Great question! Loaded… but good. I took the liberty of phoning a friend who knows far more than I do about GDPR compliance and we have recorded our answer for you to view or listen to. The summary is here as well:

  1. Penalties for GDPR non-compliance?

    Up to €10 million (~$11M), or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of: https://www.gdpreu.org/compliance/fines-and-penalties/

  2. What’s crucial about GDPR?

    It applies to the data of the EU citizen, and how your company handles this data, regardless of cold emailing. e.g. Can I (as a citizen of the EU) have my data removed in your database at will? Private emails of people (in the EU) at the company you are targeting are off limits.

  3. Who does it impact?

    Anyone/everyone with data on EU citizens whether or not they are sending cold emails.

  4. First, how you gather the data is crucial. What does this mean?

    1. Companies need a pre-defined reason to collect that data,
    2. Ensure the data fits the purpose,
    3. You must prove who is involved in the processing of the data,
    4. And finally, ensure your subjects can have their data edited or removed from your system at will.
  5. What are specific restrictions for B2B cold emailing? Business emails only.

    1. Opt-in vs Opt-out countries – In the EU, currently states can choose to be in one of these two camps.
      1. Opt-out = you can target a B2B person – a corporate subscriber, and follow their opt out request.
    2. Compliance to the GDPR and the local laws/regulators.
  6. How does it change B2C cold emailing?

    1. Not going to be possible in the entirety of the EU.
    2. It requires a double opt-in – form filled out, then accept the email they receive by clicking the link (confirming they own this email).
  7. Moving forward, best practices to maintain compliance if/when you are sending cold emails.

    1. Do not buy pre-existing data – generate your data ad-hoc (create an audience definition). Verified and accurate (i.e. no longer with the company).
    2. Create valuable and highly-relevant messaging to each audience – make sure you did your research and you have something of value to this new audience.
    3. Be mindful not to be ‘spammy’ – generic high-volume emails to an unstructured and varied database (email list).
  8. How to learn more about this?

    1. Join my newsletter (for anyone interested in growth marketing strategies…)
    2. Listen to my podcast on anchor or itunes.