Key considerations for GDPR compliance
Beth Townsend

Reading time: 7 min


Key considerations for GDPR compliance

Key considerations for GDPR compliance preview

Data protection is highly regulated in the UK. GDPR compliance is vital for businesses looking to reach out to prospects without prior connection. The Information Commissioner’s Office provides plenty of general guidance on GDPR but we wanted to take things a step further and explore the specific guidelines for cold B2B prospecting and how to do it compliantly.

First, let’s look more closely at what GDPR is and what it covers.

What is GDPR?

GDPR stands for General Data Protection Regulation, and it is a legal regulation originally laid out by the European Union Council and the European Parliament. GDPR in the same format was officially kept by the UK government after Brexit, relabelled UK GDPR and in force since 1st January 2021.

The legislation protects the personal data of individuals. Businesses need to comply with GDPR to operate legally. GDPR requires organisations to be more mindful and aware of how they handle and use personal data. This includes everything from names to mobile phone numbers and email addresses to IP addresses. Therefore, if your organisation is actively using cold prospecting as part of your growth strategy, you need a good understanding of GDPR.

The Principles of GDPR

There are seven key principles of GDPR:

Lawfulness and transparency

Personal data must be processing in a lawful and transparent manner. Organisations must ensure individuals are aware of how you collect and use their data.

Purpose limitation

Personal data should only be gathered with a specific, clear and legitimate purpose. It should not be further processed or used in a way that is not aligned with the original purpose.

Data minimisation

Companies should only keep the minimum of personal data necessary for the purpose. Organisations must not collect and store large amounts of personal data which they have no legitimate use for.

Storage limitations

Companies should only retain personal data for as long as necessary for the intended purpose. It should be removed as soon as it is no longer required.

Data accuracy

All personal data your organisation holds must be precise, current and accurate, if errors are found they should be corrected, or the incorrect information should be removed.


When your organisation processes personal data it has be done in a way that ensures protection and confidentiality. This means ensuring the information is protected against unauthorised or unlawful processing, destruction, or doctoring.


Your organisation must show compliance with all GDPR principles and assume fully responsibility for all data processing activities to ensure adherence across the company.

This is a broad overview of what governs GDPR but we’re more interested in its role in how you craft your cold B2B prospecting emails.

B2B Prospecting and GDPR Compliance

Many businessowners feared the introduction of GDPR would spell the end of their cold outreach methods and make it difficult to reach out to new prospects in a way which was both safe and compliant in terms of data protection. GDPR does not have to impact your cold emailing approach at all as long as you follow these essential steps for ensuring compliance:

1. Use your corporate email

B2B communications do not require opt-in consent, provided you use your professional business e-mail account. Sending cold emails via Gmail, Yahoo or other personal addresses is not recommended and you may fall foul of GDPR. UK marketers also need to keep in mind Privacy and Electronic Communications Regulations of 2003 (PECR) which regulates email and other communications but states clearly that B2B communications do not require this opt-in element.

2. Define and disclose your legitimate interest

As our discussion of the principles of GDPR made clear, processing or using other’s data is only permissible with a legitimate reason why or legitimate interest. Your cold outreach has to be purposeful, specific and focused. We focus in on a specific sector or industry and then target the key individuals in the right departments of each organisation for our clients.

For example, one of our cybersecurity clients does a lot of work with accountancy firms. With this in mind, we craft highly targeted campaigns fine-tuned and only send them out to the right people i.e. cybersecurity or IT managers, within the accountancy sphere.

We’ve targeted both the right industry and the right individual, ensuring our email has a legitimate reason for landing in their inbox.

3. Opt-out is essential

The final core part of your cold emailing strategy for UK businesses is the opt-out feature. You must provide recipients with an easy way to opt-out of the emails. You must also ensure their information removed from your database.

Keep in mind that you need to hang onto a minimal amount of their data, their email address usually, to ensure you do not reach out to them again in the future if they have chosen to opt-out from future emails. However, to comply with GDPR you should keep data minimisation in mind and delete any additional information you do not need.

What about in other European countries?

If you want to market your business in other European countries, keep in mind that GDPR legislation may be stricter.

Cold B2B email prospecting is generally OK in most European countries. However, you must follow the three steps above to protect yourself and your business. All contacted individuals must be given an easy and clear way to opt-out and the email content must be relevant to the professional role of the person.

Some countries have more stringent regulations which you should keep in mind including:


Germany has particularly strict data protection regulations but there are some exceptions, especially when contacting corporate and business addresses. You will find Germany’s rules under the German Federal Data Protection Act and the Act Against Unfair Competition. As the risks of error are higher in this region, you should always seek professional legal advice before cold emailing in Germany or to German businesses.


Austria also maintains stricter GDPR rules. You could find yourself landed with a hefty fine if you send a cold email without prior content. The Austrian Telecommunications Act and Data Protection Act are the key legislation governing this strict regime. Therefore, you should seek professional legal support before considering any cold prospecting approach with Austrian businesses.

Every European nation has its own interpretation and specificities in relation to GDPR. Therefore, it remains quite a complex area to understand. Before entering a new region or market it’s always a good idea to double check with a legal professional to avoid any potential breaches.

Protect your Business Reputation and Respect GDPR

No business owner has to fully comprehend the ins and outs of every aspect of GDPR. However, you need to maintain a good understanding to operate compliantly and still maintain your strategy to grow and develop your business. Remember:

  1. Always use a corporate email address e.g.
  2. Always check your email content is fully relevant and of legitimate interest to the professional role of the person you are contacting
  3. Always respect the data you hold on any individual as per the GDPR
  4. Always be transparent about how you obtain and process personal data

At Lead Gen. Dept we are scrupulous about GDPR. We use our industry expertise to source and research all prospects on your behalf and ensure everyone has a full and transparent understanding of how we safely and compliantly handle their data. We specialise in all aspects of cold prospecting keeping GDPR compliance in mind. This allows you to focus on turning each meeting we arrange for you into a successful conversation that leads to sales. Please get in touch to book in and find out more.

The number one UK B2B appointment setting agency

Book your demo

Related articles

Still unsure?

Submit your email to receive a video replay of a demo plus latest news from the Lead Gen Dept.