The Sellead GDPR Playbook


**Note that while all the following features live in Sellead, your own legal counsel will give you the best compliance advice for your specific situation. As much as we’d love to help answer legal questions, we’ll stick to what we know best: Inbound strategy and the Sellead platform. In addition, while the features help to enable compliance, there’s no one-size-fits all solution. Every circumstance is different. Ultimately, it’s up to you and your team to determine what compliance looks like to your business.

The GDPR deadline is fast approaching, and Sellead is ready.

We’ve built new features to make it easier for you and your team to comply. This page reviews what you’ll need in order to set up the new features. The functionality detailed in this playbook is live to all Sellead customers.

Here’s a summary of the improvements:

1. Cookies

Under the GDPR, visitors need to be given notice that you’re using cookies on your website (in a language that they can understand) and need to consent to being tracked by cookies.

Consider updating your cookie settings.

2. Lawful basis

Under the GDPR, you need to have a legal reason (called a lawful basis in the regulation) to use someone’s data. In Sellead, we’ve broken down lawful basis into two broad categories: lawful basis both to process (e.g. store data in your CRM or provide an ebook they requested) and to communicate (e.g. send a marketing email or have a sales rep call).

  • We’ve added a default contact property to store lawful basis to process.

Consider updating this property for your contacts.

  • We’ve overhauled our subscription setup to make “lawful basis to communicate” easy to track too (including consent). You can now track opt-ins in Sellead (rather than just “opt outs”). We’ve added these subscriptions to the contact record (so they’re easy to track/audit). And we’ve made them accessible via forms.

You may need lawful basis to communicate with your contacts. If you don’t have it, consider creating subscription types, updating your existing database with those subscription types (with a permission pass campaign or another method), and setting up your forms to establish lawful basis moving forward.

3. Deletion

Under the GDPR, your contacts can request that you give them a copy of all the personal data you have about them, or delete/modify it.

  • In Sellead, we’ve added a new “delete” function that permanently deletes a contact (rather than storing their information, in case they ever re-convert).

If you’re thinking about GDPR compliance, consider setting up processes for complying with deletion requests (and also, modification/access requests; read on for more information about those).

Now, onto the details.

Read on if you need the nitty gritty technical nuances.

  1. Whether you’re B2B or B2C, big or small, you’ve probably heard about the new regulation in the European Union (EU), the General Data Protection Regulation (GDPR). It’s a new law aimed at enhancing the protection of EU citizens’ personal data by requiring organizations to deal with that data in transparent and secure ways. The GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens, regardless of their location.

    At Sellead, our top priority over the last few months has been to help you, our partners and customers, understand what the GDPR means for your businesses and build compliant processes of your own.

    With that in mind, we’ve made several improvements to the Sellead platform aimed at helping  you comply with the GDPR. We say “helping” because no software platform can enable compliance with GDPR. Your business will have its own unique approach and details; to ensure your compliance with GDPR, you should work with your own data privacy expert, advisor or lawyer.

    In this playbook, we’ll walk through how one of your contacts might interact with your company, through the lens of the new GDPR features.

    Here’s the setup:

    Let’s say that Ana is a contact of yours and lives in Germany. She’s called the “data subject,” and your company (let’s call it Acme Corp.) is called the “controller” of her data. If you’re a Sellead customer, then Sellead acts as the “processor” of Ana’s data on behalf of Acme.

    Here’s how Ana might interact with your business;

    1. Ana comes to Acme’s website for the first time
    2. Ana fills out a form (or gets created in Acme’s database manually / via API)
    3. Acme sends Ana an email
    4. Ana requests to see, modify, or delete the information Acme has about her

    Now, we’ll show you how to handle each step of her journey in the Sellead software, with the GDPR in mind.