Outreach Compliance Checklist (UK)

Operational checklist for GDPR/PECR-aware outreach.

Before outreach

• Define lawful basis for processing (typically legitimate interests for B2B context).
• Document balancing test and keep a record.
• Collect business-contact data from lawful sources.

Message content rules

• Clearly identify your business and contact details.
• Avoid deceptive subject lines or claims.
• Include clear opt-out instructions.

Channel-specific caution

• Email/SMS marketing may require additional PECR compliance checks.
• Cold messaging to personal addresses/numbers carries higher risk.
• Prefer targeted B2B, minimal-data, relevance-based outreach.

Data governance

• Keep suppression list of opted-out contacts.
• Minimise retention of non-responsive contacts.
• Provide privacy notice and rights pathway.

Escalation

For regulated sectors or uncertain campaigns, obtain legal review before launch. This checklist is practical guidance, not legal advice.