Outreach Compliance Checklist (UK)
Operational checklist for GDPR/PECR-aware outreach.
Before outreach
- Define lawful basis for processing (typically legitimate interests for B2B context).
- Document balancing test and keep a record.
- Collect business-contact data from lawful sources.
Message content rules
- Clearly identify your business and contact details.
- Avoid deceptive subject lines or claims.
- Include clear opt-out instructions.
Channel-specific caution
- Email/SMS marketing may require additional PECR compliance checks.
- Cold messaging to personal addresses/numbers carries higher risk.
- Prefer targeted B2B, minimal-data, relevance-based outreach.
Data governance
- Keep suppression list of opted-out contacts.
- Minimise retention of non-responsive contacts.
- Provide privacy notice and rights pathway.
Escalation
For regulated sectors or uncertain campaigns, obtain legal review before launch. This checklist is practical guidance, not legal advice.