July 31st, 2015 | by

The global IT market is exploding with growth – so much so that more companies are expanding their IT sales operations overseas. This is further supported by the fact that nearly half of all organizations are planning to increase IT spending over the next year or so. In fact, Gartner projects global IT spending is expected to grow to over $3.8 Trillion by the end of 2015 a 2.4% ($91.2bn) increase across the globe in just one year – including the European Union market.

Are You Ready to Sell Effectively in the EU?

The kicker is that selling to IT decision makers in the EU is a whole different ball game than here in the United States. Even the most market-savvy U.S.-based sales pros make the mistake of assuming that prospecting in the EU will be business as usual.

Data Privacy is Regulated Very Differently in the EU

Understanding the data privacy laws abroad (and at home) can be a little confusing – especially since the U.S. does not have an overarching federal law that guides data privacy. Sure, some states have more stringent data privacy laws than others (most states have legislation on illegal data gathering, like identity theft) but these regulations are highly fragmented, and with no universal requirements.

Enter The Safe Harbor Framework.

In 2000, the U.S.-EU Safe Harbor Framework was adopted across all 28-member states in the EU. The goal of this set of data privacy legislation was to help solve the data privacy “strictness” gap between the U.S. and the EU.  In basic terms, the framework requires – among other things – that data providers adhere to seven core principles of “adequate protection.”

Three Core Guiding Principles of the U.S.-EU Safe Harbor Framework:

While there are a total of 7 in-depth Safe Harbor principles, there are three core principles that inform every aspect of EU contact data provider compliance:

  1. Notice – Data providers must notify each contact when, how, and why data is being collected.
  2. Choice – Contacts must be given the option to “opt out” of the data gathering process.
  3. Enforcement – Lastly, Safe Harbor certification requires that companies must provide easy and affordable ways for contacts to dispute data collection processes.

The goal of these heavily-regulated data privacy laws is to help ensure that each EU citizen’s personal data remains “adequately protected” regardless of the geographic location where the data is stored.

What does this mean, exactly?

In a nutshell, it means that all of your sales and marketing contact data sourced from the EU must fully comply with these strict data privacy laws. The Federal Trade Commission (FTC) watches Safe Harbor compliance very closely and is well known for enforcing compliance for companies expanding into the EU. Since January 2014 the FTC has enforced penalties on over a dozen Safe Harbor compliance-related cases against large, global enterprise companies.

DO NOT add your company to their ranks. Stick with verified Safe Harbor-compliant data providers for your outreach and prospecting activities in the EU. Is your EU data provider Safe Harbor certified? Or more importantly, is your data protected under the U.S.-EU Safe Harbor Framework?

If you’re not sure, stop everything you’re doing right now and do one OR both of the following:

  • If you source EU contact data from a third party provider, check to see if they are compliant. Search this list directly to see if your provider is Safe Harbor certified.
  • Didn’t find your data provider on the list? Find a Safe Harbor-certified data provider immediately to avoid any enforcement actions taken against YOU or YOUR COMPANY.

[cta id=”9361″ color=”green” size=”full” align=”center”]


We already have deep insights into your target accounts.



Verified phone numbers and emails—straight to the decision maker.


Preston Zeller
About the author

Preston Zeller

As Director of Digital Marketing for DiscoverOrg, Preston focuses on scaling inbound lead strategies, CRO, and brand strategy.