top of page

GDPR Policy

B2B Telemarketing & GDPR - is it okay for us to call?


The simple answer is YES. The new legislation does allow businesses to cold call but ensures this is done in a responsible way, only where there is a ‘Legitimate interest’ to do so, and where the interests, rights and freedoms of the individual are protected.

Legitimate Interests


The processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. 


Legitimate interests applies to marketing activities if you can show that how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.

Telemarketing Best Practice


Whilst GDPR regulations force you to formally evaluate and document the impact of your marketing efforts or cold calling campaign, much of this is really a case of good practice. Irrespective of GDPR, any responsible company would be averse to causing their prospects distress, and any reputable telemarketing agency would have processes in place to avoid a negative impact on the recipient of the call. These should include:


  • TPS/CTPS screening as standard

  • Easy access to call histories and number look-ups so callers know and can explain exactly where the data they are calling came from.

  • Easy opt-out and clear privacy policies that explain how you use the data you process. Under GDPR (Individual Rights) this should also provide mechanisms for individuals to easily exercise their ‘right to object’, their ‘right to be forgotten’, their ‘right to rectification’ and/ or submit a Data Subject Access Request.

  • Systems that manage the number of times any number is called.

  • Technologies that protect the individual’s data such as call obfuscation to ensure protection of sensitive payment details, encrypted call recordings, data transfer via secure FTP.

  • Strict policies and in-depth training for all staff on data protection/GDPR.

  • Robust quality assurance and data management processes

  • Rigorous training and ongoing coaching around calling ‘best practice’ such as:

    • ​​Callers should state who they are and why they are calling at the start of a call.

    • If the prospect isn’t interested, their wishes must always be respected.

    • Listen and understand – don’t ‘hard’ sell. Callers should listen to the prospect and provide relevant information, tailored to their interests and pain points.

Further Reading


You can read more about b2b telemarketing and legitimate interests on the ICO website

bottom of page