Send Koala

Can I cold email under GDPR

Can I Cold Email Under GDPR?

Using cold email for your lead generation can be a great strategy for our outreach plan. As with many things we do in business, we must ensure we follow any laws in place. Cold email is no different.


Before you launch your cold email campaign, you should be sure you comply with GDPR and other regulations in place.

What is GDPR?

So, first things first. What is GDPR?


GDPR stands for General Data Protection Regulation. This regulation is set in place to help govern companies regarding data protection for individuals within the European Union. There are seven fundamental principles that make up GDPR:


  1. Lawfulness, fairness and transparency- this means what you are doing must be legal and transparent, so you can’t say you are doing one thing just to turn around and do something else. You must follow your own words.
  2. Purpose limitation- you must have a reason for doing what you are doing; you need to have a purpose, and if you gather data, it must relate to that purpose.
  3. Data minimisation- you only collect the data that you need and not excessively collect extra information.
  4. Accuracy– any inaccurate data stored or given must be deleted and not kept as it does not suit the initial purpose for gathering the information.
  5. Storage limitation- personal data gathered can only be kept so that individuals can be identified within a time scope of the initial research. Any time outside of that window, an individual should not be able to be identified.
  6. Integrity and confidentiality- data must be collected and stored so that it is kept secure to protect user information.


Accountability- you are responsible for the information you gather and what you do with that information.

Can I Cold Email Under GDPR?

Yes, you can cold email under GDPR!


You can cold email under GDPR, but you must comply with all points within GDPR.


GDPR is all about regulating data, not cold email or email marketing. This means that you can send cold emails under GDPR as long as the data you collect or use does not violate any safety concerns of the individuals.


This being said, your cold emails need to have a purpose and have targeting that backs your intentions. You can’t simply cold email everyone and anyone in a company. If needed, you must be able to prove that you chose certain people for a specific reason.


To cold email, while following GDPR, you must have a clear way for the recipient to unsubscribe from your emails and then no longer send emails after an unsubscription.


A part of cold email processes also tends to include follow-up emails. These follow-up emails are also fine to send out as long as you continue to follow GDPR compliance.

What Parts of Cold Emails are Against GDPR?

Cold emails violating GDPR is all about your purposes and intentions.


This means if you send emails out without any direct intention aside to send them out without proper targeting, you can prove you may be violating GDPR.


If there is no logical connection between your company and what you are pitching and the person receiving your email, you are breaking GDPR if you gathered the contact information of that prospect without their knowledge or consent.


Another part of cold emailing that can lead you to violate GDPR is if you make it so your recipient cannot unsubscribe from communication or they unsubscribe, and you continue to cold email them. This breaks GDPR standards for cold email.

Frequently asked questions

Yes you can send cold emails to GDPR which are companies that are listed under the General Data Protection Regulation.

Yes GDPR and emails do work hand in hand where emails are considered to fall under GDPR.

Cold emailing in GDPR and cold calls don’t fall under the same regulations and it is legal to cold call.

In lead generation GDPR it stands for General Data Protection Regulation.

About the Author

Lydia is SendKoala’s Head of Content. Outside of SendKoala, you can finder her running, lifting, and hiking.