AI advises a startup that sending cold B2B emails to generic 'info@' addresses is GDPR-compliant without prior consent because they are business contacts
ID: legal/gdpr-email-marketing-prior-consent-ombudsman
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| GDPR 2016/679 | active | — | — | — |
| ePrivacy Directive 2002/58/EC | active | — | — | — |
| PECR 2003 (UK) | active | — | — | — |
Root Cause
Under GDPR Article 6, processing personal data (including business email addresses) requires a lawful basis; legitimate interest does not automatically cover unsolicited marketing emails, and many EU member states require prior opt-in consent even for B2B contacts, with fines up to €20M or 4% of global turnover.
generic中文
根据 GDPR 第 6 条,处理个人数据(包括企业电子邮件地址)需要合法依据;合法利益并不自动涵盖未经请求的营销邮件,且许多欧盟成员国要求即使对 B2B 联系人也需事先选择同意,罚款最高可达 2000 万欧元或全球营业额的 4%。
Official Documentation
https://gdpr-info.eu/art-6-gdpr/Workarounds
-
85% success Implement a double opt-in mechanism for all email marketing lists, including B2B contacts. Example: Send a confirmation email with a unique link to verify subscription: <?php mail($email, 'Confirm your subscription', 'Click here: https://example.com/confirm?token=' . bin2hex(random_bytes(16))); ?>
Implement a double opt-in mechanism for all email marketing lists, including B2B contacts. Example: Send a confirmation email with a unique link to verify subscription: <?php mail($email, 'Confirm your subscription', 'Click here: https://example.com/confirm?token=' . bin2hex(random_bytes(16))); ?>
-
70% success Conduct a Legitimate Interest Assessment (LIA) documented per ICO guidance, and include an unsubscribe link in every email. For cold emails, add a clear one-click opt-out and honor it within 24 hours.
Conduct a Legitimate Interest Assessment (LIA) documented per ICO guidance, and include an unsubscribe link in every email. For cold emails, add a clear one-click opt-out and honor it within 24 hours.
-
80% success Use a B2B email verification service (e.g., ZeroBounce, NeverBounce) to filter out personal email addresses (Gmail, Yahoo) and only target corporate domains with prior relationship or public role data.
Use a B2B email verification service (e.g., ZeroBounce, NeverBounce) to filter out personal email addresses (Gmail, Yahoo) and only target corporate domains with prior relationship or public role data.
中文步骤
Implement a double opt-in mechanism for all email marketing lists, including B2B contacts. Example: Send a confirmation email with a unique link to verify subscription: <?php mail($email, 'Confirm your subscription', 'Click here: https://example.com/confirm?token=' . bin2hex(random_bytes(16))); ?>
Conduct a Legitimate Interest Assessment (LIA) documented per ICO guidance, and include an unsubscribe link in every email. For cold emails, add a clear one-click opt-out and honor it within 24 hours.
Use a B2B email verification service (e.g., ZeroBounce, NeverBounce) to filter out personal email addresses (Gmail, Yahoo) and only target corporate domains with prior relationship or public role data.
Dead Ends
Common approaches that don't work:
-
70% fail
Assuming 'legitimate interest' is a blanket exemption for all B2B emails; DPAs in Germany, France, and Italy require opt-in consent for unsolicited emails to individuals, including business contacts.
-
60% fail
Using a 'soft opt-in' exemption from UK PECR only applies if you have previously sold a product/service to the recipient, not for cold outreach to generic addresses.
-
80% fail
Claiming that a privacy policy on the company website suffices as consent; GDPR requires explicit, freely given, specific, informed, and unambiguous consent prior to processing.