If you're in the business of making cold calls, then you need to be aware of GDPR and how it affects your activities. In this in-depth guide, we'll cover everything you need to know about GDPR and cold calling, including the law, regulations, and guidelines related to cold calling, and how to cold call in a compliant way.
The UK’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, and applies to all businesses with customers in the European Union. The GDPR replaces the 1995 Data Protection Directive, and strengthens EU data protection rules by giving individuals more control over the processing of personal data, and establishing new rights for individuals.
So, what does this mean for businesses that make cold calls? Let’s take a look at the law, regulations, and guidelines related to cold calling, specifically how GDPR affects cold calling, and how to make outbound calls in a compliant way.
Is cold calling allowed under GDPR?
The short answer is yes, but there are certain conditions that must be met in order for businesses to make cold calls without violating GDPR. In order to make a legal cold call under GDPR, businesses must have a legitimate reason for contacting the individual (known as a “legal basis”), and they must obtain the individual’s consent before making the call.
There are three conditions that must be met in order for a business to have a legal basis for making a cold call:
1. The individual has given their explicit consent to receive calls from the business
2. The individual has an existing relationship with the business
3. The call is made for legitimate interest purposes (i.e. it is not sales or marketing)
If one of these three conditions is met, then the business has a legal basis for making a cold call. However, even if one of these conditions is met, the business must still obtain consent from the individual before making the call.
Consent must be given explicitly by the individual in order for it to be valid under GDPR. This means that businesses cannot rely on implied consent (i.e. consent that is assumed because the individual took some action), or opt-out consent (i.e. consent that is assumed because the individual did not take some action).
Therefore, in order for businesses to make legally compliant sales calls under GDPR, they must have a legal basis for contacting the individual and they must obtain explicit consent from the individual before making the call.
What is GDPR’s impact on cold calling?
When the General Data Protection Regulation (GDPR) came into effect on May 25, 2018, it had a big impact on the way businesses could operate, specifically in relation to cold calling.
If you haven’t already heard of GDPR, it is a set of regulations that member states of the European Union must implement in order to protect the privacy of digital data and applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside the EU.
Under GDPR, all companies must take steps to protect the personal data of EU citizens from accidental or unauthorized access, destruction, alteration, or unauthorized use. In addition, companies must provide individuals with certain information about their rights under GDPR when they collect personal data.
This regulation has had a big impact on cold calling specifically. In light of GDPR, businesses need to be careful when telemarketing to individuals in the EU. When making cold calls, businesses must have a legal basis for processing the personal data of individuals who are contacted. In most cases, this will require obtaining explicit consent from the individual before making the call.
Businesses should also be aware that under GDPR, individuals have the right to object to direct marketing at any time. This includes cold calls. Businesses must stop outreach to an individual who has objected to direct marketing unless they obtain explicit consent from the individual to continue doing so.
What cold calling laws should I be aware of in the UK?
First, you should be aware of the Telephone Preference Service (TPS). It is a service that allows consumers to opt out of receiving cold calls. If a business makes a cold call to a consumer who is registered with the TPS, they are breaking the law and could be fined up to £500,000.
In addition to the TPS, businesses must also comply with the Privacy and Electronic Communications Regulations (PECR) when making cold calls. Under PECR, businesses can only make marketing calls to individuals if they have obtained explicit consent from the individual to do so. This means that businesses must have a good reason for making the call and must obtain consent before making the call.
Disclaimer:
For legal advice on cold calling and how it affects your business’ sales and marketing activities, we recommend seeking a legal professional to assess your specific situation.
GDPR and B2B cold calling
B2B cold calling is a type of lead generation tactic in which someone on your sales team contacts potential businesses by phone without having been invited to do so by the business. Although the General Data Protection Regulation (GDPR) applies to any company that processes or intends to process the data of individuals in the EU, when it comes to cold calling for B2B sales, PECR is something to pay attention to because its rules are generally not as strict when marketing to companies.
Businesses are classed as “corporate subscribers” under PECR if they are a corporate body with separate legal status (e.g. companies, limited liability partnerships, Scottish partnerships, and some government bodies). However, sole traders and other types of partnerships are classed as “individual subscribers” and PECR treats them the same as individuals.
For B2B marketing calls, PECR states that businesses must not call phone numbers registered with the Corporate Telephone Preference Service (CTPS) or the Telephone Preference Service (TPS) unless the business has consented to marketing calls. Businesses must also not call the number of a business who has previously objected to their calls, and must say who is calling (e.g. the name of their organisation). They must also allow their number (or an alternative contact number) to be displayed and provide their contact information or a freephone number (such as an 0800 telephone number) if asked.
No cold calling zones in the UK
Another important thing to keep in mind is that there are areas in the UK that are designated as “no cold calling zones” due to public interest. These zones are designed to protect residents from doorstep crime, as well as to deter people from selling goods or services on a doorstep or in a public place.
The zones are set up by local authorities and police forces in partnership with local communities if a large number of residents in the area agree to designate their area as such. They are marked with signs to show that the area is a no cold calling zone. Residents of these areas can also report any non-compliance to the police, who can then investigate the situation.
Tips for cold calling in the UK
Since cold calling in the UK is a bit tricky compared to non-EU countries, businesses should keep the following tips in mind before making that cold call:
1. Be mindful of the law. Familiarize yourself with the Telephone Preference Service (TPS) and the Privacy and Electronic Communications Regulations (PECR) to ensure compliance.
2. Get explicit consent. Always obtain explicit consent from individuals before making a marketing call (the same applies when recording a phone call). This includes ensuring that they are aware of what they are consenting to and that they have the opportunity to withdraw their consent at any time.
3. Use GDPR-compliant software for cold calling. For example, GDPR-compliant software like Dialpad allows you to easily record calls after you’ve received a caller’s consent to record.
To stay compliant, remember that customers can also request that their call recording is deleted, and you must do so in order to stay compliant.
4. Do not call individuals who have previously objected. Once an individual has objected to marketing campaigns from your business, you must stop calling and sending email marketing to them unless they give their explicit consent for you to continue doing so. Dialpad also has customisable retention policies that can help you delete records when customer data is no longer needed.
5. Do not make automated decisions when making calls. According to the Information Commissioner’s Office, “UK GDPR gives people the right not to be subject to solely automated decisions, including profiling, which have a legal or similarly significant effect on them.” Avoid leaving pre-recorded messages without speaking to a human being first. Doing so could violate PECR and result in hefty fines.
6. Keep track of consents. Maintain a record of when consent was given and by whom, as well as when it was withdrawn, if applicable. This will help you stay compliant and avoid any potential problems down the road.
Benefits of cold calling
Despite all the rules and regulations about cold calling in the UK, cold calling is still a very effective way to reach new customers and generate sales. When done correctly and compliantly, cold calling can help you build relationships with new clients, increase brand awareness, and diversify the channels that generate revenue.
There are several benefits of cold calling that make it an attractive option for businesses of all sizes because you can:
reach new customers and build relationships with new clients
increase brand awareness and acts as a flexible marketing tool
boost your bottom line
build a cost-effective marketing strategy if your target audience is receptive to cold calls
get immediate feedback about your product or service
How is cold calling in the UK different than in other countries?
Cold calling in the UK is subject to stricter regulations than in countries that are not part of the EU. The UK has implemented the Privacy and Electronic Communications Regulations (PECR), which impose restrictions on the use of cold calling.
This includes the use of automated calls, texts, emails, or any other form of electronic communication. Companies must obtain the prior consent of the person they are contacting before initiating a cold call. Additionally, if the recipient does not wish to be contacted again, the company must comply with the request and refrain from any further contact.
In contrast, countries outside of the EU are not subject to such strict regulations. They may not have any laws governing the use of cold calling, or the laws may be less restrictive. For example, many countries do not require companies to obtain prior consent from the person they are contacting. This can lead to much more aggressive cold calling practices, which can be intrusive and disruptive. Furthermore, many countries do not have any laws that prohibit companies from making repeated calls to people who have expressed a desire not to be contacted again. Of course, if you truly care about customers, you shouldn’t make repeated calls to individuals who do not want to be called. This can be incredibly frustrating for the recipient and can lead to them developing negative feelings about your business.
Cold calling in the UK
Despite the strict laws on cold calling in the UK, there are several steps that businesses can take to ensure that they are compliant with the law while outreaching to potential customers. Make sure that your sales and marketing teams are aware of what regulations they should keep in mind before reaching out to prospects, whether it’s a cold call or even a cold email.
By understanding the requirements of GDPR and PECR and obtaining explicit consent from individuals before making calls, businesses can cold call in the UK while staying within the bounds of the law.
Ready to start cold calling?
Try Dialpad for free with a 14-day trial—talk, message, and meet, all in one place. Or, take a self-guided interactive tour of the app first!