou should use an \u2018Unsubscribe\u2019 link\u201d. It only says it should be an easy way, understandable for each person.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In practice, however, this does mean using an &#8220;Unsubscribe&#8221; link.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As part of email good practices, the \u2018Unsubscribe\u2019 link is common in email marketing messages, we add them to all of our marketing messages. There are, however, other ways you can provide a way to opt out to your cold email recipients. You can read more about them here:<\/span><\/p>\n<h4><a href=\"https:\/\/woodpecker.co\/blog\/cold-email\/cold-email-opt-out\/\" target=\"_blank\" rel=\"noopener noreferrer\">Should I Give My Cold Email Addressee a Way to Opt Out? (Updated) &gt;&gt;<\/a><\/h4>\n<h3><strong>Q8: What if I outsource list building. I have nothing to do with personal data gathering. Does it mean I have to be concerned with GDPR?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Yes, if you\u2019re going to use the personal data that someone else gathered for you and if the data owners are EU citizens, then GDPR still applies. Remember that GDPR is not just about gathering or storing data. It\u2019s about processing (using) <\/span><i><span style=\"font-weight: 400;\">and <\/span><\/i><span style=\"font-weight: 400;\">storing personal data. According to the regulation:<\/span><\/p>\n<blockquote><p>&#8216;processing&#8217; means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;<\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">Remember that if you make decisions about the data subject and the purpose of the data collection and use, you are the data administrator. And as the data administrator, you definitely should be concerned with GDPR. You should also make sure that the company you outsource list building to, should collect the data in a legal, fair and transparent way. In other words, you should know exactly how they obtain the data and be able to explain to the data owners how and why you got their data and for what purpose you&#8217;re using it.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Data consent is based on being able to meet this standard.<\/span><\/p>\n<h3><strong>Q9: What does &#8220;privacy by design&#8221; mean?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Privacy by design means developing every part of your solution in a way that it ensures data access controls the highest level of data privacy at every stage. In other words, you have to think of protecting the privacy of your users\/subscribers\/customers all the time while planning the processing of their personal data.<\/span><\/p>\n<h3><strong>Q10: I don\u2019t want to hire a GDPR specialist. Does that mean I won\u2019t have a chance to comply?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">You don&#8217;t have to hire any new people to specifically to keep your cold email GDPR compliant. You can appoint a current employee to take the role of Data Protection Specialist, or you can become one yourself.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Note that Data Protection Specialist and Data Protection Officer are two separate roles with different sets of competencies. If you run a small or medium business, and you don\u2019t process any sensitive data and there are no high risks when processing and collecting personal data at your company, you don\u2019t need a qualified Data Protection Officer. You can appoint a Data Protection Specialist, who will analyze the data processing and who will advocate solutions that will protect against data breaches that compromise contact details.<\/span><\/p>\n<h3><strong>Q11: Where can I get a GDPR certificate?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">There is no such thing as official GDPR certification, at least not yet. Various data security and certifications, like ISO, also aim at better data organization, processing, and security. Getting them will definitely be a step towards GDPR compliance. But you are not obliged to get any kind of official certification to prove that you are GDPR compliant. You can simply follow the principles described in the regulations themselves.<\/span><\/p>\n<p>If you&#8217;re still working on our GDPR compliance,\u00a0<strong><a class=\"gdpr-popupclick\" href=\"https:\/\/woodpecker.co\/bonuses\/gdpr-checklist\/\" target=\"_blank\" rel=\"noopener\">download\u00a0GDPR compliance checklist\u00a0&gt;&gt;<\/a><\/strong><\/p>\n<h3><strong>Q12: I got a cold email from someone and I feel it\u2019s illegal under GDPR, how can I inform them that I don\u2019t want to receive emails from them?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">In a case like this, you can reply in writing and request the deletion of your data from their mailing lists. If they still don\u2019t respect your request, you can try to verify what service they use to send the emails and contact this company as the processor of your personal data. As a data processor, they will also be obliged to help you get your data removed from a list you don\u2019t want to be on.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Remember that anyone who claims that you asked for the emails you say that you don&#8217;t want has to show that you provided opt-in consent.<\/span><\/p>\n<h3><strong>Q13: How does Woodpecker prepare for GDPR?<\/strong><\/h3>\n<p>We have a separate section on our website that describes what Woodpecker does in order to be GDPR compliant. You can find it here:<\/p>\n<h4><a href=\"https:\/\/woodpecker.co\/gdpr-compliance\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Compliance &gt;&gt;<\/a><\/h4>\n<p>After hosting our second webinar related to handling email outreach and email marketing under GDPR, we wanted to add a couple more questions.<\/p>\n<h3><strong>Q14: Can you send a B2B cold email to a personal email address (such as Gmail) if the email is used for someone&#8217;s job position?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">If you\u2019re certain that it is their work email or they expressed their consent they want to receive the message from you on that email, then yes, you can.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As with any type of communication under GDPR, the electronic history of your communications must be transparent. You need to be able to trace back how you got the<\/span><a href=\"https:\/\/woodpecker.co\/blog\/warm-up-mailbox\/\"> <span style=\"font-weight: 400;\">email address<\/span><\/a><span style=\"font-weight: 400;\"> and prove that your message is relevant to that person.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let the person know why you\u2019re contacting them and give them a clear way of opting out of your emails. Doing this via an unsubscribe link is not your only option. They can simply write that they don\u2019t wish to receive any further messages from you. Once they do so, respect it and delete their email address.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The crucial thing when it comes to B2B cold emailing is to make sure that you\u2019re contacting the right person at the right position who represents companies and fits your ICP. Untargeted emails may get you in trouble.<\/span><\/p>\n<h3><strong>Q15: Is keeping a list of contacts in Woodpecker making me the owner\/processor of the personal data?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">When you upload a list of prospects into Woodpecker, the prospect whose personal data you process is the owner. You are, in that case, a data administrator. You decide whose and what kind of data personal data you want to process.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Moreover, you\u2019re responsible for following the storage limitation principle that was introduced by GDPR. It means that you cannot process the data longer than is necessary for the purpose of processing it.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Additionally, what comes from that is that you need to respect the personal data owner&#8217;s wish to be deleted from your prospect list if they ask for it and not contact them again. You will face penalties if you abuse the storage limitation principle or any other GDPR principle.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Woodpecker, on the other hand, becomes a data administrator when it processes your personal data as a user of the app or a<\/span><a href=\"https:\/\/woodpecker.co\/blog\/cold-email-vs-newsletter\/\"> <span style=\"font-weight: 400;\">newsletter subscriber<\/span><\/a><span style=\"font-weight: 400;\">. It should treat your data with appropriate care and comply with with all the provisions of GDPR.<\/span><\/p>\n<h3><strong>Q16: How can I compile a base of contacts in a legal way?<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">GDPR says that you should have a strong reason to contact your prospects. Make sure both sides are likely to benefit from such a potential business relationship and that the offer you put in your cold email should be logically connected with their business area.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Also, you should obtain any personal data for your prospects\u2019 lists in a legal and transparent way, and be ready to explain how the data was collected and why you decided to process personal data of specific EU citizens.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It matters that GDPR introduces a new principle of data storage limitation, which does not allow you to process personal data for longer than necessary. The exact amount of time is not specified in the document. We recommend removing the data of non-responsive cold email addresses 30 days from your first contact.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the case of opt-in lists, you can process the data in clearly specified ways the data owner has agreed to, for as long as they granted you their consent, or until they express their wish to withdraw it.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Any kind of data you ask for should be justified by the purpose for which you want to process it. Don\u2019t ask for a phone number if you want to send someone an ebook. And if you do want to collect their phone number, tell them straight that you may want to call them.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Again, it&#8217;s all about transparency.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Give your cold email recipients as well as your opt-in list subscribers a clear way to opt-out from further correspondence if that&#8217;s what they want, and instructions on how to change their personal data, or completely remove it from your list. The \u2018unsubscribe\u2019 link mechanism is a popular one, but it\u2019s not the only one you can use for that.<\/span><\/p>\n<p>If you wish to know more about GDPR, read\u00a0this blog post:<\/p>\n<h4><a href=\"https:\/\/woodpecker.co\/blog\/cold-email\/general-data-protection-regulation\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Practical Guide for Email Senders &gt;&gt;<\/a><\/h4>\n<p>And if you prepare for GDPR, download our <strong><a class=\"gdpr-popupclick\" href=\"https:\/\/woodpecker.co\/bonuses\/gdpr-checklist\/\" target=\"_blank\" rel=\"noopener\">GDPR Compliance Checklist\u00a0&gt;&gt;<\/a> <\/strong>that will help you do it.<\/p>\n<h2>FAQ Section<\/h2>\n<h3><strong>1. How does the General Data Protection Regulation (GDPR) impact the processing of personal data in email marketing campaigns?<\/strong><\/h3>\n<p>The General Data Protection Regulation (GDPR) significantly impacts the processing of personal data in email marketing campaigns by imposing strict rules on how businesses collect, use, and protect personal data. Under GDPR, companies must obtain explicit consent from data subjects (i.e., the individuals whose data is being processed) before using their personal data for marketing purposes. This means that for email marketing, customers must actively opt-in to receive communications, and the process for obtaining this consent must be clear and unambiguous. Additionally, GDPR mandates that individuals have the right to opt-out at any time and that their personal data must be securely protected to prevent data breaches.<\/p>\n<h3><strong>2. What measures must companies take to protect personal data and comply with GDPR during data collection for marketing purposes?<\/strong><\/h3>\n<p>To protect personal data and comply with GDPR during data collection for marketing purposes, companies must:<\/p>\n<ul>\n<li>Ensure that consent forms are clear, concise, and separate from other terms and conditions, allowing data subjects to give informed consent.<\/li>\n<li>Implement a double opt-in process, where after initially opting in, the customer receives an email to confirm their subscription, providing an additional layer of consent verification.<\/li>\n<li>Securely store customer data to prevent unauthorized access and data breaches, employing encryption and other security measures as necessary.<\/li>\n<li>Maintain records of consent and provide easy options for individuals to withdraw consent (opt-out) at any time.<\/li>\n<li>Only collect data that is directly relevant and necessary for the intended marketing purposes, respecting the principle of data minimization.<\/li>\n<\/ul>\n<h3><strong>3. How does GDPR define sensitive personal data, and what implications does this have for email marketers targeting existing customers?<\/strong><\/h3>\n<p>Under GDPR, sensitive personal data includes information related to racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health information, and a person\u2019s sex life or sexual orientation. The regulation imposes stricter conditions for processing this type of data, requiring explicit consent and a clear justification for its use. For email marketers targeting existing customers, this means that if any campaign involves collecting or using sensitive personal data, they must obtain explicit consent from the customers for that specific purpose. Marketers must also ensure that they have robust data protection measures in place to handle such sensitive information securely.<\/p>\n<h3><strong>4. In the context of GDPR, what is the significance of obtaining explicit consent for processing customers&#8217; personal data for marketing purposes?<\/strong><\/h3>\n<p>Obtaining explicit consent under GDPR is significant because it ensures that customers are fully informed and have actively agreed to their personal data being used for marketing purposes. This level of consent requires a clear affirmative action, such as ticking a box or clicking a button, that indicates the customer&#8217;s agreement to receive marketing communications. The significance lies in the empowerment of customers, giving them control over their personal data and ensuring that businesses respect their privacy and data protection rights. For businesses, obtaining explicit consent helps build trust with customers, enhances brand reputation, and ensures compliance with GDPR, thereby avoiding potential legal penalties and damage to reputation.<\/p>\n<h3><strong>5. What are the benefits and challenges of implementing a double opt-in process for email marketing under GDPR?<\/strong><\/h3>\n<p>The benefits of implementing a double opt-in process for email marketing under GDPR include increased data quality, as only genuinely interested individuals confirm their subscription, leading to a more engaged audience. It also provides clear evidence of consent, which is crucial for GDPR compliance. However, challenges include the potential for lower initial sign-up rates, as some users may not complete the confirmation step. Additionally, businesses must ensure that the double opt-in process itself complies with GDPR requirements, such as providing clear information about the use of personal data and the right to withdraw consent. Despite these challenges, the double opt-in process strengthens trust and transparency between businesses and their customers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lately, we&#8217;re getting lots of questions about GDPR (General Data Protection Regulation).\u00a0This seems like a topic that still needs some clarification. That&#8217;s why here we&#8217;ve\u00a0put together a GDPR FAQ\u00a0&#8211; a list of frequently asked questions about the regulation along with our answers. Hope you&#8217;ll find here some useful clues and practical tips about processing data and managing your email campaigns according to the GDPR principles.<\/p>\n","protected":false},"author":17,"featured_media":10388,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GDPR for Cold Sales Email Senders - Frequently Asked Questions<\/title>\n<meta name=\"description\" content=\"GDPR FAQ - Frequently Asked Questions. Read some questions we get about General Data Protection Regulation with answers. Check how GDPR affects emailing.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR for Cold Sales Email Senders - Frequently Asked Questions\" \/>\n<meta property=\"og:description\" content=\"GDPR FAQ - Frequently Asked Questions. Read some questions we get about General Data Protection Regulation with answers. Check how GDPR affects emailing.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/\" \/>\n<meta property=\"og:site_name\" content=\"Woodpecker Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/business.facebook.com\/woodpeckerapp\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-14T07:00:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-21T09:24:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2020\/12\/GDPR_for_Cold_Sales_Email_Senders_-_FAQ1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"650\" \/>\n\t<meta property=\"og:image:height\" content=\"391\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Margaret Sikora\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@woodpeckerapp\" \/>\n<meta name=\"twitter:site\" content=\"@woodpeckerapp\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/\"},\"author\":{\"name\":\"Margaret Sikora\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f\"},\"headline\":\"GDPR for Cold Sales Email Senders &#8211; FAQ\",\"datePublished\":\"2020-07-14T07:00:19+00:00\",\"dateModified\":\"2025-01-21T09:24:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/\"},\"wordCount\":3451,\"commentCount\":6,\"publisher\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#organization\"},\"articleSection\":[\"Cold email basics\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/\",\"url\":\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/\",\"name\":\"GDPR for Cold Sales Email Senders - Frequently Asked Questions\",\"isPartOf\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#website\"},\"datePublished\":\"2020-07-14T07:00:19+00:00\",\"dateModified\":\"2025-01-21T09:24:28+00:00\",\"description\":\"GDPR FAQ - Frequently Asked Questions. Read some questions we get about General Data Protection Regulation with answers. Check how GDPR affects emailing.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/woodpecker.co\/blog\/gdpr-faq\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#website\",\"url\":\"https:\/\/woodpecker.co\/blog\/\",\"name\":\"Woodpecker Blog\",\"description\":\"Woodpecker Blog - Pro Tips on Cold Emails, Follow-ups, Sales &amp; Growth\",\"publisher\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/woodpecker.co\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#organization\",\"name\":\"Woodpecker.co\",\"url\":\"https:\/\/woodpecker.co\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg\",\"contentUrl\":\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg\",\"width\":1240,\"height\":874,\"caption\":\"Woodpecker.co\"},\"image\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/business.facebook.com\/woodpeckerapp\",\"https:\/\/twitter.com\/woodpeckerapp\",\"https:\/\/www.instagram.com\/woodpeckerapp\/\",\"https:\/\/www.linkedin.com\/company\/woodpecker-co\/\",\"https:\/\/www.youtube.com\/channel\/UCNN9wM55yaNI-KEZCfh66_A\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f\",\"name\":\"Margaret Sikora\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g\",\"caption\":\"Margaret Sikora\"},\"description\":\"Product Manager and DPO at Woodpecker. A lawyer who gets the SaaS business, understands customers' needs, and speaks the language of IT guys.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/margaretsikora\/\",\"https:\/\/www.instagram.com\/margaret.sikora.official\"],\"url\":\"https:\/\/woodpecker.co\/blog\/author\/gosia-sikora\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR for Cold Sales Email Senders - Frequently Asked Questions","description":"GDPR FAQ - Frequently Asked Questions. Read some questions we get about General Data Protection Regulation with answers. Check how GDPR affects emailing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/","og_locale":"en_US","og_type":"article","og_title":"GDPR for Cold Sales Email Senders - Frequently Asked Questions","og_description":"GDPR FAQ - Frequently Asked Questions. Read some questions we get about General Data Protection Regulation with answers. Check how GDPR affects emailing.","og_url":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/","og_site_name":"Woodpecker Blog","article_publisher":"https:\/\/business.facebook.com\/woodpeckerapp","article_published_time":"2020-07-14T07:00:19+00:00","article_modified_time":"2025-01-21T09:24:28+00:00","og_image":[{"width":650,"height":391,"url":"https:\/\/woodpecker.co\/blog\/app\/uploads\/2020\/12\/GDPR_for_Cold_Sales_Email_Senders_-_FAQ1.png","type":"image\/png"}],"author":"Margaret Sikora","twitter_card":"summary_large_image","twitter_creator":"@woodpeckerapp","twitter_site":"@woodpeckerapp","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/#article","isPartOf":{"@id":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/"},"author":{"name":"Margaret Sikora","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f"},"headline":"GDPR for Cold Sales Email Senders &#8211; FAQ","datePublished":"2020-07-14T07:00:19+00:00","dateModified":"2025-01-21T09:24:28+00:00","mainEntityOfPage":{"@id":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/"},"wordCount":3451,"commentCount":6,"publisher":{"@id":"https:\/\/woodpecker.co\/blog\/#organization"},"articleSection":["Cold email basics"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/woodpecker.co\/blog\/gdpr-faq\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/","url":"https:\/\/woodpecker.co\/blog\/gdpr-faq\/","name":"GDPR for Cold Sales Email Senders - Frequently Asked Questions","isPartOf":{"@id":"https:\/\/woodpecker.co\/blog\/#website"},"datePublished":"2020-07-14T07:00:19+00:00","dateModified":"2025-01-21T09:24:28+00:00","description":"GDPR FAQ - Frequently Asked Questions. Read some questions we get about General Data Protection Regulation with answers. Check how GDPR affects emailing.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/woodpecker.co\/blog\/gdpr-faq\/"]}]},{"@type":"WebSite","@id":"https:\/\/woodpecker.co\/blog\/#website","url":"https:\/\/woodpecker.co\/blog\/","name":"Woodpecker Blog","description":"Woodpecker Blog - Pro Tips on Cold Emails, Follow-ups, Sales &amp; Growth","publisher":{"@id":"https:\/\/woodpecker.co\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/woodpecker.co\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/woodpecker.co\/blog\/#organization","name":"Woodpecker.co","url":"https:\/\/woodpecker.co\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg","contentUrl":"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg","width":1240,"height":874,"caption":"Woodpecker.co"},"image":{"@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/business.facebook.com\/woodpeckerapp","https:\/\/twitter.com\/woodpeckerapp","https:\/\/www.instagram.com\/woodpeckerapp\/","https:\/\/www.linkedin.com\/company\/woodpecker-co\/","https:\/\/www.youtube.com\/channel\/UCNN9wM55yaNI-KEZCfh66_A"]},{"@type":"Person","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f","name":"Margaret Sikora","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g","caption":"Margaret Sikora"},"description":"Product Manager and DPO at Woodpecker. A lawyer who gets the SaaS business, understands customers' needs, and speaks the language of IT guys.","sameAs":["https:\/\/www.linkedin.com\/in\/margaretsikora\/","https:\/\/www.instagram.com\/margaret.sikora.official"],"url":"https:\/\/woodpecker.co\/blog\/author\/gosia-sikora\/"}]}},"_links":{"self":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts\/4613"}],"collection":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/comments?post=4613"}],"version-history":[{"count":22,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts\/4613\/revisions"}],"predecessor-version":[{"id":29966,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts\/4613\/revisions\/29966"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/media\/10388"}],"wp:attachment":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/media?parent=4613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/categories?post=4613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/tags?post=4613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}