A lot of customers has asked us the question “Can I still buy email lists considering GDPR?” and also quite a few business owners on the receiving end of the email has contacted us with a somewhat wrong understanding of GDPR saying things like “You don’t have any right to send me an email!”. In this article our goal is to sort out some misunderstandings specifically about GDPR and what you could call “Cold email marketing” which refers to people who have not actively chosen to opt-in to receive emails from your company.

The term ‘GDPR’ means the General Data Protection Regulation. It is the most important change in data privacy regulation in last two decades, was come into strong and adopted by the European Parliament and Council of European Union on 14th April 2016 but This Regulation (GDPR) was implemented on 25th May, 2018. This act of regulation replaced the general rules on data protection after 1995 and 2008.

There is a saying- “Data is the oil of the 21st century” and it could not be more than true than it is today. For a lot of business, personal data is a significant activity. Nearly every company is processing some personal data on a regular basis.



The reciprocally unanimous General Data Protection Regulation (GDPR) was designed to upgrade the laws that protect the personal information of individuals. It also helps increasing the rights of vocational and gives them more control over their tidings.

The General Data Protection Regulation (“GDPR”) is an enactment in on data preservation and alcove for all personals within the European Union. The GDPR targets in chief to give control to particular over their personal data and to make simple the regulatory ambiance for international purposes.



The rules and restrictions of GDPR are composed of 99 articles, grouped into 11. You can read more about this on the European Councils webpage at



It is your responsibility to ensure any lists you buy are fully compliant under the new regulations. As a supplier of email lists and leads for countries across Europe, BizWell has taken steps to ensure total compliance. How do we do this? We build and verify lists for ourselves and for our clients from scratch according to very specific targeting criteria, from publicly available sources.

Building the lists ourselves with target criteria in mind means we can ensure the adequacy and relevance of the data collected, and that we can keep detailed records of our lead generation process.

Please remember that the GDPR is not about cold emailing. It is not about businesses. It is about personal data protection.

However, sending business emails does mean processing personal data so there are some key things you need to keep in mind when emailing in a post-GDPR environment.

  1. Make sure your prospects are targeted and appropriate
  2. Explain legitimate interest in your email copy
  3. Make the opt-out process quick and easy
  4. Maintain and cleanse your database regularly
  5. Prepare to respond to GDPR complaints and questions in a professional way



There is a lot of confusion regarding this. I have even met clients who have thrown out their entire email database thinking that they have to start collecting everything from scratch when they actually wouldn’t have had to. What a shame. I also consistently meet clients who are very confused about what they can do and not do so this article is my way of trying to shed some light on this area.

GDPR protects individuals, not businesses. Despite protecting personal data, the GDPR doesn’t stop people prospecting or collecting leads, it just demands a greater level of accuracy and care from lead generators.

Under the GDPR, the personal data that you collect should be adequate and relevant to the purpose of its processing. Basically this means that you have to consider how much data you really need for what you’re going to achieve and that the data that you collect is relevant for your purposes. Only collect data that is strictly necessary to you as data administrator or data processor. You can read more about it here:

As Article 6, Clause 1 in the GDPR Legislative Acts states, legitimate interest is only legal if “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Unlike the other legal bases, your basis for processing data can be contested. Whether your interest overrides right to privacy is fundamentally open to debate.



At BizWell we help our clients reach their target audience with extreme precision which is very important. We can help you target your B2B audience based on several criteria such as Geography, Industry, Company size, Company Turnover, Decision maker title and other data to ensure that you’re targeting a relevant audience.

If you think that the five steps above are hard to implement in your email marketing campaign we would love to help you with your entire campaign. Just contact us and let’s discuss your needs and goals.



emma-blog-smallEmma Parer
Digital Marketing Expert