How To Stay GDPR Compliant While Cold Calling?

Have you ever dabbled in the world of LinkedIn automation to scale outreach? It's quick, efficient, and oh-so-tempting.

But LinkedIn doesn't appreciate such tools. If it discovers you're using one, it can take actions as strict as banning you from the platform permanently. With consequences this dire, do you play by the rules or risk a shortcut?

Making cold calls while being GDPR compliant can feel much like it (albeit with bigger stakes). Sure, you can call your European prospects without knowing the GDPR rules. But just one violation can take your outreach to the dump.

So, if your bread and butter depends on making B2B cold calls in the EU, you must understand GDPR and how it affects your sales calls. This blog covers GDPR and the best practices for sales teams when cold calling under them. But first things first.

What Even Is GDPR?

The European Union enforced the General Data Protection Regulation (GDPR) in 2018 to modernize outdated data protection laws. Think of it as a superhero that protects the data and privacy of EU citizens.

It prevents data misuse, protects individuals' rights, and ensures new businesses follow all recommended best practices when handling personal data.

But why does GDPR matter when cold calling? 

Spoiler: You’re using your prospect’s personal data (their phone numbers) when cold calling them in the EU. Since such data falls under the purview of the GDPR, you must comply with the rules while cold calling. 

This means being extra careful about sourcing prospect data and using it mindfully. Why?

Because breaching these rules can attract penalties. You can be fined up to 4% of your annual revenue or €20 million, whichever is higher. Here’s a piece of news to give you some pause: The Information Commissioner's Office (ICO), UK’s data privacy upholding body, has slapped 2 businesses with a whopping  £180,000 fine for making unsolicited calls. 

This begs the question–

So, Is Cold Calling Allowed Under GDPR?

Cold calling is allowed under GDPR if you go by the book and don’t annoy prospects. While it’s a blurry area with rules that overlap one another, here’s the general rundown: 

According to GDPR, you have to ensure the following before picking up the phone to call your prospects:

• They have consented to receive the cold call: That means they shouldn’t just know they’ll receive communication from you. They must also know what kind of communication to expect, and how you will use their data before consenting.

So, you’ll have to pay special attention to how you gain your prospect’s consent. Whether you ask for your prospect's information to add them to a mailing list or you ask them to fill out a lead form, you must mention that their data will be used for sales cold calls. Even better if you can maintain a record of this consent to demonstrate compliance.

Additionally, you must also ensure your prospect’s number isn’t listed on any ‘do not contact’ (DNC) list of people who don’t want to receive sales calls. Note that these lists can vary by country, so you’ll need to check for your prospect’s contact details in their regional DNC registry before calling them.

• They have the power to opt out of your communications: It doesn’t necessarily have to be an unsubscribe button. If they reply to you by saying ‘No thanks’, you must respect their decision and drop their contact data from your database.
• You have a valid reason to call them: This means you can cold call your prospects to sell products or services relevant to them as long as it doesn’t override their desire to not be contacted—that is, they’ve explicitly expressed they do not want to receive communication from you or your brand.

In simple terms, you can cold call a prospect in the traditional sense unless your prospect opts out of cold calling. As Aksa Kalam, Cognism's Head of Legal, puts it: “When you have legitimate interest, you’re not calling up to waste their time or push a product that they have no use for. Of course, no reputable B2B sales team should be doing that anyway!”

If you thought cold calling in the EU was strict, cold calling in the UK is stricter. For perspective, the 2 businesses that had to pay a whopping £180,000 fine were based in the UK. And they didn’t face the ax because of non-compliance with GDPR, it was because they didn’t comply with cold calling laws in the UK. Below, we’ll explain everything else you should know before placing the cold call.

What Cold Calling Laws Should You Be Aware of in the UK?

In the UK, you should be aware of 2 primary laws to make legally compliant cold calls: 

• PECR (Privacy and Electronic Communications Regulations)
• GDPR

1. PECR 

PECR is a set of regulations that govern electronic communications in the UK. This includes marketing activities, like calls, texts, emails, and faxes. 

Non-compliance with PECR while making cold calls can bury you under penalties as high as £500,000 and damage your company's reputation. 

To avoid this, here are 3 things you must follow:

• Disclose the Right Information: 

When cold calling prospects in the UK, you must disclose information like your identity, the purpose of the call, your caller ID or freephone number (or a valid alternate contact number), etc. The idea is to allow prospects to make an informed decision about future communications. 

Note that some callers may ask for additional details to contact you later. In that case, provide the necessary information.

• Respect Their Objections: 

If they clearly express disinterest or explicitly request not to be contacted further, drop them. Don't bank on the hope that they might change their mind later. 

Why? Because disregarding their objections and continuing shoving your product in their face would be a straight-up PECR violation.

• Check the TPS Registry

The Telephone Preference Service (TPS) is a database of people who don’t wish to receive marketing calls. The PECR mandates you to check this database before making outbound sales calls to prospects in the UK. If you find their number on the list, avoid calling them unless you have their explicit consent or they’ve opted-in to receive a phone call from you.

If you’re making a cold call to a business, check the Corporate Telephone Preference Service (CTPS). Doing this helps you avoid contacting businesses who don’t want sales communication.

Remember the 2 businesses that were fined £180,000? They made 480,000 unlawful telemarketing calls despite receiving multiple warnings from the TPS. Unfortunately for them, the UK takes such violations seriously and is committed to protecting their citizen’s interests and privacy.

P.S: You can make live sales calls to prospects not listed in the TPS or CTPS unless you’re marketing claims management services. Plus, you can only make marketing calls for pension schemes if you meet specific criteria.

This means you must screen your call lists against the CTPS and TPS. But you must also ensure a legitimate interest in contacting your prospects. 

2. GDPR

GDPR doesn’t directly regulate cold calling. But it does govern how you use customer data to make cold calls. To make GDPR-compliant cold calls in the UK, you must fulfill any of these conditions:

• You have their clear and explicit consent

This means the prospect has willingly given you the green light to contact them via phone. 

• You have signed a contract with the customer 

You can cold call a prospect even if they have not consented to it when it is required to fulfill a contract with them. For example, calling them to provide information or services they requested.

• You allow them to opt out

Give your prospects easy options to opt out of the cold call. If they do, make sure you delete their data to avoid landing in legal trouble later. While these conditions may seem discouraging, one situation can make cold calling easier - when you have legitimate interest.

• You have legitimate interest

As a business, you have a legitimate interest in contacting prospects via cold calling. But only if they are genuinely your target audience. 

“If they are interested, then they will likely not feel that their privacy is violated to a great extent, and this means that your ‘legitimate interest’ will prevail,” according to Martin Ojala, Pipedrive’s GDPR expert.

Note: Legitimate interest can be overridden by the prospect’s right to ‘not be contacted.’

TL;DR: How to Cold Call Prospects in the EU?

Cold calling in the EU is not as scary as it seems. There is no direct governing law. All you need to do is be mindful of GDPR and PECR laws and keep these points in mind:

• Have a valid reason when reaching potential customers, i.e., you must establish legitimate interest. If you’re a B2B salesperson, chances are you’re already doing this as it is standard industry practice to target prospects who will benefit from your product.
• Obtain explicit consent from the prospect before contacting them for marketing purposes. This can be by ticking a box on your lead form, providing a phone number for marketing messages, or sharing their email address for email marketing. If you’re obtaining lists from prospecting tools, run them through the TPS.
• Check the TPS and CTPS databases before cold calling prospects in the UK. You can make cold calls to individuals who haven’t registered their numbers in the TPS or CTPS and haven't objected to your calls in the past.
• Allow prospects to opt out of your communication. If they say they’re not interested in continuing the conversation and do not wish to be contacted again, drop them from your list immediately.

P.S.: If you’re obtaining caller information from third-party sources, check if your prospect’s consent is valid, and if your source has obtained the data ethically and legally. This is the surest way to avoid penalties.

FAQs