How to Stay GDPR Compliant While Sending Cold Emails?

Published on November 16, 2020 by Sushant Shekhar


Cold emails are a way to communicate with a list of prospects, by using email as the key approach of communication.

Many times cold emailing is considered spam. Some salespeople belive that the General Data Protection Regulation (GDPR) does not allow cold emailing. But, it’s not like that; the goal of GDPR wasn’t to stop cold emailing but to make businesses GDPR Compliant.

For your business, you can send cold emails if you do it in the right way. You just have to be more careful about the method you gather, manage, and store the data you use to send them.

What is GDPR?

General Data Protection Regulation is a legal regulation issued by the Council of the European Union (EU) and The European Parliament in the year 2018. The main purpose is to protect the personal data of EU citizens.

To be GDPR Compliant, companies need to be more aware of the method they handle and use personal data, which includes, among further things such as-

·       Names

·       Phone numbers

·       Email addresses

·       Mobile device IDs

·       IP addresses

Stay GDPR Compliant While Sending Cold Emails

So, here we are giving you some best practices while sending cold emails to stay GDPR compliant.

I. Make sure you have an appropriate reason and the prospect is targeted

Under the GDPR, the personal data you gather should be adequate as well as significant to the purpose of its processing.

For example, if you find a group of people sharing their views on products or companies which are similar to you, they are your possible prospects.

If you are not planning to use any data then don’t ask for it.

Basically, if you are planning to mail then don’t ask for their phone numbers or address. Make sure that you are very specific in choosing who your ideal prospects are and who your segments are.

II. Should be able to explain from where you get someone’s email

Ensure that lists you buy and the emails you find are fully compliant with the new regulations. Keep a record of how and why you have collected and processed data.

If the question arises, where do you get my email from? Then, you should be able to explain from where you got that email address.

Thus, to cover all GDPR bases, some things should be kept in mind. Like, be clear about how did you find their information. And, if they ask to delete their data then you have to delete it. Unsubscribing the link is not enough, so delete it in real.

III. Explain Legal Interest in Cold Email Copy

Under the GDPR, legal interest is one of the 6 lawful bases of processing data.

The ICO (Information Commissioner’s Office) is responsible for enforcing the data protection legislation in the United Kingdom and describes GDPR as the most correct basis when the processing is not compulsory by law but is of clear assistance to you or others.

Using legal interest for processing data is only legal if your interest balances the right to privacy of a person. Not hold the personal information of an individual longer than needed. Many marketers like to send a cold email after the preliminary engagement.

When you collect personal data like an email address, you need to inform the individual that you have stored it.

For legal Interest, you can check if any of your past clients are in an alike industry or have a similar offering. Look up the LinkedIn profile or website of a company and make sure to see if you’re offering would support their goals. In addition, look for recommendations or information from your network.

To include Legitimate Interest in your email copy, there should be:

1. A statement informing the addressee how you have processed their information or data.

2. A brief account of why you are processing it.

3. Instructions the receiver can follow to change the data you process or ask for the exclusion of their data from your list.

So, these three points should be added in the disclaimer copy of your cold email.

IV. Unsubscribing process should be easy and quick

If you are sending cold emails you need to notify your recipients how to use their right to removal. Recipients need to get an easy and quick way to unsubscribe.

An ‘unsubscribe link’ is very important to be added at the bottom of your email and make sure compliance across your records. An automated unsubscribe link is the most important as well as a basic element of the cold email.

The best for the recipients to opt-out is using the “unsubscribe link”. Moreover, you can also write in the email footer that “our campaigns are free to reply and if you are not interested then reply ‘not interested’, we will remove you from the mailing list and database”.

Hence, if the receiver asked you to delete their data, then it should be deleted.

V. Maintain Your Database regularly

GDPR also means that you should not be holding onto leads for a long time or incorrect contact information. CRM database must cleanse regularly inactive or unresponsive leads.

The contact records must be checked that is fully up-to-date, tag your data to trace how you have collected and processed personal data as well. So, it is advised to remove the leads you no longer require and replace them with active contacts with correct contact details.

Sometimes, you may need to team up on a piece of content with a different company. In this case, you need to notify anyone who subscribes about your intention to share the subscription list with your collaborator.

VI. Data Security must be practiced

GDPR’s main aspect is Data Security and needs to be in focus if you are storing personal data.

Following are some points to keep in mind while sending cold emails:

1. Keep records of levels of authorization, by this method you have documents to present if questioned.

2. Keep the data of information as long as you require it.

3. Always make sure that the systems and software you are using have taken steps to become completely GDPR compliant.

4. Making certain any data you’ve stored is protected while you process it.

5. Also, encrypt and anonymize data where possible.


Sales prospecting has changed since May 2018. GDPR forces you to focus on building real connections with people that actually want to hear from you. It is not about limiting the way you prospect and generate new business. In fact, by being GDPR Compliant, you will reach more customers at the right time and generate better quality leads too.  

About Author

Sushant Shekhar

Founder of

Related Posts