How GDPR Affects LinkedIn Marketing Campaigns

Posted by Pat Henseler in LinkedIn Marketing Insights, Warm Email Marketing Insights

First a quick disclaimer: the content in this article does not constitute legal advice and you should always refer to your own legal representation. We are not lawyers (though we have watched our fair share of Law & Order ;-)). The information contained in this article is representative of our research and our experience within our company.


What is the GDPR?


You might’ve read a bit about it or seen reference to it in passing.

But in short GDPR (General Data Protection Act) is being introduced by the European Union to regulate how personal data can be processed. It’s intended to protect the data of the people who live in the EU.

The law officially goes into effect on May 25, 2018.

While this is an EU law, that doesn’t mean American businesses are immune.

If you work with EU clients or target prospects that live in the EU, you are also required to follow the law.

To make it short and simple – GDPR shouldn’t affect the outreach and messaging campaigns at the core of what we teach, as long as you stay on LinkedIn.

On the other hand, if you are running LinkedIn ads campaigns, your opt-in funnels and emails may be affected and you should check with your email provider to make sure you’re in compliance. However,the purpose of this article is on GDPR and its effects on messaging campaigns delivered to your connections on LinkedIn specifically.


GDPR & LinkedIn

The law breaks down 3 segments of entities that the law applies to:

  1. The Data Controller – this is who the individual is giving their data to.
  2. The Data Processor – this is who allows the data to be seen or where the data is housed. Think of this as the CRM because they also have access to any data you upload into that system.
  3. The Data Subject – this is the individual. Likely a customer or prospect of yours.


There are some different rules that apply to each of these 3 segments and how they interact, but let’s very simply break down who is in each role as it applies to a LinkedIn marketing campaign.

If you are using our process, then it’s a simple breakdown.

Data Controller – LinkedIn.

The individual isn’t personally handing over their information to you. They provide that to LinkedIn directly.

If a member takes data off LinkedIn or shares data with a third party, that member then becomes the data controller and would become responsible for complying with the laws.

Data Processor – LinkedIn (again).

Since their platform allows for the communication and networking between individuals, LinkedIn is also the processor.

Think of the role of Data Processor as the lens through which you see the data.

And with regards to LinkedIn and your work on the platform, they are the ones who make it possible to find prospects and reach out to them as a basis for all their customers.

The Data Subject – Any LinkedIn user (you and your prospects).

If you are building a database of connections on LinkedIn and putting them into a messaging campaign, the responsibility of the controller and processor in this case is on LinkedIn.

If however, you were to export the information of your connections and create a custom audience in Facebook Ads Manager or enter your connections into an email campaign, things would change.

Once you take a prospect off of LinkedIn and approach them through other avenues, you have used your other platforms to process the data and are now the controller.

To simplify things let’s use the example of going to the doctor.

Let’s say you recently injured your knee playing basketball and decided to go see the doctor.

The doctor says he’d like to take an MRI to see if there is any structural damage to your knee.
In this analogy, the images of your knee is the data being processed. Making YOU the data subject.

The doctor is the Data Controller. They are going to be interpreting and interacting with the data to give you their diagnosis.

The MRI machine is the Data Processor. It’s what is allowing the doctor to use the data. It’s processing the images and information to help the doctor make their diagnosis.

What is your responsibility if you take the relationship off of LinkedIn?

There are a number of principles you’ll want to follow to remain in accordance with the law. Those are lawfulness, fairness, transparency, adequacy, relevance, limitedness, accuracy, storage limitation, integrity, and confidentiality.

I’m going to go through the ones that correspond to LinkedIn being the primary starting place for your relationship with your client or prospect.


If you plan to move the conversation with your prospect off of LinkedIn, one of the basis for doing that would be relevance.

Is there a legitimate reason the individual would have interest in the reason for your communication?

Let’s say you’ve connected with a prospect on LinkedIn.

As you and your prospect both have a legitimate interest in LinkedIn and your network, it stands to reason that approaching this individual with an email follow-up based on that interest and relationship would make sense.

This can apply to other types of marketing where if a prospect signs up for your webinar about the Top 10 SEO tactics for Marketing a law firm, it stands to reason they have a legitimate interest in marketing strategies for law firms.

So if you have a corresponding offer that provides that, it stands to reason they’d have some interest, and as long you follow the rest of the principles mentioned above, you’ll stay in accordance with the law.


Now, while LinkedIn is the Data Processor and Controller as it applies to your connections on LinkedIn, as the sender, you’ll also want to follow some best practices and common-sense rules in your messaging campaigns on the platform.

Do not send promotional messages or call requests to recipients who have already ‘declined’ a prior request on LinkedIn or otherwise indicated they don’t wish to receive any messages from you on LinkedIn or elsewhere.

If you are sending an off-LinkedIn message to your connections, you’ll need to inform a person that their data is being processed as part of the GDPR. That doesn't mean you need to say just the phrase ‘Your data is being processed' that has an odd sound to it. An easy solution is adding a disclaimer to the bottom of your message.

Here’s some guidelines you'll want to keep in mind if you are emailing a prospect that you initially connected with on LinkedIn.

  1. A statement letting them know that you processed their data;
  2. A short explanation of why you have processed it;
  3. Clear direction on how they can change the data you process or remove their data from your list. (this doesn't need to be an ‘unsubscribe' link, but should give a clear option to remove themselves)..

Here’s an example of a disclaimer you can add to the bottom of your email (it’s not the only way to accomplish this, you can add your spin to it and still achieve what's needed):

“I chose to contact you because of our relationship on LinkedIn. I’m using your name and email address only because I wanted to send you this message and continue our relationship beyond LinkedIn. If you want me to change the information I used to contact you, or remove yourself from any emails, please just hit reply and let me know.”

3 Takeaways from GDPR & LinkedIn


  1. Follow appropriate guidelines if you are moving your connections data off of LinkedIn. 
    Remember that you are both LinkedIn members and connections on the platform. Part of that legitimate interest of networking is why you BOTH joined LinkedIn in the first place.

  3. Respect the requests of your connections.

    Overall, If you respect your client, prospect, and subscriber data AND their requests regarding how their information is processed (this is key), you should be in the clear. Don't be shady. Just stick to the rules and you shouldn't run into trouble.

  5. Your day-to-day work on LinkedIn and messaging campaigns to your connections isn’t in any danger. 
    You will want to build more connections by creating an optimized profile so that more of your IDEAL prospects will connect with you in the first place. 
    As stated above you’ll need to respect your connections’ requests if they ask you not to message or email them. 
    Don’t let your connections just sit there. Move the relationship beyond just a connection. Engage with them in your LinkedIn group, share some valuable content, or start a nurture messaging sequence to get them on the phone or to an appointment.

To learn a step-by-step process to build a database of your high-ticket prospects and move them into real-world appointments and phone calls, register for an upcoming workshop below.