Contrary to popular belief, it is still legal and effective to send businesses sales emails under GDPR and CAN-SPAM. This article dispels the myths around cold emailing under the new regulations and gives you some simple, actionable tips to ensure your campaigns stay compliant.

The General Data Protection Regulation is a legal regulation issued by the Council of the European Union and The European Parliament. Its main purpose is to protect the personal data of EU citizens.

GDPR is not about cold emailing. It is not about businesses. It is about personal data protection.

However, sending business emails does mean processing personal data so there are some key things you need to keep in mind when emailing in a post-GDPR environment.

There are 4 keys to sending GDPR complaint cold emails:

1. Ensure your prospect is targeted and relevant
2. Explain your legitimate interest in your email
3. Provide a way for the prospect to unsubscribe
4. Only keep data for as long as necessary

GDPR protects individuals, NOT businesses. The EU states that: “The proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private life and open up new opportunities for business.”The ePrivacy Regulation specifically leaves it up to the individual countries within the EU to decide whether ‘unsolicited commercial communications’ (a.k.a B2B cold email campaigns) should be opt-in or opt-out.

In the UK we have opted to follow PECR (the Privacy and Electronic Communications Regulations of 2003) which means that business to business communications do not require opt-in consent.

Whilst some countries have rules against scraping emails from the internet, Prospect Plus' tool actually guesses and verifies the email address, as opposed to scraping them or buying them, like many other providers. This makes Prospect Plus' cold email service compliant in almost every country globally.

The data we do store on individuals is already available in the public domain. This includes their full name, job title, company, location (as per LinkedIn) and email address.

We take every precaution to only store data for as long as necessary and to restrict access to only those who need access for the purpose of the campaign.