Keap + VeraSafe: How a CRM and automation will keep your business compliant with GDPR

Chapter 01: What's a CRM and how does it create order?

colorful wooden block puzzle pieces

CRM stands for customer relationship management. It’s a powerful system that connects all the data from your sales leads and clients in one place. Customer relationship management is a literal description of what CRMs do, but those three words don't tell the whole story. The sheer volume of information that you can track and keep organized for each person in a CRM system is staggering―and pretty exciting.

A CRM database can include all kinds of information. Here are some examples of the type of data you can keep organized in a CRM:

  • A person’s name, title and email address, or their Skype handle
  • The date when you last talked to them and what you discussed
  • Sources of leads and the quality of the lead, also known as a lead score
  • Orders a client has placed and how much they spent
  • Their recent website visits or other brand engagements
  • The names of a client's children or pets, their favorite hobby, or any other personal data you need to remember to keep the relationship friendly and personalized

With insight into all this information, your CRM can attract clients, run marketing campaigns, generate sales, and create the order you need to run your business smoothly. You might say that a CRM is the engine for sales, marketing, and customer service, and the CRM database is the fuel that creates the order you need to run your business efficiently and comply with strict privacy and data security rules that apply to all businesses–not just big corporations. And the best part about having a CRM is that you don’t have to keep track of all this information in your head!

Don't have time to read this now?

Chapter 02: Keeping client information in your head is risky (and embarrassing) business

woman working with a bunch of sticky notes

We’re not talking about the movie when we say risky business. Sorry, all you Tom Cruise fans out there! We’re talking about keeping your customer data safe by keeping it organized and avoiding hefty penalties or putting your business at legal risk. With all the strict privacy and data security rules that are coming out, like GDPR, it’s hard to keep track of what’s allowed and what’s not allowed. The last thing you want is to put your business at risk by violating a rule without even realizing you’re doing it.

coffee and a napkin with a note saying free your mind

As a small business owner, you have a lot on your plate. No doubt about that. You can’t keep track of all the data that relates to your business, your leads, and your clients all in your head or in a spreadsheet or on sticky notes and napkins for that matter. Yeah, those aren’t the most reliable, are they? Especially the napkin that makes its way into the washing machine. All that data. Gone. Never to be retrieved.

As Joel’s father said in Risky Business, “Sometimes you just gotta say what the heck.”

But let’s be real—no matter how good you are at keeping track of things in your head, it’s a lot of data for anyone to keep straight. Things like: the lead you spoke with a couple of days ago and now you’re trying to remember if you followed up with them or not, the invoice you were supposed to send out and can’t recall which service you’re billing for, or the leads who are getting upset because you accidentally emailed them about the same thing more than once, the list goes on and on. You know how it goes. Cut yourself some slack. You’re human, and you’re bound to forget or make a mistake. In fact, according to The Wakefield Research and Concur data, 42 percent of small businesses surveyed have errors in matching their invoices to their clients. It’s no wonder small business owners are feeling bogged down, overwhelmed, and pulled in many directions trying to keep everything in order.

Thankfully, there’s a solution. Powerful tools, like CRMs, are available to keep track of client information, prevent you from making embarrassing or costly mistakes, and give you back the valuable time in your day you need to focus on what matters most—your clients.

Free Checklist:
Free Checklist

If you’re thinking about a CRM for your small business, this seven-step checklist will help you accelerate the success of your CRM implementation. Your business will thank you. Your team will thank you. More importantly, your customers will thank you—with more sales.

Chapter 03: What is the General Data Protection Regulation (GDPR)?

Keyboard with customer information security key

The EU General Data Protection Regulation or “GDPR” is in full swing. The GDPR, which replaces the EU Data Protection Directive, is the world’s most modern and comprehensive data privacy regulation yet. It introduces tight controls on the processing of personal data of European Union residents. The purpose of the GDPR is to impose additional obligations on organizations involved in data processing and to empower EU residents to have more control over their privacy and personal data.

The GDPR isn’t just a European thing either. It applies to EU-based organizations and to organizations with no physical or legal presence in the EU—if they offer goods or services to EU residents or monitor their behavior. This means that, in theory, EU regulatory authorities will have greater power and territorial reach to take action against organizations that do not comply with their data protection obligations. Non-compliance with the GDPR can result in enormous fines. Penalties can be as high as 20 million Euros (approximately $24 million), or 4 percent of a business’ global annual revenue, whichever is greater.

Does my business need to comply with the GDPR?

All companies, whether large or small, should be aware of the extent to which the GDPR regulates their operations. If your company collects or processes personal data of individuals residing in the EU, you are most likely governed by the regulation.The GDPR (Article 3) applies to the following businesses and organizations:

EU-based businesses and organizations regardless of whether or not their data processing takes place in the EU.

Non-EU businesses and organizations that offer goods or services to EU residents (for instance, through e-commerce); or businesses and organizations that monitor the behavior of EU residents.

Personal data defined

The GDPR’s definition of “personal data” is quite broad compared to the definitions found in other privacy laws. Article 4 of the regulation states that personal data means “any information relating to an identified or identifiable natural person” (also known as a “data subject”). An “identifiable natural person,” is in turn, defined as “one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. Therefore, the definition goes above and beyond what most U.S. organizations have grown accustomed to.

The GDPR’s data protection principles

While it is impossible to provide a comprehensive guide to address all aspects of the GDPR and how it may impact every business within the span of just a few short pages, there are some key aspects of the regulation that your organization should be aware of. These considerations may require modification of your current business operations, processes and systems to help ensure compliance, or at the very least, to mitigate your regulatory risk.


One of the cornerstones of the GDPR is the principle of Accountability, which requires a business to document and demonstrate its compliance with the regulation. In order to accomplish this, you may need to do one or more of the following:

  • execute appropriate written agreements with businesses that process personal data on your behalf;
  • maintain up-to-date documentation of your data processing activities (known as a “data map”);
  • implement appropriate technical and organizational security measures;
  • record and report any personal data breaches; and appoint a data protection officer.


Your organization should review its current privacy policy to determine if any changes are needed to be compliant with the GDPR. The regulation requires you provide clear privacy policies to individuals informing them why and how your organization will collect, use and protect their personal data. It also requires that you disclose the lawful basis of your data processing activities. (See Article 6 of the GDPR for more details) The regulation also requires that you provide this information to individuals, free of charge, in a concise, intelligible and easily accessible way. Check out the GDPR privacy policy checklist.

The roles of controllers and processors

The GDPR defines organizations as either controllers or processors with respect to any particular use of personal data. Article 4 of the regulation defines a data controller as the “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” The controller is therefore the entity that determines the purposes for which the personal data are used, and the means (e.g., what apps or other tools) by which the data is processed. Additionally, Article 24 states that the controller is the entity primarily responsible for ensuring that processing activities are performed in compliance with the regulation. They must “implement appropriate technical and organizational measures” not only to ensure compliance, but also to be able to show a regulator the controls that the organization has implemented.

Article 4 of the GDPR defines a data processor as “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” Therefore, the processor is required to process personal data only on behalf of the controller and in accordance with the controller’s instructions. Moreover, the controller’s instructions to the service provider (i.e., processor) must be documented in a contract. Such a contract must indicate the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the controller. It must also document what will happen to the personal data once the contract between the controller and processor ends.

Under the GDPR, controllers are liable for the actions of the processors. Therefore, it is the responsibility of controllers to only appoint processors that provide guarantees to implement appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR. It is also important to note that although one organization may provide a service to another organization, it does not automatically mean that the service provider is acting as a data processor. The organization which receives personal data from another organization could be a controller or a processor, depending upon the degree of control that it exercises over the processing of data.

In short, both controllers and processors have specific roles, responsibilities, and obligations that need to be addressed to ensure compliance with the regulation. It is important for every organization to understand if it is a controller of data or a processor (or in some cases, both) and how the GDPR applies to it.

Expand data privacy rights

Under the GDPR, EU individuals’ privacy rights are broadened. You should review your procedures and confirm that your organization is able to respond to and satisfy requests from individuals who wish to exercise certain privacy rights provided to them in the regulation. Specifically, the GDPR gives individuals the following rights: the right to be informed about how their data is used by an organization, the right to access their personal data, the right to correct their data, the right to have their personal data erased (also known as the “right to be forgotten”), the right to object to the processing of their personal data, the right to have their personal data exported, the right to restrict processing, and the right not to be subjected to fully automated decision-making that could have a big impact on the individual (e.g., if your mortgage application is denied by an automated process used by a bank, you have the right to ask the bank to have your application reviewed by a human, instead of merely by a computer). If your business or organization utilizes systems which collect, store or otherwise process personal data, those systems may need to be modified in order to effectively respond to individuals’ requests related to the exercise of their rights.

Notification of a data breach

Data controllers must report a personal data breach to relevant European regulators within 72 hours of becoming aware of the breach, if the personal data that was exposed could result in a privacy risk to those people involved. Failure to report a data breach within this strict timeline could result in a fine. Therefore, you should ensure that your organization has the right procedures in place to recognize, report and investigate a personal data breach. When a data breach could result in a particularly high risk to the rights and freedoms of individuals, in most cases, the data controller will need to notify the affected individuals directly.

Data protection officer (DPO)

In some cases, the GDPR may require you to designate a Data Protection Officer or “DPO”. A DPO is a person or company you designate to be accountable for your organization’s data protection program. You are required to appoint a DPO if your organization carries out regular and systematic monitoring of individuals on a large scale, or if your organization conducts large-scale processing of special categories of data, such as criminal convictions and health records. Even if you aren’t required to appoint a DPO, it is a best practice to do so. If you do appoint a DPO, you should consider how this role will fit in your organization’s structure. Keep in mind that assigning one of your employee that has other tasks to the role of a DPO may create a conflict of interest, and would not satisfy the DPO obligation under the GDPR. An outside data protection advisor, such as VeraSafe, can be placed in this role as long as they have the proper knowledge, support, and authority to carry out the role.

As we’ve discussed, the GDPR brings with it significant changes to businesses and organizations both inside and outside the EU. By gaining a greater understanding of the key elements of the GDPR, organizations can develop a complete roadmap for compliance. As a bonus, complying with the GDPR will equip your organization to comply with future changes or developments in data privacy laws that you might be exposed to. By raising your data protection game and meeting the sophisticated standards of the GDPR, you will position your data protection program above the high-water mark of evolving privacy laws worldwide.

Chapter 04: Having a CRM system on your side is a pretty sweet deal

Boy in a strawberry field

Not only can a CRM help you with organizing your client information, there's so much more it can do to help you run and grow your business. It’s a pretty sweet deal.

We’re going to discuss the different areas a CRM is used to organize client information so you can see all client activity, know what next steps you need to take, and effectively market to them. Let’s get started.

Keeping client information in order

Client management is one of the core functions of any CRM. It’s a place for storing, organizing, and managing client data.

With a spreadsheet, you can track things like:

  • Name
  • Email
  • Phone number
  • Website
  • Address
  • Type of client
  • Date purchased

But with a CRM, you can track client data in a much more meaningful and useful way. With a CRM you can track everything in a spreadsheet plus:

  • Company size
  • Multiple contacts within a company
  • Contact’s job title
  • Lead scoring based on contact’s level of interaction
  • Notes history
  • Current sales pipeline stage
  • Detailed reporting
  • And more!

The beauty of using a CRM is that you don’t have to have all of the information about a contact to get them entered into the system. For example, if you just talked to someone at a local event and just got their name and email address, no problem. You can add it to your CRM over time, as you engage with that person more and more, you can add their information to their contact record.

Here are some things you can add to a contact’s information in a CRM:

Activities: A CRM lets you add activities, like when you sent an email or text message with a promotional offer, as you build relationships with your contacts. You’re able to add things you've planned or completed, like follow-ups with new leads, or an upcoming meeting with a client. It also provides you with insightful data on things like the types of messages you’ve sent that have or haven't worked so far so you can change up your communication and follow-up strategy.

Notes: Add notes with specific information about the contact. Things like, who makes decisions at each business you sell to, so you have a leg up on your competition because you can go in with a meaningful, data-driven sales and marketing strategy.

Tags: Add tags to contacts so you can organize so you can organize and sort leads and clients based on things like industry information, company size, or product preferences. With tags, you can filter your contacts into lists so you can market to them more effectively. And most importantly, send them messages about things they care about. That way, you’re talking to them about things they care about and not annoying them with information they’re not interested in.

So you see, when it comes to CRMs, the more data you feed or nurture it with, the more sweet fruit it bears. While organizing and storing information is one of the most helpful ways business owners use a CRM, there’s a lot more you can do with CRMs that are designed as an all-in-one solution.

Chapter 05: Taking CRM up a notch with all-in-one features

Guy giving a thumbs up while drinking coffee and working on laptop

Not all CRMs are built the same. Most are great at storing and organizing client information, while some come with more power and do that and a whole lot more. Take for example Keap. Not only is it a CRM, but it can also be used for marketing and sales automation— you can even build and A/B test marketing emails, landing pages, and marketing campaigns directly in the system— and automated payment processing that helps you grow your business while keeping your contact information organized and provide you with insightful data, so you know what’s working and what’s not working.

As a business owner, you’re probably all too familiar—and fed up—with using a hodgepodge, of software tools to run your business. In fact, when we conducted our 2017 Small Business Market Survey, we found out that 70 percent of small business owners who responded use a hodgepodge of tools and want to get rid of them as quickly as they can. At Keap, we call the hodgepodge The Kludge. You know, having to remember different passwords, jumping back and forth between different tools to look at pieces of information, losing track of new leads and following up when the lead has gone from cold to freezing, or duplicating efforts and missing tasks because information is scattered in multiple places. All this adds up to a lot of disorganization, wasted time and money, missed opportunities for you and your business, and the risk of violating security and privacy regulations.

But there’s hope! If you’re one of those businesses who use The Kludge, you can say goodbye to it once and for all by incorporating automation into your everyday workflow. This opens up the door to a multitude of possibilities for your business and makes it possible for you to meet the growing demands of clients. And believe us when we say client demands are going nowhere but up from here. In our 2018 Keap Value Outcome Survey we found out that 70 percent of small businesses think clients are more demanding today than in the past, and 80 percent say clients expect small businesses to be available around the clock, online and by phone.

But we won’t just tell you the possibilities are endless, we’ll show you. Check out this video to see how Gleason Tax doubled their sales and revenue in their first year of using automation.

Growing your business is rewarding and exciting. But there’s a big responsibility that comes along with it. As a business owner, you’re responsible for keeping client information safe and obtaining consent from leads and clients before you use their information. That includes things like sending leads and clients marketing emails or storing a client’s payment information. With the ever-increasing growth of internet use and social media, it’s getting easier and easier to collect personal information about your leads and clients. However, you don’t want to use client information in a way that’ll have a negative impact on your business when you’re using automation to market your business and request and receive money from clients.

The CRM and marketing automation combo: A dream come true for small business

Marketing automation is when you use software to automate and simplify tasks that otherwise would take a lot of daily time and effort. Tasks like sending marketing email drip campaigns and sending follow-up messages to stay engaged with leads and clients. When marketing automation is integrated with a CRM, not only does it save time and improve marketing results, it organizes client information in a way that can’t be done efficiently with manual processes unless you hire someone who’s dedicated 100 percent of the time to keeping your client information organized. Frankly, manual processes aren’t the most ideal or cost-effective solution for businesses in today’s digital, data-driven world.

Many small business owners have turned, or are switching to, marketing automation and seeing the benefits. In fact, 75 percent of people who responded to an Adestra Survey agreed that saving time was the most significant benefit of using marketing automation. And an even larger group, four in five, said they increased the number of new leads.

Sounds great, right?

Sure it is, when used with caution. With the increasing demands for personalized experiences, it’s important to be careful when you’re using client information in your automated marketing efforts, like sending emails to leads and clients.

Chapter 06: Email marketing in a highly-regulated world

computer monitor with illustration of people and emails

Email marketing is one of the essential communication tools businesses use to connect and build personalized relationships with leads and clients. And it’s no surprise that it’s even more important for small businesses on a tight digital marketing budget. Compared to other forms of marketing, it’s an affordable way to market your business, create personalized relationships with leads and clients, and get a substantial return on your investment.

While there are strict privacy and data security rules like GDPR and CAN-SPAM you must comply with, you can still effectively use email marketing automation campaigns to grow your business as long as you’re using best practices that will help you build trust with your audience. And the good news is people actually prefer email! A Marketing Sherpa Study found that 72 percent of Americans prefer email from businesses versus other channels, like text messages and social media. And, in another Marketing Sherpa Study, when 2,057 adults in the United States were asked how often they like to receive promotional emails from companies they do business with, 86 percent said they’d like to receive an email at least once a month while 15 percent said they’d like to receive them daily.

Email marketing: It all starts with your sender reputation

To get the most out of your email marketing campaigns, you’ll first want to make sure you have a good sender reputation because it’s your reputation that’ll make or break your email marketing results. A 2012 study by Return Path found that 80 percent of email deliverability problems are attributed to poor sender reputation.

We’re not gonna lie—establishing a good reputation takes a lot of time and effort. Think of your email sender reputation like your credit score. It’s difficult and time-consuming to build and really easy to destroy. The good news is that all your hard work will pay off, not just with your Internet Service Providers (ISPs), but also for your business.

Here are the three factors that impact your sender reputation:

1. Your email content

What you put in your email impacts your sender reputation. This includes things like:

  • Spam-like content, headlines, or images
  • Your image-to-text ratio (industry standard is 40:60)
  • Your links. If you link to other domains that have low reputations, their reputation will reflect poorly on you.

2. Your server/email service provider (ESP)

ESPs (e.g., Keap, MailChimp, etc.) are a service company that host email marketing services on their servers. Think of an ESP as the engine behind the marketing emails you send. An ESP is not Gmail, Yahoo, or Outlook; Gmail and Yahoo are web mail providers (which means emails are sent, received, and stored through an online browser) and Outlook is an email client (which is computer software that stores your emails on your computer, not online). ESPs also have reputations, and their reputation directly impacts your email deliverability. That’s why knowing things like an ESP’s deliverability rate (Keap has a rate of 99.5-plus percent) is important.

3. Your sender domain

This is your domain—the part of your email address that starts with “@” and ends with “.com” (or .org, or .edu,). The reputation of your sender domain follows you everywhere—no matter which ESP you use or whether you switch ESPs.

Your domain’s sender reputation includes everything that’s ever been sent from that domain. What if one of your employees, operating under your domain, got a virus on his computer and the virus sent out tons of emails from your domain? Stuff like that can get you blacklisted. That’s a nightmare scenario, but it illustrates that having a bad sender domain reputation doesn’t mean you’re a bad person, it just means there are improvements you can make.

Best practices to improve your sender reputation

Now that you know what impacts your sender reputation, here are some best practices you can start putting into action to build or improve your sender reputation.

Get explicit permission

When someone shares their contact information with you, make it very clear that they’re signing up to receive marketing emails from you. If they don’t give you permission to send them marketing emails, don’t email them. Period. If you do, you’re only hurting your reputation and your unwanted emails will inevitably get marked as spam, and the person will unsubscribe or remove their contact information completely so you can never contact them again. And if you send them a marketing email after they’ve asked you to completely wipe their information from your system, you could end up with hefty penalties under GDPR. To avoid this from happening, follow these best practices:

  • Include a checkbox on your in your web form on your website that gives the person the option to check or uncheck the box to receive marketing material from you.

  • When someone you meet at an event, talk to over the phone, or chat with on social media, shares their contact information with you, clearly ask them if you can send them marketing emails to the email address they shared with you.

  • Set clear expectations—what you’ll be sending, how often you’ll send it, who’s sending it.

Then, ask them to double opt-in

This is when someone confirms their email after they’ve shared their contact information with you and given you explicit permission to send them marketing emails. These people really like you and are usually your hottest leads. Here’s how to you it:

  • Immediately after someone shares their contact information with you, send them an opt-in email. Time is of the essence, so you want to make sure you do this right away. Here’s where marketing automation is your best friend. You can set up an automation that automatically sends an opt-in email right after the person fills out a web form on your website (plus, it helps you keep their information organized).

Send them just what they want—no more, no less

If you have different types of content or offer emails on a different frequency, segment, or organize and sort, people who want to receive emails from you based on what they want from you. Only send them emails about things they’ve asked for. Here’s how you do it:

  • Organize and sort people into email lists based on preferences and behaviors. That way you’re only sending emails about what they care about and not spamming them with things they’re not interested in. In Keap, you can use the Tags we talked about earlier (in chapter 4) to help you effectively market to leads and clients.

If they want to leave, let them go

We know this one can be a bit tough to do, but you gotta bite the bullet and make it easy for people to unsubscribe from your email list. Plus, it’s legally required by GDPR and CAN-SPAM to include an unsubscribe link in all your marketing emails. To keep your emails legally compliant, follow these best practices:

  • Make it easy for people to find the unsubscribe link. This means don’t add multiple blank lines before the unsubscribe link so people have to scroll on and on to find it (this is called padding). This will just frustrate people and hurt your sender reputation.
  • Take a user-friendly approach to unsubscribing. Place the unsubscribe link where it’s easy to see in your email footer. Instead of just saying “unsubscribe” in your link, say something like, “We’d hate to see you go, but we understand if you want to unsubscribe.” with the word “unsubscribe” linked.
  • Include the following content on your unsubscribe landing page:

    • Find out why: “Please tell us why you want to unsubscribe” this is a great way to get feedback and insight into what’s working and what’s not. You can include selections like: “Too many emails,” “No longer interested,” or “Emails are too long.

    • Thank them: Add a nice thank you message and let them know they’re always welcome to come back. Something along these lines, “We already miss you, but we’ll be here waiting if you ever change your mind!”

The dark side of email marketing: Spam, spam complaints, and spam traps

Ah, spam. No, we’re not talking about the so-called lunchmeat Spam. We’re talking spam as in the kind that can send your email sender reputation down a deep, dark spiral.

As a business owner, there’s so much you have to think about when you’re sending marketing emails. Globally, the number of restrictions and regulations is increasing, and according to Statistica’s 2017 Spam Email Study, 60 percent of emails sent globally get marked as spam. It’s no wonder many business owners are wondering why their marketing emails aren’t making it into inboxes.

So what can you do about it? Don’t give up. We’ll share some information and best practices you can use to help improve your email deliverability and reduce the number of emails going into junk folders and getting marked as spam.

Your sender reputation: It really, really does matter!

We can’t stress this enough because getting, and keeping, a good email sender reputation is vital to successful marketing emails. Did you know that the industry standard for a good sender reputation is equal to keeping your external spam rate at less than one per thousand? Just like client complaints hurt your business reputation, spam complaints do the same thing to your marketing emails.

Spam complaints

There are two types of spam complaints. External spam complaints and internal spam complaints.

External spam complaints are the ones you get when someone who gets your email complains to their email client (e.g., Outlook, Gmail, etc.) by selecting the “Mark as spam” button. When this happens, most email clients will report back to the ESP to opt the person out of your email list.

Internal spam complaints happen the person receiving your emails clicks on the unsubscribe link in your email footer and then reports the email as spam on the unsubscribe confirmation page.

To keep your complaint numbers low, you should only send emails to people on your list who are engaged. An engaged person isn’t someone who’s getting married in the near future, well they could be, but that’s not the type of engaged person we’re talking about.

When we say an engaged person, we’re talking about someone who has recently (within the past for to six months) met one or more of the following criteria:

  • Given you permission to send them marketing emails (opt-in or double opt-in)
  • Opened a marketing email from you
  • Clicked on a link in one of your marketing emails
  • Purchased a product or service
  • Is on a recurring subscription

Anyone on your email list who doesn’t meet one of these shouldn’t be getting marketing emails from you. That doesn’t mean you have to delete their information entirely, unless they’ve asked you to permanently remove their information from your records and never contact them again. You need to forget about these people to comply with GDPR. However, you can hang on to contact information of people who have given you permission to contact them and may be interested in your business in the future. We recommend you keep those people in a separate “unengaged list” and save them for a time when you think it makes the most sense to re-engage with these contacts.

Now let’s go back to the people who meet the criteria and getting those emails past the spam filters and into their inboxes.

Spam filters

Spam filters are programs that are used to detect unsolicited and unwanted emails and prevent them from reaching inboxes.

When you send marketing emails to your list of engaged people, make sure you’re sending emails with content they care about because spam filters measure engagement by looking at the open rate percentage, not the number of emails opened.

Here's an example:

Illustration showing an A/B email test comparison

If the percentage of people opening your emails is low, your emails will start to automatically go into spam or junk folders, even for the people who opened your email. It’s frustrating! But that just goes to show how much engagement matters. To make things worse, if you have an email without links or worse with links that people aren’t clicking, spam filters will notice that, too. That’s why you want to make sure your content is engaging, contains high-quality links, and has a strong call to action for people to click. These days, there are automated email marketing systems, like Keap, which runs a spam check on your content before sending out your emails. This can save you a lot of time and not to mention frustration.

Spam traps

Email providers (e.g., Outlook, Gmail, etc.) and blacklist providers (e.g., Composite Blocking List, Spamhaus Block List, etc.) use spam traps to catch malicious email senders and non-malicious email senders who happen to have poor email sending habits. Spam traps look like legit emails, but they don’t belong to an actual person nor are they used for actual communication. Instead, their purpose is to find the spammers out there and anyone who’s using a bad email list.

There are three types of spam traps you should be aware of:

Pristine: Email addresses that are hidden within a website’s code. The purpose of pristine spam traps is to identify email marketers who build their email lists by scraping sites or purchasing data.

Recycled: Email addresses that were once valid, have become dormant, and then repurposed by an email provider. Someone could have used this email address to give someone permission (opt-in) at one point or another, but since then, the address has been abandoned. The purpose of this trap is to identify email marketers who don’t perform regular list hygiene.

Typo: Mistyped email addresses, like “[email protected]” The purpose of a typo spam trap is to identify marketers with questionable lead collection techniques.

Regulations to protect consumers from harmful or unsolicited emails, like GDPR and CAN-SPAM, are on the rise, and a for good reason. Who wants an inbox filled with emails from spammers and marketers? People want to receive emails with content they care about and interested in reading.

As a business owner, who’s probably operating on a tight marketing budget, the last thing you want is a spam trap email on your email list. Yeah, your emails won’t make it to the inbox. But that’s not the worst of it. What’s worse is that there are hefty penalties for emailing spam traps. The severity of the penalties vary depending on the type of trap, how often it’s been emailed, and the group that runs the trap. And if it can’t get any worse, it does. Your IP addresses and/or sending domains can get blocked and/or blacklisted which causes serious problems with email deliverability. In any case, you can’t afford to put your pocketbook or your email sender reputation at risk.

The best way to avoid spam traps is not to purchase email lists and only send emails to people who have given you permission to send them marketing emails. It’s pretty simple; it just takes some time to clean up and maintain a healthy list. But trust us when we say every minute you put into list hygiene is worth your time and will pay off in the long run.

List hygiene best practices

Maintaining a healthy list is manageable if you do it on a regular basis. You can do this manually, or use automated list management tools to help you keep your email list clean. Some CRMs, like Keap, automatically flag high-risk email addresses for you.

Clean your list once a month

The first step in proper list hygiene is to go through your list of people you email on a monthly basis and remove any emails that appear to be high-risk. By high-risk, we’re referring to emails that have bounced, people who have unsubscribed and/or complained. You’ll also want to look for spam trap emails (pristine, recycled, and typos).

Look for email addresses that may be risky

Sometimes people sign up to receive information or promotions from you using an email address that’s shared among multiple employees in a business, or transferred from one person to another. These addresses typically contain “[email protected]” or “[email protected]” and present a risk for spam complaints. To avoid any risks, send these people an email and ask them if they can give you a different email address to send marketing emails to and remove the risky email from your list.

Move people who aren’t responding to an unengaged list

If a person hasn’t opened or clicked a link in an email for a while, it’s likely they’re no longer interested in your product or service and should be moved to an unengaged email list. To determine what’s “a while,” look at how often you’re sending emails. For example, if you send emails on a daily basis and the person hasn’t responded in a month, they should be moved to an unengaged list. Regardless of your sending frequency, a good rule of thumb is to remove any person who has not opened or clicked a link in an email within the past four months.

Don’t let people get cold when they sign up for your emails

People are on the go, quickly moving from one thing to the next. They tend to forget that they’ve signed up for marketing emails if they don’t receive any for a while and if something pops up in their inbox they’re likely to mark it as spam if they don’t remember signing up for your emails. It’s important to remember: Permission to send marketing emails is not permanent. It actually decreases over time if you don’t maintain a relationship with people who sign up to receive emails from you. If you haven’t emailed someone in more than four months, consider them as a cold lead and move them to your unengaged list. We know this isn’t easy to do, but keep in mind, if you re-engage with them and they show interest, you can move them back to your active email list.

Send a re-engagement email to your unengaged list

Try to reconnect with people on your unengaged list by sending them an email that may get them interested in you again, like a special coupon, and ask them if they want to keep receiving emails from you. Remove any contacts who don’t respond to your re-engagement email because that’s a clear indication that they could turn into a high-risk email address that you don’t want on your clean list. Of course, anyone who does respond to you should be moved to your clean list. Also, we recommend sending re-engagement marketing emails on a regular basis to build a personal, lasting relationship with people who are interested in your business.

Free Guide:
Free Guide

Want to learn more about healthy list hygiene habits? Check out our complete guide filled with pro tips and best practices.

Chapter 07: A CRM keeps client information organized in your sales pipeline

People standing in a straight line

Keeping client information in order as you move leads from one stage to the next in the sales pipeline can be challenging and clog up your pipeline when you’re trying to keep it organized on paper, or even in a spreadsheet.

Automation organizes and unclogs your pipeline

A clogged pipeline. Nothing good ever comes when you combine the words “clogged” and “pipe.” Whether it’s sales or plumbing, it just always leads to a bad ending. But a CRM with built-in sales automation, now that’s a combination that leads to a good ending. As in leads converting to clients!

OK, enough of the bad jokes.

But seriously, when you use a CRM with built-in sales automation in your sales process, the level of organization and efficiency is something every business owner or sales manager would ever want for their business, especially with the strict regulations around using and processing client data to deliver a product or service. Without an automated sales process to keep your client information stored in one place, the chances of mistakes like misplacing a lead’s personal information or sending too many follow-up emails to the same person and coming off as a spammer are inevitable. In today’s highly-regulated environment, those small mistakes can turn into big penalties.

When you use a CRM with sales automation, you can do things like:

  • Organize your sales process with a pipeline that you can customize with sales stages that fit your business’ needs.

  • Track and organize all information about the lead and the sales deal in one place including the lead’s information, all activity and communication with the lead, and estimated and actual sale amounts, and more.

  • Get an at-a-glance view of where each lead is in the sales process, who’s assigned to each sales deal, and collaborating with your sales team throughout the process.

  • Create automated workstreams that automate communication with leads based on the sales stage and actions taken by the lead.

Plus, payments

After you’ve gone through all the hard work of getting leads and converting them to clients, it’s time to get paid. As a business owner, you have many options for collecting payments. The type of business you run and how you deliver your product or service dictates how you collect payments.

For example, if you run a local ice cream shop, you collect a cash or card payment on the spot. If you’re a service-based business, like a photographer or a lawyer, you rely on an invoicing to collect payments from your clients after you’ve delivered your services. And if you provide an ongoing service, like a personal trainer, you’re likely to rely on recurring invoicing.

Invoicing and collecting payments can get tricky (and messy) if you’re trying to manage it on your own using manual processes. Especially when you also have to make sure you’re complying with strict regulations to keep your client information private and secure. Things like sending not being able to send invoices out quickly, following up with clients who haven’t paid, entering payments after you’ve received them into a spreadsheet, and keeping client payment information safe are all difficult to manage on your own manually. The risks of living in the Paper Age of payment collection is risky. So risky that 75 percent of businesses that accept checks experienced attempted or verified fraud.

Fortunately, there are CRMs, like Keap, which seamlessly integrate with a payment system so you can automate your entire payment process, from start to finish and keep all your client information securely stored in one place. More and more businesses are turning to payment automation, not only for the security benefits, but also to help their business collect payments faster, reduce late payments, and reduce the amount of time spent on invoicing and collecting payments.

Chapter 08: The bottom line

The increasing number of strict privacy and data security rules that businesses are being exposed to continues to grow with increasing access to customer information. Rules like GDPR and CAN-SPAM have caused significant changes for small business owners around the world. Complying with numerous rules and regulations while trying to run a successful business is challenging without a doubt.

Staying informed and understanding what’s necessary to keep your business compliant is the first step that’ll help you develop a compliance strategy for your business. As you think about your compliance strategy, consider incorporating automation into your everyday business workflows to help you organize and manage customer information so you can meet the growing demands of customers and efficiently deliver personalized customer experiences in a highly-regulated environment.

The information contained in this guide is not legal advice and any organization using this resource may not rely upon it as such. The GDPR is a complex principle-based law which is open to interpretation, and also provides Member States an opportunity to implement higher standards than those laid down in the regulation itself. The GDPR creates significant compliance risk for organizations regulated by the law. It is strongly recommended that organizations seek legal advice on how to prepare for the GDPR.

Infusionsoft logo

About Keap

Keap is on a mission to simplify growth for millions of small businesses worldwide. Built for growth-minded small businesses, Keap provides a simple CRM for 180,000 small business users. Unlike single-purpose tools that don’t work well together, the platform creates order by organizing all customer interactions in one place and integrating with thousands of other apps, to empower small businesses to deliver more personalized service and close more business. The privately held, eight-time Inc. 500/5000 company is based in Chandler, Arizona and is funded by Goldman Sachs, Bain Capital Ventures, Mohr Davidow Ventures and Signal Peak Ventures. For more information, visit, or the Keap blog.

VeraSafe logo

About VeraSafe

VeraSafe’s strength lies at the intersection of law and IT. With two skillsets not traditionally found under the same roof, VeraSafe’s team combines American and European data protection attorneys, privacy professionals, and IT security experts. VeraSafe is dedicated to providing industry-leading privacy and security advice that matches the risk tolerance and circumstances of each client we serve.

With a focus on European privacy and cybersecurity law for organizations with 100+ employees, VeraSafe provides a complete solution for your organization’s compliance with the GDPR. VeraSafe can assist you in identifying the precise extent of the GDPR’s applicability to your organization and provide expert support to operationalize your complex obligations under the law.

Chapter 09: About the author

Author, Besma Bihnam

Besma Bihnam

Besma Bihnam is the senior content creator at Keap and has a passion for writing effective educational content for a wide variety of audiences. Besma started her business writing career with Arizona Federal Credit Union. She transitioned to writing for the software industry for a few years and then shifted to the financial sector where she wrote content for some of PayPal’s most critical services. Besma joined Keap in July 2017 and has written both in-product and marketing content. When she's not writing, Besma spends time with her music-loving family and enjoys listening to her husband or kids play guitar, saxophone, cello, and drums just about every day of the week.

Don't have time to read this now?