GDPR and business cards, mails or phone calls

GDPR and business cards, mails or phone calls
28 Január 2019

GDPR and business cards, mails or phone calls

The GDPR Regulation has also confused marketers and traders in the B2B segment. Do you want to know what is new about calling potential customers without previous contact (cold calling), how to handle business cards from the trade fair or whether you can present your services and request an appointment by email? Then read on. Fortunately, the Privacy Office recently unofficially outlined how to proceed in B2B communications to avoid sanctions.

Do I need permission to contact B2B customers?

As with any type of marketing communication, consent is not always required as it is not the only legal basis for processing. It is therefore up to you to determine the best legal basis for each processing activity and to document the exact purpose for it.

Consent may be the best basis for your e-marketing initiatives because you will need to ensure that they comply with privacy and electronic communications regulations.

Another legal basis is the legitimate interest. This particular basis can be used in situations where you can prove that you are using an individual's data in a way that he / she can reasonably expect. Legitimate interest is the most flexible basis for processing, but you cannot expect it to be the most appropriate. It can be used in situations where you are trying to inform existing customers and clients about the services or products you have provided to them, while you can reasonably expect they would be relevant to them.


Do you want to work with a new business and reach directly the specific person whose email you found on the web or in another publicly available database? You should follow these two rules.

  1. Be personal. In any case, do not send bulk emails. It must be clear from your communication that the email is addressed to that particular person or business and does not address fifty other companies with the same focus. And beware: you may occasionally mislead a potential customer by automated personalization with smart email programs, but the office will not tolerate such tricks.

  2. Do not spam or store information in a database without obtaining consent. Introduce yourself, your company, your services, offer a meeting - just sell yourself as best you can. Feel free to mention the possibility of regularly sending useful information. However, do not arbitrarily send newsletters to general email addresses that you have from public sources. According to the Office, this is already a line crossing even when it does not relate to personal data and thus to GDPR.

What about business cards?

Don't worry, they're not done. But be careful what you do with them, whether you got them at a personal meeting or at the trade fair. Registering these contacts in your CRM is your legitimate interest. But to start flooding their mailbox with your newsletters, that's crossing the line. The purpose of business cards is to give someone a contact details so you know where to write and call. Keep a personal touch, for example, try emailing how nice your meeting was and ask if they want regular, useful information from your industry. Be sure to refer them to the full wording of consent. And then record the consent for possible inspection.

Cold calling

Calling cold contacts is probably the most sensitive thing. The most complaints are about unsolicited phone calls. This area should be clearly defined by the envisaged ePrivacy Regulation, which is, however, far from being approved and effective. We recommend that you follow the same rules as for sending email before it comes to force. YYou don't have to worry about calling a few carefully selected companies and introduce yourself. Be sure to avoid saturation bombing using call centers and large databases.

In short, you should segment, personalize, not to spam, and use common sense. Or we can say it in different way. If you communicate in a way that works for you from a marketing-commercial point of view, it will probably work for you from a legal point of view as well.


Contact form

Preparation of Security Documentation in terms of GDPR from 139€ with insurance., s.r.o. Námestie osloboditeľov 3/A,
040 01 Košice

Non-binding free quote

from € 139 with insurance

We have provided services
to more than
11 500 clients

Free quote

Questions and answers

Dear client, if you have not found
what you are looking for, do not hesitate
to contact us.

To contact