GDPR for Sales Outreach: How to Prospect While Staying Compliant

December 6, 2022

Legal implications of GDPR and Cold-Outreach

Data privacy and protection have become crucial concerns for organizations and consumers. Even though businesses have always taken consumer protection seriously, data privacy gained more attention once the General Data Protection Regulation (GDPR) of the European Union came into effect in May 25, 2018. This is because this law, which is intended to protect EU individuals' personal data, has broad ramifications for marketers, particularly for cold emailing.

Now, you're aware that B2B sales are inherently competitive.That means a strong sales process is essential for the company's success. Keep in mind that 50% of all sales are made by the first company to engage a prospect. So, does GDPR apply to your company? 

Although the GDPR is intended to safeguard the personal data of EU individuals, it also applies to any businesses (whether or not they are based in the EU) that process and store the personal data of EU consumers. B2B brands must understand the ramifications of this law in their marketing efforts. This guide will explain in detail what GDPR is, what it entails, and how you can engage in cold emailing while staying compliant.

What Is GDPR?

The General Data Protection Regulation (GDPR) is the world's strictest privacy and security regulation (So far!) It places constraints on how businesses can gather, use, and keep the personal data of EU residents. 

This law focuses less on how data is used and more on providing customers control over their information and the ability to permit corporations to use specific data. If your business does not adhere to GDPR guidelines, it may be subject to fines of up to €20 million or 4% of worldwide revenue (depending on which is higher). 

Authorities in charge of data protection have regularly shown that they can impose sanctions. For instance, British Airways was penalized up to €200 million for a data breach in September 2018. Between 2014 and 2018, Marriott International also received a punishment of more than €99 million for a data breach.

Here are the main types of data covered under GDPR: 

  • Name 
  • Photograph 
  • Email Address
  • Postings on social media
  • Personal medical information
  • IP Address
  • Bank information

GDPR emphasizes three key areas:

1. Explicit Consent: Before using cookies to analyze a customer's online actions, businesses must get and record the customer's explicit consent. They must provide clients with the opportunity to adjust subscription choices and a straightforward opt-out process.

2. Data management: GDPR allows consumers to:

  • Know what data has been gathered about them
  • Update the information gathered
  • Request the deletion or erasure of data

3. User Privacy: According to GDPR, personal data is any information that pertains to a person who may be identified either directly or indirectly. Therefore, companies must conform their privacy policies to GDPR specifications and provide documentation of the legal justification for handling customers' personal data.

Impact of GDPR on B2B Marketing Efforts

GDPR has demonstrated how seriously governments are treating data privacy and protection, even if you don't process any data of EU individuals. For instance, The State of California approved legislation to safeguard the personal information of California citizens. In the future, additional states will probably enact legislation of a similar nature, and perhaps the federal government will do the same. Additionally, GDPR has increased customer awareness of how their data is utilized.

The main misperception regarding GDPR is how it would affect B2B businesses. Since GDPR deals with personal data, many B2B businesses believe they are exempt from the regulations. However, identifying someone from their work email address makes it possible to classify it as personal data.

Prior to GDPR, businesses used customer email addresses for a multitude of purposes, such as adding them to a mailing list, utilizing them for analytics, or even selling them as leads. Currently, if an opt-out is given, GDPR permits the use of personal business data to market pertinent goods and services. In principle, it is comparable to permission-based marketing in that businesses must obtain the customer's explicit permission before utilizing email addresses or other personal information.

How Can Businesses Engage in GDPR Compliant Cold Emailing?

The GDPR does not prohibit cold emails, and there are rules that your emails must adhere to. Keep in mind that the underlying goal of its enforcement was to stop unethical digital marketing tactics and safeguard people's privacy. In other words, if you approach it correctly, you may send cold emails to prospects. However, how you collect, handle, and store the data must be more carefully considered.

Most likely, your sales staff would need to make certain adjustments in order to comply with the GDPR. In case you are wondering how you can send cold emails while staying in compliance with GDPR guidelines, don't fret anymore. Below is an outline of how to prospect while staying compliant with the set guidelines, which we will explain in detail in the next section:

  • Check that your prospecting is appropriately targeted 
  • Clearly describe genuine interest in your email copy
  • Provide a quick and simple method for opting out or unsubscribing 
  • Continually clean up and maintain your database
  • Write an informative response to GDPR questions and complaints

Since the GDPR has been in force, cold emailing has become more successful. Now, the spammers, phishers, and fraudsters must pay a steep price for their actions. This is because the GDPR places a strong emphasis on preventing unauthorized use of people's personal data. Therefore, while sending cold emails, you must adhere to GDPR regulations. 

It could appear difficult to develop a cold email campaign that complies with GDPR. However, the truth is that you are only adjusting your present email strategy by including additional adequacy, correctness, and relevancy. By doing this, you can confidently abide by the GDPR's rules. In reality, you will engage more consumers at the right moment and get better leads with GDPR-compliant cold email. And eventually, you'll be able to complete more sales more quickly since you'll have a list of prospects who will find your goods or services useful and are more inclined to buy. It's a short term pain with a long term gain.

How to Prospect while Staying Compliant 

The GDPR has undoubtedly changed how B2B businesses prospect for customers. In the previous section, we outlined techniques that can help you prospect while staying compliant with GDPR rules. In this section, we will explain them in detail. Let's take a look.

1. Personalize Your Sales Outreach

In essence, lead generation and prospecting involve gathering personal information for use in sales efforts. Well, the GDPR requires lead generators to take more care and precision in handling personal data, but it does not prohibit prospecting or lead collection. According to the guidelines, the personal information you collect must be relevant and sufficient for the intended use. 

You shouldn't just add every customer to your email marketing lists just because you have their email address. They must choose to join an email list, accept the terms and conditions of data usage, or opt-in.

Additionally, you need to have a legitimate interest as to why you are contacting them. You must have some justifications to demonstrate that there is a genuine cause to contact the prospect, such as:

  • Your product or service will support the prospects' objectives.
  • Your product or service will complement the prospect's recent investment in growth.
  • They come from the same sector as your prior customers.
  • You learned about the prospect through your network.
  • Your prospect is looking to grow in a sector related to your offering.
  • Your potential customer inquired about or looked for information about your goods and services.

Failure to provide a legitimate reason as to why you are contacting a prospect could leave your business exposed to risks of hefty fines as a result of breaching GDPR guidelines. What's worse is your business could be marked as spam which could lose you potential sales and tarnish your business's reputation.

Verify that all customers you intend to distribute marketing materials to have accepted a user agreement. Having a privacy policy page on your website is, therefore, critical so consumers can learn how you will use their data. This page also indicates to interested parties that you are GDPR compliant.

2. Ensure Your Prospecting Is Well-Researched, Targeted, and Appropriate

Don't ask for any data if you don't intend to utilize it. If you want to email someone, avoid requesting their phone number or address. Be very detailed when deciding who your categories and ideal prospects are. For instance, if you come across a group of individuals with opinions on goods or businesses like yours, they may be potential customers.

Those more inclined to buy your goods or service must be the only ones you contact. According to the regulation, if a prospect is shocked to get an email from you, they are not a relevant prospect for you, and you may be in violation of the GDPR.

In some circumstances, you may need to invest the time to learn more about your prospect and provide background information in your email copy. Some of the areas you can get first-party background information include:

  • Website About Section: A wonderful place to gather fresh leads is on websites. With GDPR requiring you to legally explain the personal data you acquire from website users, now is the time to assess the sort of information you collect if you use a web form to collect contact information.
  • LinkedIn and Twitter: The good news is that you can still identify and communicate with potential clients on social media networks despite GDPR. You may continue to use social media as a component of your entire sales plan, whether you opt to actively contact new prospects or engage with existing clients online and solicit recommendations.

3. Make It Quick and Painless to Unsubscribe or Opt-Out

You must explain to your receivers how to employ their rights of deletion and limitation. It is crucial to include an "unsubscribe link" at the bottom of your emails to maintain compliance across your records.  

In the email's footer, you may add a statement such as: "our campaigns are free to reply to and if you are not interested, reply 'not interested, and we will delete you from the mailing list and database." So, if the recipient requests that you remove their data, you should do so.

Whichever opt-out approach you choose, you must make sure of the following:

  • Clarity exists
  • The prospect can easily unsubscribe by taking no more than two steps.
  • Once a deletion request is received, you promptly erase a prospect's data.

4. Regularly Clean or Maintain Your Database /CRM

GDPR mandates that you discard outdated or erroneous contact information from leads. This is a fundamental part of making your cold emails GDPR compliant. You must routinely remove non-active or uninterested leads from CRM databases. You should also verify that all your contact information is up to date and categorize and tag your data correctly to keep track of how you have acquired and used personal information.

5. Have a Process for Fielding GDPR Complaints and Questions

Lastly, be prepared for some resistance from your prospects. You're bound to rile up some people with your email. But, naturally, if your targeting is precise and your language is courteous and helpful, your offer could help you succeed. Prospects may, however, become hostile after a few incidents.  

Nobody likes having their personal space invaded. They may inquire how you obtained their information and what other facts you may have. Be prepared to address these inquiries from potential customers:

  • "Where did you source my personal information from?": Describe how you obtained their information, why you believed it was acceptable to get in touch with them, and why you believed they would be interested in your offer.
  • "Do you have any other information on me?": The GDPR promotes your prospects' rights to information and access (subject requests). So if requested, you must share the data you have gathered and describe how you handled it.
  • "Why are you emailing me in the first place?": Context is necessary for your reasonable interest. Explain why you believed they were the right person to contact if your service has no direct connection to the company's bylaws.

GDPR Sales Prospecting in Practice 

As we earlier stated, you must explain why you are contacting a prospect. The GDPR permits data processing in the following six situations:

  • Consent: When the customer agrees to let you use his information.
  • Contract: When a contract exists, allowing you to process the prospect's data.
  • Legal requirement: When the law directs you to process a prospect's data.
  • Defend a crucial shared interest: Processing data is necessary to safeguard a crucial shared interest.
  • Public Interest: When processing data is required for the public good
  • Legitimate Interest: When both parties profit from the data processing

In this section, we will show you actionable templates that you can use to scale up your marketing efforts while still staying compliant with the GDPR guidelines.  

Personalizing Sales Outreach

If a prospect has never been in touch with you before, you should show in your outbound sales email that you have made an effort to call them before contacting them. The sample below clearly indicates that there has been no attempt to contact the recipient by phone and, as a result, comes under direct marketing communications.


My name is [Your Name], and I am the [Your company role] at Company XYZ. We specialize in database and direct response marketing, which can improve the reputation of your business and concurrently attract new customers in real-time.

We collaborate with our clients to create a perfect customer profile before distributing their material to subscribers that fit their requirements.

Would you be open to a brief telephone call to explore whether this would be a helpful tool for you and your company's demand strategies in 2022?


[Your Name]

[Your Role]

Company XYZ

[Your Contact]

[Your Business Email]

If you do not want to receive any more messages from this sender, please click on the link below and submit your request to unsubscribe. [Unsubscribe Link].

You will receive an additional email confirming your unsubscription.

Before sending such sales outreach emails, you must first obtain the prospect's permission. Otherwise, you will fail to adhere to the GDPR, which could cost you dearly, especially when the recipients file a complaint against you.

Nonetheless, you can continue to send cold sales pitch emails to prospects (i.e., a legitimate interest) if the email is delivered to a single recipient rather than a list of recipients (and if it includes an unsubscribe link, it's probably automated), and if it has a link to your privacy statement outlining the reason you are contacting the prospect in the first place.

Storing of Personal Data

GDPR guidelines dictate that you have to inform your customers that you have their personal information, how you intend to use it, and how you intend to store it. Below is an example template for a cold email telling recipients that you have their information:


We wanted to let you know that we have your contact information in our CRM database. The information includes your name, email address, phone number, business information, and job title. 

We do this so that we can better serve you in the future. Your data is safe, secure, and consistent with the current regulations.

If you have any questions, don't hesitate to get in touch with our customer service staff or respond to this email and let us know.

Visit this page to view our privacy statement [insert link].


[Your Name]

[Your Role]

[Your Contact]

Reference Emails

Asking your current customers for referrals or suggestions to others they know who could be interested in your product or service is one of the most effective strategies to find new clients. Today, you may easily call or email new prospects recommended to you by current clients.

Asking a current client to introduce you and explain why they are doing so is one of the finest strategies to reach new prospects through recommendations. Additionally, sending an email ensures that the introduction is digitally captured. Naturally, not every client will want to send you an email for your benefit.

Below is a template that your customers can use to refer you to other customers:

Hi [Recipient Name]

I have been a client of [Your Company Name] for over 7 years now. Our revenues have risen by more than 18% ever since I began utilizing their CRM platform. I know you've been searching for a CRM solution for some time, so I figured putting you and [Your company name] in touch would be best.

Jon, meet [Recipient Name]. He/She is [Their Role] at Company XYZ and has been looking for a CRM solution for the past four months.

[Recipient Name], meet Jon. Jon has assisted my team and me with implementing and training using their CRM solution and is my point of contact at [your company name]. I'm introducing you both because I think the two of you will get along well.

Jon, I'll hand the reins over to you.

Warm Regards,

Jane Doe.

The GDPR guidelines permit you to call and email prospects if you base your calls and emails on the recommendations of current clients.

Adapt or Die

There is no escaping the GDPR guidelines, especially when it comes to sales prospecting and marketing. However, in the end, it's for the better. GDPR pushes you to concentrate on establishing connections and selling to individuals who truly want to hear from you, as opposed to attempting to sell to new prospects who are not in the market to buy. In the long run, GDPR should simplify your job because it allows you to concentrate on excellent prospects rather than many prospects.

Whether or not GDPR directly influences your organization, it's crucial to comprehend what it implies for B2B cold emailing. By putting the GDPR safeguards discussed in this article into practice, your company will remain secure while also improving customer satisfaction and marketing efficiency.

At Opensense, we provide organizations with GDPR-compliant email technology to safeguard corporate email practices. Our team of experts help marketing, sales, and compliance teams easily enforce real-time email compliance and manage dynamic disclaimers in accordance with regional, national, and state laws. Are you embracing the post-GDPR environment squarely? Book a demo to learn more on how you can make your employee emails compliant.

Was this helpful? Share the love.
View all posts