No, it’s not illegal to send cold email: 3 quick steps for GDPR

As someone who helps people with their email outreach, I get asked a lot about GDPR and if emails are still allowed. 

So is sending cold email campaigns illegal according to GDPR? No, sending cold email is not against GDPR and it is not illegal. It also only pertains to citizens of the European Union. If you think that you need to be compliant, just remember:

• Be able to show how you got your target’s information
• Be clear about why you are reaching out
• Offer an easy opt-out from future communication

If you are just doing business within the US, then worrying about GDPR as a whole is not that crucial. Ironically though, GDPR provisions actually act as a pretty good framework for sending cold outreach emails, even if you aren’t worried about compliance. 

Know where you got the information

GDPR Issue: This tends to be the number one complaint from people filing GDPR violations: they do not know how the sender got their information. 

This is a fair complaint and can be solved by knowing where you get your targets’ contact details. 

Solution (and good cold outreach practice): First and foremost, don’t buy lists of B2B prospects. The old spray and pray is useless and a waste of money. Plus you will ruin your domain reputation from all the bounce backs. 

But since you need to know where you got the contact details for GDPR, 3rd party vendors are not considered acceptable use of data. 

Do your own prospecting or at the very least take the money you were going to use to buy lists and hire someone to prospect for you on a contract basis. 

Be clear why you are in contact 

GDPR Issue: Much of GDPR is about consenting to how your data is used. Very few people would ever consent to be sent spam, regardless of how rich the Nigerian Prince is that is trying to help. 

As a result, there needs to be what has been labeled as a legitimate interest. You need to put in your email why you have contacted them specifically and mention why you think that you can help. 

Solution (and good cold outreach practice): To stay in the good graces of GDPR compliance, you have to have a legitimate reason to be contacting someone through cold email. Hence why they call it legitimate interest. 

In reality, if you are following good (if not basic) cold outreach practices, this is the lowest bar imaginable. 

Your targets have to benefit from your services and you need to be able to communicate that in your email, which should be the basis of any good email campaign. You should be able to easily draw a line through your services, how you help the target specifically, and the value that you can provide them. 

Some things to consider as you build up your ideal target, that will help give you the legitimate interest that you need: 

• What does the company do
• What is the target’s role within the company
• Where are they located
• How big is the company compared to your clients
• The industry they operate in 
• The challenges you see in that industry
• The other solutions available and how your solution compares
• Were they recommended to you by a current prospect or client
• Have you met anyone at their company before

These are just some possibilities of what legitimate interest looks like. If you run targeted campaigns and have an ideal client profile, then this will be no issue for you what so ever. 

If however, you are used to mass emails that have little strategy, this is a great time to slow down and really figure out who your product or service is for. This will more be for your business’ sake, not even GDPR.

Allow people to not hear from you again

GDPR Issue: In all of your lives, we come across people who we don’t want to hear from again, nor do we want them to have our data. 

So it makes perfect sense that as a part of GDPR, there is a provision for people to opt-out of hearing from you again. 

Many articles and people will say that this means that you need to add an “unsubscribe” link or button to the bottom of your emails. 

While this is by far the easiest option both for yourself and your target, it may not make the most amount of sense for what you are trying to accomplish.

Solution (and good cold outreach practice): Giving your email recipient a chance to opt-out is much different than having an unsubscribe link at the bottom of your email. 

First off, the general rules state that the ability to opt-out must be: 

• Clear
• Easy
• Requests to remove data must be completed

Being clear is easy. You can have that unsubscribe link, or you can have a sentence in your message that says “if you do not wish to be contacted again, please respond to this email with a “no thank you”. 

With cold outreach, I would recommend staying away from the unsubscribe link/button option. First off, linking to an outside page from the email can and will hurt your overall deliverability. You increase your chance of ending up in spam, especially if this is the first email record. 

Also, with our cold outreach, we are trying to have our emails look just like a normal email. They get read more that way. So if there is a big unsubscribe link at the end of it, it will more likely get casted aside. 

In terms of being easy to opt-out, it should be one simple step. They shouldn’t have to send an email to another email address or have to click multiple buttons on a confusing website. It should be clear step, either reply with a simple no thank you message or pushing a link. 

The hardest part of this is the act of removing them from your targeted campaigns and deleting their personal data. Most of the time this will be manual, but to remain in compliance, it is an important step. 

Note that not just because you add an unsubscribe link does not mean that the data is automatically deleted from your system, even if your target is no longer in your campaign. 

While this all may seem quite daunting, if you have been practicing basic outreach strategy it will come quite easy and not interfere with your overall message. 

Remember who GDPR applies to: The EU

Keep in mind that GDPR only applies to the European Union, which is far off from every European country. 

In actuality, the EU has just shrunk with the United Kingdom leaving the union because of Brexit. As a result, if you are using email outreach to a target in England, Wales, Scotland, or Northern Ireland, GDPR no longer applies. 

Some other European countries that are not part of the EU are: 

• Russia
• Turkey
• Norway
• Iceland
• Switzerland
• Georgia
• Armenia
• Ukraine
• Albania

And there are more than that. 1 in 4 European citizens are not members of the EU. 

This point is to underline that you should not overtly scare of GDPR and give up on cold email outreach as a result. 

The real focus: a strategy

As we have seen, sending cold email is not illegal under GDPR and if you follow the 3 steps of:

• Knowing where you got your target’s contact details
• Having a legitimate interest in their business
• Giving them a clear, easy, and actionable way to opt-out of future communication. 

The real issues with GDPR are fixed by using solid outreach practices like having an ideal target profile and building targeted lists yourself. 

If you do those two things, you will keep yourself just about in the clear. 

*******

We have a lot more advice over at Pretty Good Cold Emails if you are interested in learning more or if you need help with your next cold email campaign.