Yes, you can send cold emails to people at businesses under GDPR laws. That being said, your emails need to be B2B and meet strict guidelines.
You can’t send emails to just anyone. You need a list of correctly targeted prospects (read more about our lists here). You need to have a valid and accurate reason to declare that the company the person works for can benefit from what your organisation offers in the cold email that you send out. Also, your business products, services or activity needs to inevitably relate to the same activity from your prospect. That will be a legal basis to send someone an email without their previous consent to process their data.
You should not process your cold email addressees’ personal data for very long. That being said, GDPR does not specify any particular amount of time. We recommend removing from your lists the data of prospects who have not replied within 30 days from sending them your first message. That’s how you abide by the data storage limitation principle while sending cold emails.
In each email, you need to notify your email recipients what personal data you are processing, for what purpose, and how they can remove their data from your mailing list, or change them. That’s how you fulfil the information duty described in GDPR. We also advise informing your prospect of where you got their data (generally, our data is sourced from LinkedIn.. We will advise accordingly when you get your email list).
Sending a follow-up to your cold list dose not violate GDPR. That being said, you need to ensure that you meet and stick within the points outlined above. Due to not holding data for very long, we would recommend sending the follow-up within 30 days if the prospect/lead does not respond, and then remove them after if there is still no activity.
Also, if a prospect has requested that you do not email them again, or to be removed from your list, you must meet this request and not send them a follow-up.