Cold Email and GDPR: What UK Businesses Actually Need to Know in 2026

# Cold Email and GDPR: What UK Businesses Actually Need to Know

There's a lot of confusion about whether cold email is legal in the UK. The short answer is yes — if you follow the rules. The longer answer involves two pieces of legislation: UK GDPR and PECR (Privacy and Electronic Communications Regulations).

This guide covers what you actually need to know as a UK business sending cold emails to other businesses. No legal jargon, just practical advice.

The Key Distinction: B2B vs B2C

The rules are completely different depending on who you're emailing.

Business-to-business (B2B): You can send unsolicited emails to businesses at their corporate email addresses (info@, hello@, contact@, or named individuals at work addresses) without prior consent. This falls under the "legitimate interest" basis of UK GDPR and the "soft opt-in" rules of PECR.

Business-to-consumer (B2C): You generally need prior consent to email individuals at personal email addresses (Gmail, Hotmail, etc). This is much stricter.

If you're using a tool like LeadSnipe to find business email addresses and send cold outreach to other companies, you're operating in B2B territory. This is legal under UK law provided you follow certain requirements.

What You Must Include in Every Cold Email

Every B2B cold email you send must include your real identity and business name. Don't hide behind a fake name or anonymous sender. The recipient needs to know who is emailing them.

You must include a valid physical address or registered business address. A PO Box is acceptable.

You must provide a clear and easy way to opt out. This can be a simple "reply unsubscribe to stop receiving emails" or an unsubscribe link. The key word is easy — burying the opt-out in tiny text at the bottom of a wall of copy doesn't count.

You must honour opt-out requests promptly. If someone says "don't email me again," that's it. Remove them immediately, not in 28 days, not after the current campaign finishes. Immediately.

What You Cannot Do

You cannot buy a list of personal email addresses and blast them. Purchased lists that contain personal Gmail or Hotmail addresses are almost certainly non-compliant.

You cannot pretend your email is something it isn't. Misleading subject lines like "Re: our conversation" when you've never spoken to them are a violation.

You cannot email someone who has explicitly opted out or unsubscribed. This sounds obvious but people still do it when they switch email tools and don't migrate their suppression list.

You cannot scrape personal email addresses from social media profiles and use them for cold outreach. Business email addresses published on a company website for the purpose of business contact are fine.

Legitimate Interest: The Legal Basis for B2B Cold Email

When you email a business about something relevant to their business, you're operating under "legitimate interest." This means you believe the recipient would reasonably expect to receive this type of communication based on their business activities.

Emailing a restaurant about a service that helps restaurants get more bookings? Legitimate interest. Emailing a solicitor about website design because their site looks outdated? Legitimate interest. Emailing a random business about something completely unrelated to what they do? Harder to justify.

The more relevant your email is to their actual business, the stronger your legitimate interest basis. This is why personalised cold email is not just more effective — it's more compliant too.

Practical Tips for Staying Compliant

Use business email addresses only. If your lead source provides info@ or hello@ addresses from company websites, you're in a strong position. Avoid personal addresses.

Keep records of where you got each email address. If someone complains, you need to be able to say "we found this email on your company website on this date." Tools that scrape business websites for contact emails give you a clear audit trail.

Include your opt-out in every email, including follow-ups. Some senders include it in email 1 but forget in the follow-up sequence.

Don't send to the same person more than 2-3 times if they haven't replied. While there's no specific legal limit on follow-ups, repeatedly emailing someone who isn't responding could be considered harassment.

Be honest about who you are and what you want. The emails that get complaints are the ones that try to trick people into replying. Straightforward, relevant, honest emails almost never generate complaints.

Summary

B2B cold email is legal in the UK. Keep it relevant, include your identity and opt-out, honour unsubscribes, and use business email addresses. Follow those rules and you'll never have a GDPR issue.