What is GDPR? How to navigate sales safely in the GDPR era with Surfe

GDPR era banner
Back to main blog
Veronika Belova
by Veronika Belova

2 Min. Read

Have you been contacting prospects illegally? We’re here to help you figure out how to sell safely when it comes to the EU’s privacy protection rules.

GDPR stands for General Data Protection Regulation. It’s a law related to data protection and privacy in the European Union and the European Economic Area that took effect in 2018. Basically, GDPR aims to create best practices when it comes to handling data and data compliance in order to protect individuals.

This law affects all sales teams, so it’s important that you adapt your sales techniques with GDPR to avoid being blocked from useful prospecting sites such as LinkedIn — or worse — getting fined or sanctioned. Don’t be one of the 57% of sales and marketing reps not fully aware of the GDPR rules and repercussions, which can lead to serious trouble!

This article will run through some of the basics when it comes to GDPR (sometimes, these rules can be hard to understand especially with all the law jargons), and how you may need to readjust your selling techniques to ensure you fall in line with the regulations to avoid issues.

GDPR: The background and key info to know

GDPR isn’t necessarily simple. But we’ve summarized it so that the main points are a little easier to understand. Mainly, there are seven GDPR rules that need to be followed:

  1. Lawfulness, fairness, and transparency. 90% of GDPR is related to the responsibility of informing users as to how their data is stored and processed. This is manifested through a privacy policy that must be provided to users. An example is when you see “Terms & Conditions.” Full transparency is really important here.
  2. Purpose limitation. This means it must be clear why you are collecting/processing personal data and your intention behind doing so.
  3. Data minimization. Collected data must be limited to whatever is necessary for the specific purpose you’re using it.
  4. Accuracy. Every effort should be made to ensure that data stays up to date and accurate.
  5. Storage limitation. If requested, you must disclose and/or erase all data records of individuals.
  6. Integrity and confidentiality. This is related to the security of data. If there’s a data breach, it must be reported to the appropriate authorities within 72 hours of becoming aware of it.
  7. Accountability. You should be ready and prepared to demonstrate your compliance with GDPR and justify all of your data protection measures.

But why is GDPR important in sales?

GDPR affects many fields, and sales is one of them. If salespeople don’t follow GDPR best practices, they (and their company) are breaking the law.

If you don’t follow these practices when social selling or prospecting on LinkedIn, your messages could end up classified as spam or your account could be flagged for robotic behavior. This defeats the purpose of selling, because your messages will never be seen by your prospects, so try to avoid taking any risks. Plus, by adhering to proper GDPR policies, prospects and clients won’t feel like their data is being spammed or that you’re being too intrusive. It’s important to note that LinkedIn has updated its privacy policy to fully comply with the EU’s GDPR laws and will block and ban users that don’t comply.

Use automation in moderation

Automation tools are a popular solution for those wanting to prospect further and faster. The problem is, they’re just that: fast fixes. You could be banned from LinkedIn for using these automated sales software tools, or worse – your company could be blacklisted. All of this leads to losing prospects, which should be treated carefully and respectfully, not in mass automation form.


There are some manual processes that can be automated. But when it comes to conversation with high-profile clients, they can often easily detect when they’re talking to robot sequences.


The takeaway? Use mass automation sales tools in moderation. Make sure that when you do use them, you aren’t violating GDPR policies, which could get your company (and yourself) in serious trouble. To be safe, make sure you provide an easily accessible opt-out option that gives your prospects the choice to remove themselves from further communications. This can be as simple as an unsubscribe button.


Whenever you want to deploy a strategy, we highly recommend you try it manually first. Once you have a process that works and you feel comfortable with it, you can automate some of it in ways that don’t violate GDPR.


While automation can be useful, there’s nothing that beats genuine human contact and personalization in sales.

The solution? Comply with GDPR by using Surfe

Here at Surfe, we believe in quality over quantity, especially when it comes to prospects, customers, and clients.


Having 1,000 crummy leads where your messages go into spam and your account is suspended will get you nowhere. Instead, it’s best to have 50 valuable leads that you can carefully finesse into customers or clients. If you do want a more automated approach, doing it in moderation (eg, a maximum of 100 contacts on LinkedIn) is your best bet.


Robotic behavior is easily spotted, and it’s best to visit each prospects’ page and use Surfe to add their data to the CRM in just one-click. Make sure your prospects are filtered and only start nurturing the lead after they opt-in, or reply to your first message.

It’s always best to avoid mass exportation of data. You can add a prospect directly on the LinkedIn message panel after they’ve responded positively. Then, you can sync conversations to ensure they really want to be contacted and that it’s worth spending your time nurturing the relationship. (see our example below).

sync crm

Surfe x HubSpot in action

Ready to dive into Surfe? Book a demo or sign up for your free, 14-day trial today.

Bottom line

GDPR is important and can have major consequences for companies not following the rules. Plus, if you care about your clients, you’ll want to respect their data and privacy, too. Be a company that cares, and consider Surfe as an alternative to mass automation tools.

Surfe is a picture-perfect example when it comes to following the proper GDPR policies. We are fully GDPR compliant and want to help you successfully prospect and sell in all the best ways.

Stay tuned for further coming articles as part of our useful GDPR playbook, which will help you navigating selling without violating GDPR.