Cold emailing in B2B is not prohibited by the GDPR. However, many sales teams are unsure about what they are and aren’t allowed to do. Here is the exact legal framework applicable in France in 2026.
The Legal Framework in B2B
In B2B, the GDPR and the ePrivacy Directive allow for email marketing without prior consent, subject to specific conditions.
The email address used must be professional and generic: contact@entreprise.fr, direction@entreprise.fr, info@entreprise.fr. These addresses are considered the company's business data, not personal data.
The content of the message must be directly related to the recipient's job responsibilities. It is legal to contact a sales director to discuss a lead-generation tool. Contacting them to sell them a personal car is not.
Each email must include a working unsubscribe link.
Any request to unsubscribe must be honored immediately and permanently.
The Case of Personalized Addresses
Email addresses such as prenom.nom@entreprise.fr fall into a more sensitive category. The CNIL considers them to be personal data. However, it permits their use in B2B marketing if two conditions are met: the message is related to the recipient’s professional activity, and you specify how you obtained their contact information.
A best practice is to include a short line in your email: "I found your contact information on LinkedIn." It's transparent, it's legal, and it reassures the prospect that you're serious.
What Is Strictly Prohibited
Soliciting individuals without their prior explicit consent, regardless of the message's content.
Continuing to send emails after a request to unsubscribe. This is the most common reason for complaints filed with the CNIL.
Purchasing non-compliant lists and using them without verifying their source. Responsibility for data processing lies with the sender, not with the seller of the list.
Using invasive tracking techniques without prior notice in emails (certain types of tracking pixels).
Best Practices for Staying Compliant
Document the source of each lead in your CRM: LinkedIn, website, event, Apollo data enrichment.
Regularly clean up the unsubscribe list and make sure your sequencing tool automatically excludes them from future campaigns.
Keep a record of opt-outs for at least 3 years.
Include in each email the name of the company sending the marketing message and a valid reply address.
How This Affects Deliverability
GDPR compliance and deliverability are directly linked. A spam complaint rate higher than 0.1% damages your sender reputation and causes your emails to be flagged by filters. Honoring opt-outs, sending relevant messages to targeted recipients, and maintaining a clean list are both legal requirements and best practices for deliverability.
Cold email deliverability and GDPR compliance reinforce each other. Teams that comply with one generally comply with the other.
.png)


