You Need New Pipeline but You Are Not Sure What Is Legal
Every B2B sales team in the UK faces the same tension: you need to prospect to grow, but the rules around contacting people who have not opted in feel unclear. The ICO guidance exists, but it is dense and written for lawyers, not sales leaders. The result is either paralysis - teams that stop outbound entirely - or recklessness - teams that buy cheap lists and hope nobody complains.
Neither approach works. The legal framework for B2B prospecting under UK GDPR is actually workable. Legitimate interest provides a clear lawful basis for contacting business professionals about products and services relevant to their role. But it requires proper documentation, screening, and process - exactly the kind of operational work that sales teams are not set up to do.
We handle the compliance layer so your team can prospect with confidence.
Who This Is For
- Sales leaders who have been told to "be careful" about GDPR but have not been given a clear process. If your team is avoiding outbound because nobody knows where the line is, we draw that line and build the process around it.
- Marketing and demand gen teams who need to run email campaigns to prospects outside their opted-in database. Compliant prospecting is not the same as spam - but it does require source documentation and proper screening.
- Compliance and legal teams who want to enable sales outreach without creating regulatory risk. We provide the documentation and audit trail that satisfies an ICO review.
How We Do It
- Legitimate Interest Assessment (LIA). We draft the LIA for your specific prospecting use case. This documents the purpose of processing, the necessity, and the balancing test - why your interest in contacting this person does not override their privacy rights. This is the foundation of compliant B2B outreach under UK GDPR.
- Data sourcing under compliant conditions. We source prospect data from legitimate, documented sources - UK GDPR-compliant channels including Companies House, LinkedIn, trade directories, and professional body registers. Every record includes source attribution.
- TPS/CTPS screening. Every phone number is screened against the Telephone Preference Service and Corporate Telephone Preference Service registers. Numbers on these registers are flagged and excluded from calling lists. This is a legal requirement for B2B cold calling in the UK.
- Email verification and suppression. Every email address is SMTP-verified. We cross-reference against any suppression lists you maintain - previous opt-outs, do-not-contact requests, and former employees who have asked to be removed.
- Delivery with audit trail. You receive the prospect list plus full documentation: the LIA, source records for every contact, TPS screening certificates, and a data processing record suitable for your GDPR compliance file.
What You Receive
- Compliant prospect list: Verified contacts with source documentation, ready for CRM import
- Legitimate Interest Assessment: Drafted for your specific use case, reviewed against ICO guidance
- TPS/CTPS screening report: Certificate of screening with flagged numbers removed
- Data processing record: Article 30 record of processing activities for this dataset
- Suppression management: Cross-referencing against your existing opt-out and do-not-contact lists
Data Sources
We source from Companies House, LinkedIn, trade association directories, professional body registers, and specialist B2B data providers who operate under documented compliant conditions. We do not use scraped data, purchased consumer lists, or sources that cannot demonstrate a lawful basis for B2B prospecting.
Pricing Context
GDPR-compliant prospecting typically runs £2,500-£5,000 per project depending on the number of records, depth of screening, and whether we are drafting the LIA from scratch or working from an existing template. We scope precisely on a call.
For ongoing compliant list building, a pipeline build includes compliance screening as standard.
Before and After
| Before | After |
|---|---|
| Sales team avoids outbound due to GDPR uncertainty | Clear process and documentation for compliant prospecting |
| Bought lists with no source documentation | Every record sourced, documented, and audit-ready |
| No TPS screening - regulatory risk on every call | Full TPS/CTPS screening with certificates |
| No Legitimate Interest Assessment on file | LIA drafted, documented, and filed for ICO review |
| Opt-out requests handled inconsistently | Centralised suppression list cross-referenced before every campaign |
Book a free scoping call - we will assess your current compliance position and outline what is needed to prospect legally and confidently.
Frequently Asked Questions
Is cold emailing legal under UK GDPR?
Yes, for B2B contacts. UK GDPR allows processing under legitimate interest, and PECR permits unsolicited B2B emails provided they are relevant to the recipient's professional role and include an opt-out mechanism. The requirement is documentation, not consent.
Is cold calling legal under UK GDPR?
Yes, with TPS/CTPS screening. You must check numbers against the TPS register and not call numbers that are registered, unless the individual has specifically consented. Corporate numbers on CTPS are also restricted.
What is a Legitimate Interest Assessment?
A documented test that weighs your business interest in contacting someone against their reasonable expectation of privacy. For B2B prospecting, this usually passes comfortably - but the ICO expects you to have documented the assessment, not just assumed it.
Do we need consent for B2B outreach?
Not typically. Legitimate interest is the standard lawful basis for B2B prospecting in the UK. Consent is required for B2C marketing and some specific contexts, but standard B2B outreach to business professionals operates under legitimate interest.
What happens if someone complains to the ICO?
If you have a documented LIA, source records, TPS screening evidence, and a functioning opt-out process, you are in a strong position. The ICO investigates based on whether you followed the process, not whether someone was annoyed. Our documentation is built for exactly this scenario.
Can you help with our existing data as well?
Yes. We can retrospectively screen and document existing prospect data, identify records that lack a lawful basis, and bring your CRM into compliance. This often pairs well with a CRM health check.