How to send B2B cold emails in a post GDPR world

min read

Follow these 5 principles to send cold B2B emails and stay in line with the General Data Protection Regulation


Follow these 5 principles to send cold B2B emails and stay in line with the General Data Protection Regulation 

History is full of dates that mark a turning point for the people that make up the world. For some, it was the fall of the Berlin wall. Others, the date that marked independence. For many marketers, that date was May 25th, 2018.

The GDPR came into effect on May 25th, 2018. It promised to put an end to spammy digital marketing practices with a staunch position on the protection of individual privacy rights. Any marketers who found themselves on the wrong side of the GDPR could face intense fines of up to 20 Euros. Many digital marketers saw this as the death kneel of email marketing and cold communications, and many still avoid cold emailing for fear of breaching the GDPR.

However, we’re here to report that the death certificate of cold emailing was grossly exaggerated, and cold emailing is, in fact, alive and well - at least in the B2B sphere. To be more precise, email marketers simply need to follow five principles to send cold B2B emails.

This blog post will guide you through these five principles you need to adhere to in order to send cold emails in a post GDPR world.

5 principles to send cold B2B emails

The GDPR was never about protecting businesses or preventing cold emailing in general. Above all, its main goal is to protect the personal data and privacy of individuals. In other words, businesses and business emails are, largely, fair game.

These five principles are all digital marketers need to stay GDPR compliant and send out cold emails to prospective leads. However, we would like to point out that we are not lawyers, and that the advice here should never constitute as legal council - just as a general guide to help panicked marketers regain some control over their campaigns.

So, without further disclaimers, let’s take a look at the 5 principles.

  1. Always choose the right prospect and data
  2. Always explain your reason for contact
  3. Always provide an easy and quick way to unsubscribe / Opt-out
  4. Always maintain your database
  5. Always have an answer to complaints and questions

Sounds simple, right? Well, each of these principles has a little more going on than on face value. Let’s take a more in-depth look at what we mean by each one below.

1 - Always choose the right prospect and data

If you’re like any digital marketer, you’ll believe the right prospect is anyone who would buy your product or service. For the most part, that is correct but overly simplistic. 

Marketers who want to stay in-line with the GDPR and still send cold emails must be mindful of two aspects when selecting who they’ll be contacting and the kinds and quantity of data that they will be collecting.

These aspects can be addressed by looking at two factors: adequacy and relevance.


The amount and type of data need to be strictly necessary for your purposes. In other words, you can’t collect information that you don’t plan on using. E.g. if you don’t intend on calling your leads, you can’t collect or ask for their cellphone number.


Relevance refers to contacting only prospects who would buy your product or service. If your targeting is accurate, then you shouldn’t have to worry about this aspect. As a general rule of thumb, if your prospects are surprised to hear from you, then your prospects are most likely not relevant and you could be in contravention of the GDPR. 

In short, when choosing the right prospects and the data you collect from them, you have to be very precise in selecting your ideal prospects. All the data you collect from them have to be used to help personalise your marketing to be something interesting and useful from their perspective - not yours.

2 - Always explain your reason for contacting and processing

The GDPR allows data processing under six circumstances:

  • Consent - the prospect has given you permission.
  • Contract - you have a contract that obligates you to process your prospect’s data.
  • Legal obligation - the law instructs you to process your prospect’s data.
  • Protect vital interest - there is a mutual vital interest at stake that encourages processing.
  • Public interest - there is a public interest at stake that encourages processing.
  • Legitimate interest - there is a clear benefit to both parties to process data.

No matter which is your reason for contacting and processing your prospects, you must address it in your communications. Most of the reasons above are pretty self-explanatory and you would know which you fall into, however, ‘legitimate interest’ is often a subject of confusion - and the most useful for cold emailing.

Legitimate interest can be contested by your prospects, which means it can often be up for interpretation. Because of this, you need solid reasons to prove you have a legitimate interest. Some of these reasons include:

  • Your offering would support your prospect’s goals.
  • Your prospect has recently invested in growth and your offering supports that growth.
  • Your past clients are in a similar industry or have a similar offering to your prospect.
  • You were referred to your prospect from your network.
  • Your prospect is expanding into a relevant area for your offering.
  • Your prospect has asked for any information or begun a search relevant to your offering.

In order to explain mutual legitimate interest to your prospect in your cold email, there are key pieces of information to include:

  • A statement informing the prospect how you have processed their data and what data you have processed.
  • A short explanation of the reason for this.
  • Clear instructions the prospect can follow to change the processed data or demand the removal of their data from your list.

An example of these pieces of information working together in your email would be as follows:

“Hi Sarah, I noticed that your company has recently expanded into Switzerland due to the LinkedIn press release you shared a few days ago (statement).
My company conducts extensive demographic research on the region and understands the business customs that are often misunderstood by businesses outside the country. I believe that our services would be beneficial to your company’s efforts (explanation).
Feel free to send me a message if you agree or would like some more information. Alternatively, if you want me to change the data I used to contact you or remove your data from my list, just reply ‘No thanks’ and I’ll remove you from our database (instructions for removal).”

In addition to this, it’s important to ensure that an opt-out or unsubscribe mechanism is clear and visible at the bottom of your email.

3 - Always provide an easy way to unsubscribe / Opt-out

The GDPR nearly enshrines a prospect’s right to erasure - that is, their inalienable right to demand you erase their information and never contact them again. In terms of marketing lingo, we have to always provide and notify our prospects of a straightforward and quick way to opt-out.

The simplest way to do this is to include an unsubscribe link at the bottom of your email. Another way is to simply outline how prospects can unsubscribe directly with a statement in an email footer such as “If you don’t want to hear from us again, just reply ‘No thanks’ and we’ll never contact you again.”

No matter how you go about it, your opt-out strategy should always be:

  • Clear - do not be vague.
  • Easy to follow - at most it should be two steps to unsubscribe.
  • Enforced - you have to take requests seriously and delete their data immediately.

4 - Always maintain your database

In addition to removing prospects that have opted out or unsubscribed, the GDPR states that marketers cannot retain information for months of inactive or inaccurate contacts. You must therefore regularly audit your CRM database and contact lists and send out re-engagement emails where necessary.

It’s also important to secure your database and take all the necessary steps to keep your processes and systems safe. Physical access control, system access controls, data access controls, transmission controls, input controls, data backups and data segregation will go a long way to prove that you have not been negligent with your prospect data.

5 - Always have an answer to complaints and questions

People can be very protective and sensitive about their data - and for good reason. You’re more than likely to encounter your fair share of unfriendly responses and hostile reactions whenever you cold email prospects - that’s just part of the game.

Some of the questions or comments you will encounter are below. We’ve included a canned response to each to help inspire you to create your own responses.

What gives you the right to email me?

If you’ve followed our previous principles, you should be well within your rights (as far as the GDPR is concerned) to contact the person in question. However, you must remember that you are still dealing with a person and your communications may contain their name, making it personal. A good response to this is to highlight the legitimate interest angle:

“We collected and processed your contact information on the basis of legitimate interest. Given how our offering has been beneficial to companies like yours in the past, I believed our offer could benefit you.”

Where did you get my information from?

This is another common response that can be easily dealt with by noting public or openly available information, such as websites, online directories, LinkedIn or articles. Truthfully addressing the question is the best possible response:

“I found your email address on your company’s website that was linked from its LinkedIn profile. Your company fits our typical customer profile, so I wanted to get in touch.”

What information do you hold about me?

The GDPR expressly enforces peoples’ right to have complete control over their data and who has access to it. This means that if you are asked, you have to provide all the information you have collected and how it has been processed. An answer to this may include:

“We have your name, email address, company name and job title on record and nothing else. You are well within your rights to request that we delete this from our database if you are not interested in our services or wish us to do so. Your data is not being held in any other database or being resold, and we guarantee that we will delete it upon your request.”

Get to sending

Sending cold emails doesn’t have to leave you out in the cold in a post GDPR environment. In fact, cold emails are probably more effective now than ever with legitimate scammers, spammers and phishers being liable for intense fines. By following the 5 principles above, you can continue to cold email prospects and generate new business and revenue for your company. 

If generating new business and revenue for your company is one of your objectives, consider Demodia. 

Demodia has over a decade of digital marketing experience within Europe and abroad, and has created stellar marketing campaigns across industries. As a marketing consultant, Demodia has generated success through hard-won knowledge and experience in digital marketing. 

Contact Demodia today, and begin your journey towards more leads, more sales and more success.