The GDPR and cold-calling
Thread poster: trujimanete

trujimanete
Spain
May 31

Dear all,
As freelance translators, do you think we will be able to do the following under the new GDPR?:
a) Cold email prospective clients
b) Following up on prospective clients you cold emailed before and didn't consent.
c) Following up on those who did consent but did so before the GDPR came into force.
d) Cold calling prospective clients [by phone]
e) Do any of the above to prospective clients outside the EU even though it is illegal according to the GDPR.
f) Can you think of any other restrictions?
Many thanks in advance!


 

EvaVer  Identity Verified
Local time: 12:15
Member (2012)
Czech to English
+ ...
I haven't done any of these for 25+ years, but... Jun 1

GDPR protects individuals, clients/prospective clients tend to be corporations. I don't think it applies to them.

 

Samuel Murray  Identity Verified
Netherlands
Local time: 12:15
Member (2006)
English to Afrikaans
+ ...
All here, replying Jun 1

trujimanete wrote:
a) Cold email prospective clients
d) Cold calling prospective clients [by phone]


Sending the actual e-mail would not be a problem. But before you send the e-mail, you have to research the client, and I'm not sure at what point does it become a legal requirement to inform the potential client that you are "processing" (EU-speek for "having") his data.

b) Following up on prospective clients you cold emailed before and didn't consent.


GDPR does not require consent from the data subject if the data processor has a legal basis for processing the data. In my country of residence, I'm required to keep copies of all correspondence for 7 years, so I can keep clients' details of correspondence without their consent.

I'm not sure if you are required to inform the data subject that you're processing their data, if there is a legal basis for processing it.

c) Following up on those who did consent but did so before the GDPR came into force.


GDPR applies to all current "processing" of personal data, but if you added personal data to your administration in the past and you now retain that information, then that is "current" processing.

e) Do any of the above to prospective clients outside the EU even though it is illegal according to the GDPR.


You are required to comply with GDPR if you are an EU resident. It doesn't matter where the client is located.

EvaVer wrote:
GDPR protects individuals. Clients/prospective clients tend to be corporations. I don't think it applies to them.


That is how I also understand it. The GDPR does not apply to the legal entity of your client, but it does apply to the personal information of the people who work at your client (e.g. PMs), and usually we encounter personal information of specifically identifiable people during our correspondence with "the client" even if the client is a business.


[Edited at 2018-06-01 08:53 GMT]


 

Christine Andersen  Identity Verified
Denmark
Local time: 12:15
Member (2003)
Danish to English
+ ...
If you have obtained the information from a public source, you can use it. Jun 1

GDPR mainly protects private individuals.
Basically, it is intended to protect them and their private data from being used for purposes they do not know about and have not given their consent to. (Unwanted direct marketing and worse…)

If you have found potential clients' phone numbers or contact details, e.g. on this site or on their own websites, you can assume they have deliberately posted them for business purposes.

By doing so they have given consent for you to call or contact them.

a) Cold email prospective clients
b) Following up on prospective clients you cold emailed before and didn't consent.
c) Following up on those who did consent but did so before the GDPR came into force.
d) Cold calling prospective clients [by phone]


If the mail addresses and phone numbers are openly accessible, then you can do any of these.
I personally would not spend time on those who did not consent, but that is another matter. I would be very careful about cold calling by phone, not because it is illegal, but because it is not IMHO a very productive way of persuading clients to work with you.

e) Do any of the above to prospective clients outside the EU even though it is illegal according to the GDPR.


Technically, GDPR does not apply to prospective clients outside the EU, but if you respect people's privacy, you would not want to do anything that is illegal under the GDPR.

The apparent problem arises because freelancers are also private individuals, and may use the same phone number and e-mail address both privately and for business.

If someone has given their mail address on a list for business purposes, then that is consent under the GDPR, and you can assume that recent consent still applies.

Only use it for real business purposes, and respect the individual's privacy. Send individual mails, or conceal the addresses in group mails.
I got very annoyed with a colleague some years back, because he sent jokes several times a week to a whole list of his colleagues and acquaintances, without concealing their addresses. Under GPDR something like that might be illegal. It was definitely spam.


 

Kay Denney  Identity Verified
France
Local time: 12:15
Member (Apr 2018)
French to English
Thank you Christine Jun 1

for your most informative post. I was vaguely wondering whether anything applied to me, and you've reassured me.

 

Samuel Murray  Identity Verified
Netherlands
Local time: 12:15
Member (2006)
English to Afrikaans
+ ...
@Christine Jun 1

Christine Andersen wrote:
If you have found potential clients' phone numbers or contact details, e.g. on this site or on their own websites, you can assume they have deliberately posted them for business purposes.


This is how I also reasoned for quite a long time. However, most EU spam laws (and this predates GDPR) say otherwise.

EU spam laws from the past decade say that the fact that a business or private person reveals their e-mail address to you does not constitute consent or an invitation for be contacted via e-mail for business purposes. Unless the person/business specifically says "you may contact me" or the e-mail address is provided specifically in the context of inviting contact (e.g. on a "Contact us" page, as opposed to simply the footer of each page), or unless you have actual consent otherwise, then it's illegal for you to contact them at that e-mail address for commercial purposes. The spam laws do not apply to telephone calling, only to e-mail. In fact, without specific consent, it's illegal to ask via e-mail for permission to send further e-mails (but it's legal to call them).

This may sound silly (and IMO it is), but even a business card does not qualify as "consent". Nor does the mere fact that you're listed in a business directory such as ProZ.com. The business card is simply an easy-to-access record of the person's contact details, and is not an invitation by itself. If a person hands you a business card and the card does not say "contact me" or the person does not say out loud "contact me" or if the card isn't given to you directly after you asked "how can I contact you", then you can't assume that their act of handing you their business card is consent to be contacted. Fortunately, the way our contact details are presented on our profile pages at ProZ.com does make it clear to visitors that we want to be contacted at those contact details.

By doing so they have given consent for you to call or contact them.


No, it is my understanding that the GDPR says exactly the opposite.

Consent is only truly consent if it is literal and deliberate. I'm not saying you can't call them (you don't always need consent for calling someone), I'm just saying that the fact that they reveal their contact details (even in the context of business) is not "consent" unless their contact details are accompanied by text that literally gives consent.

If the mail addresses and phone numbers are openly accessible, then you can do any of these.


No, I don't think this is true. Firstly, the contact details may not have been made accessible by the people themselves. Secondly, even if they had made the contact details accessible themselves, it would not have been for the purpose of begin contacted by random passer-bys.

Note that my comment relates to consent only. The GDPR does allow you to contact people without their consent in some cases, so consent is not always necessary. But in cases where consent is necessary, you can't say that you have consent simply because e.g. the contact details were openly accessible or because the people have made it openly accessible themselves.

I would be very careful about cold calling by phone, not because it is illegal...


I suspect laws (even within the EU) differ on this, but AFAIK it is not illegal in my own country of residence to cold call anyone (business or private), unless they have asked not to be called (and in my own country of residence there are actual official do-not-call registers that all businesses are legally required to obey).

Technically, GDPR does not apply to prospective clients outside the EU...


No, it is my understanding that:
* if you are an EU resident or a business in the EU, then you must comply with the GDPR with regard to all personal information worldwide.
* if you are a non-EU resident or business outside the EU (i.e. that does not operate within the EU), then you are not required to comply with the GDPR at all, even with regard to EU residents. However, if by law your "place of business" is considered "in the EU", then you have to comply with the GDPR (with regard to both EU and non-EU residents).

However, this is all new to me too, so I look forward to other opinions.

[Edited at 2018-06-01 09:49 GMT]


 

Christine Andersen  Identity Verified
Denmark
Local time: 12:15
Member (2003)
Danish to English
+ ...
Wow, I stand corrected! Jun 1

I know may businesses regard cold calling as a pain, and it is not terribly productive as a sales method.
I wish it was illegal, but I know it is not. (I don't know how many times a year I am called by people offering to save me money on phone bills, printer cartridges, electricity bills and goodness knows what… and I NEVER accept their offers.)

Cold calling to private individuals is illegal in Denmark, except for a very limited and specific range of products and services.

I honestly think the GDPR will have to be clarified or revised, so that everyone knows what constitutes consent and what does not. It is NOT intended to hinder serious business, but of course your serious business may appear as spam or a nuisance to someone you consider a potential client, if they are not interested.

Does consent to contact from prospective customers include consent for would-be collaborators and suppliers to make contact, basically to sell a product or service?

The safest policy is to make yourself visible and let clients contact you when they need your services.


I also think it will be necessary to get over the hysteria about contact for one's own, primary legitimate purpose, as opposed to processing and passing on information for purposes that the data subjects have not consented to.

E.g. I am a translator, you are a translation agency, can you use my services? (Which may not be very likely to generate work, but which has to be legal somehow.)

This is very different from passing on portfolios of clients, former clients and their interests, so that others can call, mail or try to sell them a whole lot of stuff that has nothing to do with translation.

At the moment the assumption seems to be that everything is probably illegal, except where it is mandatory, or else it involves circulating an enormous amount of paperwork and wasting everybody's time.


[Edited at 2018-06-01 11:19 GMT]


 

Georgie Scott  Identity Verified
France
Local time: 12:15
Member (2009)
French to English
+ ...
Location of your business Jun 1

Samuel Murray wrote:


Technically, GDPR does not apply to prospective clients outside the EU...


No, it is my understanding that:
* if you are a non-EU resident or business outside the EU (i.e. that does not operate within the EU), then you are not required to comply with the GDPR at all, even with regard to EU residents. However, if by law your "place of business" is considered "in the EU", then you have to comply with the GDPR (with regard to both EU and non-EU residents).

However, this is all new to me too, so I look forward to other opinions.

[Edited at 2018-06-01 09:49 GMT]


"Increased Territorial Scope (extra-territorial applicability)
Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to data process 'in context of an establishment'. This topic has arisen in a number of high profile court cases. GDPR makes its applicability very clear - it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU."

https://www.eugdpr.org/key-changes.html


 

EvaVer  Identity Verified
Local time: 12:15
Member (2012)
Czech to English
+ ...
What if... Jun 1

Samuel Murray wrote:

The GDPR does not apply to the legal entity of your client, but it does apply to the personal information of the people who work at your client (e.g. PMs), and usually we encounter personal information of specifically identifiable people during our correspondence with "the client" even if the client is a business.


[Edited at 2018-06-01 08:53 GMT]

Therefore, I would say: when the address you are writing to is John.Doe@companyname.com, you may have a problem: if it's purchasing@companyname.com, it should be OK. What do you think?


 

trujimanete
Spain
TOPIC STARTER
Thanks! Jun 4

Thanks for your comments, Eva, Samuel, Christine and Georgie!

 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

The GDPR and cold-calling

Advanced search







Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »
PerfectIt consistency checker
Faster Checking, Greater Accuracy

PerfectIt helps deliver error-free documents. It improves consistency, ensures quality and helps to enforce style guides. It’s a powerful tool for pro users, and comes with the assurance of a 30-day money back guarantee.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search