How to keep your CRM clean and manage your prospects list in accordance with GDPR

CRM clean banner
Back to main blog
Veronika Belova
by Veronika Belova

2 Min. Read

The 4th article in our GDPR playbook will help you manage your prospects’ data in accordance with GDPR rules and regulations.

Now that you have a list of solid prospects, you’ll need to manage it — without violating users’ privacy.

Understanding and applying GDPR rules and regulations will ensure you keep your contacts and their data in perfect order.

What do you actually do with a prospect’s data once you have it? How do you verify their information is stored accurately and keep it updated without violating GDPR?

Managing your prospects might seem even more complicated than sourcing them, but it doesn’t have to be. Organization is key, as is understanding how to best use your contact list to turn prospects into clients. And GDPR rules play an important part when it comes to data management.

How does GDPR define data controller and data processor?

Article 4 of GDPR refers to some key definitions useful in the understanding of these data privacy regulations. Among them is the explanation of what qualifies as a data controller and a data processor.

In order to best manage your prospects, it’s important to understand the difference between a data controller and a data processor. According to GDPR, a data controller is an entity that determines how and why someone’s data is used. The data processor actually does the processing of that data on behalf of, or for the controller. The data processor is typically a third party (person or company) outside of the controller such as data hosters or email, newsletter, and paybill managers.

Your company is a data controller — now what?

In reference to the aforementioned definitions, you or your company (assuming you’re collecting prospects’ data) is a data controller. The next step is to consider a data processor.

The right data processor is important, as they are the party that will be processing the data you collect. If you don’t use a data processor you trust or rely too heavily on automation, you may end up violating GDPR data processing regulations without even realizing it.

Make sure you, as the controller, contract a data processor you can trust. Once you know your company is GDPR compliant (in both data collection, and contracting a third party for the proper processing), you can breathe a sigh of relief. In the case that your data processor violates GDPR, they will be liable and held accountable.

The solution: Surfe as your data processor

If you’re using Surfe (and if you’re not — click here — we’ll help you test out the service with a 14-day free trial), you likely have all your leads and prospects in your CRM. And that brings us to the next step: How do you actually keep all the data together?

Surfe is a data processor. We specialize in transferring and organizing data from LinkedIn to your CRM, helping to keep prospects’ data secure and easily accessible to all members of your company. The data is organized in a clear and concise manner, meaning you can find whatever you need, whenever you need it, all in your CRM, as well as on LinkedIn. We work diligently to ensure that your data remains secure and protected.

As a data processor, Surfe can save you and your employees hours of tedious additional work weekly, even daily.

In other words, you control, we process: Once you’ve found your chosen contact on LinkedIn, our browser extension allows salespeople to export LinkedIn contacts directly into their CRM, including important information such as their name, company, job title, phone number, and of course, email address. There’s a full, two-way sync of LinkedIn contact info, status, conversations, tasks, notes, activity, and ownership of the lead, ensuring that nothing gets lost along the way.


Managing your prospect lists in compliance with GDPR

Remember, your list of prospects and their data is only relevant and useful if it’s accurate.

According to Salesforce data, 70% of data in your CRM can go stale each year. And maintaining that data can be a lot of work, especially for data controllers. But you should be able to leave that to your data processor. Remember, it’s often quality, not quantity, that matters when contacting prospects and moving them down the sales pipeline. If two-thirds of your data is unusable — what’s the point of having a million contacts?

For example, here at Surfe, we keep up with the data so you don’t have to, ensuring retention and responsiveness from your prospects. Surfe captures changes in real time and notifies you when your prospects change jobs, titles, roles, companies, email addresses, and more. Because you are the data controller, Surfe needs you to click “Update CRM” after you receive the notification to adhere to GDPR guidelines, but your prospect list will stay up-to-date and accurate thanks to Surfe — and you won’t have to do any additional work to keep it that way. New changes are displayed in your dashboard to keep track of everything and provide you with actionable insights for timely outreach.

open profile linkedin

And if you’re wondering how long you can safely keep prospects’ data in accordance with GDPR, don’t worry. The rules don’t specify actual retention periods when it comes to personal data unless your prospect has requested to have their data erased or opted-out of future communications. Assuming you’re using it for the necessary purposes for which it was processed, you can keep the data indefinitely  — and Surfe will ensure it’s updated.

Contacting prospects in accordance with GDPR

Now that we’ve ensured your data is properly organized, managed, and processed, as well as explaining that you should only be emailing prospects with legitimate business purpose and who opt-in (for more on opt-in/opt-out and how this applies to different countries, make sure to read our article here), the next step is contacting your prospects.

We even allow users to save fully compliant GDPR templates directly on LinkedIn for easy access. Stay tuned for our next article, which will explain how to send a GDPR-approved email to your prospects.