5 Simple Steps for Sending GDPR compliant B2B Cold Emails

Updated on June 9, 2022

First and foremost, GDPR (General Data Protection Regulation) is not about businesses or cold emailing. Above all, it’s about personal data protection and protecting individuals. Since GDPR came into effect at the end of May 2018, it is still legal to send businesses sales emails.

However, given that sending such emails involves the processing of personal data, there are some key aspects you need to take into consideration when emailing. In this article, we are going to go over the best practices on how to keep your cold emails GDPR compliant.


Before we start with the content, we need to know which aspects are relevant before sending a b2b cold email.

1. Adequate and Relevant Prospects

Lead generation and prospecting basically involve personal data when doing b2b cold email campaigns. On the other hand, GDPR doesn’t stop people prospecting or collecting leads, it merely demands a greater level of accuracy and care from prospectors. Under GDPR, personal data collected must be adequate and relevant to the purpose of its processing.


Therefore, you need to consider two factors:

  • the adequacy of your data (i.e. how much data do you really need for what you hope to achieve?)
  • and the relevance of your data (i.e. is the data you are collecting the correct data for your needs?)


In order to ensure adequacy, only collect data that is strictly necessary to you as a data processor. Put simply, don’t collect information if you don’t plan on using it.

In order to ensure relevance, if you’re targeting the right person, then no prospects should ever question why you have emailed them.

If your prospect is surprised to hear from you, are the leads you’ve garnered relevant? Make sure you are very precise in selecting who your ideal prospects are, and tailor your campaigns for them.

2. Explaining Your Legitimate Interest

If your prospect is still negatively reacting to your best cold email, it’s time you explain to them the reason behind your email. Often b2b marketers and team members of a sales team are not familiar with the Legitimate Interest.

The ‘Legitimate interest’ covers a wide range of interests, whether of the company, third parties, commercial, or for wider societal reasons. According to the official GDPR sources, Legitimate interest is the most flexible of the GDPR’s lawful bases for processing personal data.


Theoretically, an organization can use personal data which the data subject would expect. This aspect covers, and it’s not limited to:

  • Use of client or employee data
  • Marketing
  • Fraud prevention
  • Intra-group transfers
  • IT security


But, before you call upon the Legitimate Interest and start spamming people with b2b cold emails you should be sure this is applicable. What you should do and never avoid before your cold email outreach campaign is to:

  • Research the company’s LinkedIn profile and/or website to see if they would have the benefit of your product or your service
  • Ask for referrals from your professional network
  • Check for any recent investment/funding if your offer supports growth


It’s important to do some background research on your prospects in the first place and provide some simple context in your emails and not strike them with a boring message.


In order to include legitimate interest in your cold emails and be GDPR compliant, it is important to include three key pieces of information:

  • A statement advising the recipient how you have processed their data.
  • A short explanation of why you are processing it.
  • Instructions that the receiver of your email can follow in order to change the data you process or request the removal of your data from your list.

3. Make it Quick and Easy to Unsubscribe/Opt-out

If you are involved in sending cold email campaigns, you need to inform your prospects how to exercise their right to erasure. In other words, you need to advise people on a straightforward way to opt out.

One way to automate this process is to include an unsubscribe link at the footer of your email copy. Alternatively, you could add some text at the bottom of your email advising your prospect that if they are not interested and do not wish to hear from you again, then they can reply “no thank you” and their details will be removed from your list.

The most important facet of opting out is that it is clear, easy to follow and any requests are physically carried out.

This means when someone asks you to delete their data, you delete it!

It’s therefore vital to create a “do not contact” list of the companies and individuals that have opted out, to ensure they are not contacted again.

4. Cleanse and Maintain Your Database Regularly

As an extension to removing prospects that have opted out or unsubscribed, GDPR states that you must not retain information for months and months or hold onto incorrect information. You must therefore cleanse your CRM regularly of inactive leads. You also need to check that your contact information is up to date.

5. Prepare Replies to GDPR Complaints and Questions

Finally, expect some unfavorable responses or reactions from your prospects. Privacy is a huge topic and some people will not be happy to have received your (cold) emails, even if they are GDPR compliant. Therefore, expect some questions such as:

“What rights do you have emailing me?”

Even though you’ve sent your email to a corporate email address, addressing the company of your lead, it will still contain somebody’s name, making it personal. Your legitimate interest, therefore, needs bringing to the forefront. If your product/service does not relate specifically to your prospect, then explain the reason(s) you thought them a relevant person to get in touch with.

It could be their LinkedIn profile, their website, or a recently shared article related to their online reading habits.


A typical response might be:

“We have collected and processed your data on the basis of legitimate interest. Given how beneficial our (product/service) has been to (company profile/prospect profile) in the past, I believed our offer to be of benefit to you.”

“Where did you get my information from?”

Another expected question. Explain where you found their data, why you thought they were an appropriate person to contact and why you thought they would be interested in your offer. A lot of data is publicly or openly available information, i.e. websites, online directories, etc.

Typically, you might reply:

“I found your profile on LinkedIn as you fit our typical customer profile. I then guessed your email address using publicly available information and ran it through an online verification tool.”

“What information do you hold about me?”

GDPR enforces peoples’ right to be informed and right of access (subject access request), which means if you are asked, you must provide the information you have collected and how it has been processed.

A model answer might read:

“Your name, email address, company name, and job title are the only data that we hold. As per your rights, we will delete this from our database if you are not interested in our services or wish us to do so. Your data is not being held in any other databases or being resold.”

Now that you know about the basics before sending your b2b cold emails and how to stay in the safe zone, it’s time we do a checklist of the most important things you need to cover for your email copy in terms of GDPR:

1. Subject Lines

The first thing people see in their inbox is a lot of bolded sentence lines. How can you get noticed between all these email subject lines? You prepare your catchy subject lines of course! Shorter subject lines with intriguing emoji have proven to increase the open and response rates. Make sure you tickle interest right at the start of your cold outreach.

2. Keep your email copy straightforward

Your cold outreach template isn’t an essay! Think of the customer experience as your guide when crafting your b2b cold email template. Shorter emails keep the customer’s attention the longer (and as we all know it’s very short when it comes to reading cold emails).

Try not to present a new product or present a free trial option of your service in your first email. Instead, introduce yourself real quick, explain to them why are you contacting them, and just insert benefit of the mutual communication. Save your sales pitch for your follow-ups.

3. Don’t use excessive links

The best cold email practices say don’t use links at all! But when in need stick to safe URLs, preferably shorten ones to landing pages containing all the necessary information to what you offer. Links have proven to mark emails as spam, so avoid them as much as possible, if you want your emails to be marked as save.

4. Check if the timing is right

When sending you sales messages, you need to be sure you are doing this at the right moment. B2B prospects are less irritated by sales emails when they are in positive growth within the company, are recruiting or sharing success stories and case studies with their clients, or when they just have free time.

To know the best timing you might need to check their recent activity on the social media profiles or use platforms that provide financial information and show sales triggers for a company. Hitting the best time is crucial for a successful cold email campaign.

You can always ask your recipient when would the best time to contact them.

5. Hyper-personalization is the key

We all have to admit: Anyone that receives an irrelevant email that looks like sent from a bot, and not a person, gets irritated. And why? Cause we all know that zero effort was given to craft those emails and yet some people are still doing it. But don’t give up on email automation yet.

You can still do email automation that feels human-like, presents relevancy, and targets the right people. Hyper-personalization will get you higher click rates and bring you a successful b2b cold outreach campaign if you do it with the right tools and the right B2B data.


How about you use custom images that display the logo of the company of your lead? Or your next email contains a picture of you, virtually sharing a coffee with your prospect, that has their name on it?

The possibilities of hyper-personalization are endless, you just need to use your creativity and don’t send out typical b2b cold emails, which will limit your sales process.


Infographic: 5 steps to GDPR compliant b2b cold emails

Prima facie, it might seem like a lot of work to be GDPR compliant when sending cold emails, but by lead generators adding a greater level of adequacy, relevance, and accuracy, all you are doing is adding a few changes to your current emailing process to make sure that you as a sender, are fully compliant.

Take your time when crafting your b2b cold email copy. Fewer words can say more.

Here are 10 ready-made B2B cold email templates that are not only GDPR compliant, but are also highly targeted.

Author avatar
CMO at Sales.Rocks - Jana believes in analytical approach to marketing and building up a story around it.