It is on May 25, 2018 that the RGPD (or General Data Protection Regulation) is voted. Its objective is to protect the personal data of the citizens of the European Union by setting a regulatory framework more successful than previous legislation.

What about professionals and cold emailing? Discover in our article all you need to know on the subject.

What is the RGPD?

The RGPD regulates the processing of personal data of users. This regulation applies to all organizations, whether private or public, as long as their products or services are aimed at the European public, or that they are established in the European Union.

Let's go into the details. What exactly is personal data? In a very broad sense, it concerns any personal information that you will collect from a user via a form for example (name, first name, email address, date of birth, phone number, postal address, company name…)

What about data processing? Once the information has been collected (form, survey, inquiry…), the data processing must have a precise objective/purpose when contacting the lead.

Today, it is possible to collect non-personal data without necessarily obtaining the consent of the Internet user. This is especially the case with scraping tools that allow to collect a lot of data. When is it then? Does the RGPD prevent from sending cold emailing campaigns? Let's see what it is exactly.

RGPD: what does it change for cold emailing?

Cold emailing is a B2B marketing technique, which aims to address cold leads with whom you have had no interaction. Its goal is to initiate a conversation whose objective is to "break the ice" and establish a relationship of trust.

In B2B cold emailing you can prospect leads without obtaining their consent. You must however :

  • contact them on a professional address
  • the subject of the request must have a direct link with the profession of the targeted person.

This legislation does not apply to generic addresses such as contact@entreprise.com, info@entreprise?com, etc.

In B2C, you must always obtain the consent of the person concerned before contacting them.
In all cases, you must specify the identity of the sender, and propose a simple way to object to the prospecting.

Which methods to adopt to prospect without worries?

Here are the methods to apply for your cold email campaigns:

  • Specify your identity: a person who receives one of your messages must be able to identify you.
  • Unsubscribe: when programming your cold emailing campaigns, think of putting an unsubscribe link at the bottom of your message. Thus, the recipient will have the choice to unsubscribe from your sequences without any problem.
  • Data deletion: any user can request the total deletion of his personal data. You are therefore obliged to delete all their information from your prospecting and CRM tools.
  • Collecting data with good tools: the RGPD does not oppose scraping as long as the data collected is not personal data, and is public. For personal data, some precautions must be taken. It is also important to store this data in a secure way and not to resell it to third parties without the consent of the person. To scrape lead data legally, you can use our Derrick tool, which is an application that installs directly on your web browser. It allows you to build up customer files orenrich your databases with LinkedIn Sales Navigator.

By following these best practices, you don't have to worry about your cold email campaigns. If you don't practice mass spamming and opt-out is possible, then cold emailing is legal.

Frequently asked questions

Is cold emailing legal under the GDPR?
Yes. In B2B, the GDPR does not prevent you from sending cold email campaigns to prospects you have never interacted with. The conditions: contact them on a professional address, make sure the subject of your message relates to their profession, identify yourself clearly, and offer a simple way to opt out. As long as you avoid mass spamming and opting out is possible, cold emailing is legal.

Do I need consent to send cold emails to B2B prospects?
No. In B2B you can prospect leads without obtaining their prior consent, as long as you use their professional email address and your request has a direct link with their job. B2C is the opposite: you must always obtain the person's consent before contacting them.

What must a cold email include to stay GDPR-compliant?
Three things. First, your identity: anyone receiving your message must be able to identify who is contacting them. Second, an unsubscribe link at the bottom of the email so the recipient can leave your sequences without friction. Third, the ability to honor data deletion requests: if a user asks, you must remove all their information from your prospecting and CRM tools.

Does the GDPR apply to generic addresses like info@company.com?
No. Generic addresses such as contact@company.com or info@company.com do not identify a specific individual, so the B2B prospecting rules around personal data do not apply to them. The constraints kick in when you email a nominal professional address that points to a real person.

Can I scrape data for my cold email campaigns?
Yes, the GDPR does not oppose scraping as long as the data collected is public and, for personal data, some precautions are taken. You must store the data securely and never resell it to third parties without the person's consent. Tools like Derrick let you build prospect files or enrich your databases from LinkedIn Sales Navigator while respecting these rules.

Continue exploring this cluster

GDPR B2B

GDPR & B2B Data Enrichment: The Complete Legal Guide 2026

What GDPR actually says about B2B enrichment - sources you can use, what to document, what triggers sanctions.

Read the guide → GDPR B2B

Legal Basis for B2B Data Enrichment: What GDPR Actually Allows

The 6 legal bases under GDPR - which one fits B2B prospecting, when consent is required, when legitimate interest works.

Read the guide → GDPR B2B

Consent vs Legitimate Interest in B2B: Which Legal Basis Should You Use?

The 2 legal bases B2B teams actually use - decision tree, balancing test template, when each one wins.

Read the guide → GDPR B2B

GDPR Data Subject Rights: Access, Rectification & Erasure - A Practical Guide

Right to access, rectification, erasure, portability - what to ship when a request comes in. SLA: 30 days.

Read the guide → GDPR B2B

GDPR Sanctions: What Your Business Actually Risks in 2026

Real GDPR fines in 2026 - who got hit, for how much, why. Plus the under-the-radar non-fine consequences.

Read the guide → GDPR B2B

International Transfers of Enriched Data: What Every B2B Team Needs to Know in 2026

EU-US Data Privacy Framework, SCCs, adequacy decisions - what's safe to transfer where in 2026.

Read the guide → GDPR B2B

CCPA, LGPD and Global Data Privacy Laws: The Complete B2B Guide

Beyond GDPR - California CCPA, Brazil LGPD, Canada PIPEDA. What overlaps, what's specific, what to ship.

Read the guide → GDPR B2B

DPO and Data Enrichment: Roles, Responsibilities, and What Your Team Must Do

When you need a DPO, what they do for enrichment workflows, the 5 docs to give them on day one.

Read the guide → GDPR B2B

GDPR Records of Processing Activities for B2B Data Enrichment: A Practical Guide

The Article 30 record - what to fill in for each enrichment source, template included, audit-proof format.

Read the guide → GDPR B2B

Data Minimization in B2B: Why Enriching Less Makes You Prospect Better

Less data ≠ less performance. The 3 patterns where minimization actually lifts conversion.

Read the guide →

Start enriching your sheet in 30 seconds

Free for 100 credits/month. No credit card.

Install Derrick free →