How to Build a UK GDPR-Compliant B2B Email List (Without Being a Nuisance)
- May 14
- 4 min read
Building a B2B email list is a marketing must. Building one that won’t get you fined, blocked, or ignored? That’s smart marketing.
Since GDPR (General Data Protection Regulation) dropped in 2018, sending emails isn't as simple as scraping some data and hitting send. But it’s absolutely doable, without being that brand that everyone wants to spam-report.
Wait... What About GDPR After Brexit?
Good question. Even though the UK left the EU, GDPR isn’t gone, it just got a local accent. It’s now known as the UK GDPR, running alongside the Data Protection Act 2018. Practically speaking, the rules are very similar to the original GDPR: you still need clear consent, you still need to offer opt-outs, and you still need to respect people's data.
For UK businesses doing B2B email marketing, the big things to remember post-Brexit are:
If you’re targeting EU businesses, you’ll need to comply with both UK GDPR and EU GDPR.
If you’re only targeting UK businesses, UK GDPR rules apply but they’re almost identical to the old ones.
Consent and transparency are still key (and PECR still applies to all email marketing).
Bottom line? Brexit didn't give marketers a free pass. Building a clean, permission-based B2B list is still the smart (and legal) move.
Here’s how to build your B2B email list properly and still make it a real growth tool.
1. Stay Laser-Focused on "Legitimate Interest"
In B2B marketing, GDPR gives you a bit of breathing room thanks to something called Legitimate Interest. Basically: if you can show that your email is relevant, expected, and won’t cause harm, you can contact businesses without explicit prior consent.
✅ It’s a sensible fit if you’re targeting people in a business context (e.g., sales@, info@, or their business-specific work email).
✅ It’s not a free pass to spam everyone vaguely connected to your sector.
Key Tip: Always ask yourself: "Would a normal human being expect this email from a business like mine? "If the answer feels murky, don’t send it.
2. Only Collect Data That Makes Sense
You don't need to know someone’s shoe size to invite them to a webinar. Stick to basics:
Name
Job title
Company name
Business email address
Maybe LinkedIn profile (optional)
More than that starts feeling nosy and GDPR frowns hard on unnecessary data collection.
Key Tip: If you wouldn't feel comfortable explaining why you need a piece of information in a GDPR audit, don’t collect it.
3. Find Data Online (Legally and Smartly)
You don't need to be Sherlock Holmes to find good B2B data but you do need to play it by the rules. Here’s how:
Company Websites: Many businesses list key contacts on their websites. As long as you’re contacting them about relevant business services, and you respect opt-outs, you’re within UK GDPR guidelines.
Professional Networks: LinkedIn is a goldmine - just don’t scrape data. Connect genuinely and offer value.
Business Directories: Reputable sites like Companies House, local Chambers of Commerce, or trade directories often list B2B contacts that are fair game (again, with relevance and opt-out options).
Third-Party Data Suppliers: You can buy targeted B2B lists from GDPR-compliant suppliers. (Hint: Squint & Co can even help you source good ones.)
The golden rule: Just because you can find an email address online doesn’t mean you can hammer it with sales messages. Keep it relevant, useful, and professional and always offer an easy opt-out.
4. Offer a Clear (and Easy) Opt-Out
Even under Legitimate Interest, you must give people a clear way to unsubscribe. Not buried in the footer. Not hidden behind three confusing steps. A simple, one-click "unsubscribe" link is your best friend.
✅ Make it immediate.
✅ Make it painless.
✅ Respect opt-outs - no excuses.
Key Tip: Consider an "update your preferences" link too. It’s less brutal than "unsubscribe from everything" if someone still wants some updates.
5. Be Crystal Clear About What You’re Doing
Transparency isn't just good ethics. It’s a survival skill under GDPR. When you first collect an email (say, through a download, a LinkedIn connect, or a newsletter signup), make sure you tell them:
Who you are
Why you’re collecting their details
What kind of emails they’ll get
That they can unsubscribe anytime
Key Tip: Short, friendly privacy notices work best. Save the formal gobbledygook for your official privacy policy page.
6. Keep Your Database Squeaky Clean
A messy database is a GDPR lawsuit waiting to happen (not to mention a complete marketing nightmare).
✅ Regularly audit your list.
✅ Remove outdated contacts.
✅ Archive unsubscribed leads properly.
✅ Keep track of consent dates if you're using opt-ins.
Key Tip: Use reputable email marketing platforms like Brevo, Mailchimp, or HubSpot. They’ll help you automate the boring-but-critical compliance stuff, like managing opt-outs and data storage rules.
Quickfire GDPR Don'ts
🚫 Don’t buy dodgy lists. (They’re usually illegal and useless anyway.)
🚫 Don’t scrape LinkedIn or company websites without care. (Business emails? Yes. Personal emails? Big no.)
🚫 Don’t pretend you’re following up on a "previous conversation" if there wasn’t one. (That's sneaky - and spammy.)
🚫 Don’t ghostwrite someone’s consent. (E.g., "By downloading this, you agree to all marketing forever". That’s not real consent.)
B2B Email Lists - The Bottom Line:
Building a GDPR-compliant B2B email list is 100% achievable and it doesn’t have to kill your marketing buzz.
Be respectful. Be transparent. Build lists you’d actually want to be on. Because when you treat your prospects like people (not targets), you don’t just get better open rates, you build better relationships.
