Skip to main content

Telemarketing in a GDPR World

GDPR is one of the hottest topics for discussion in the marketing world. Companies are reviewing and changing their processes to ensure they are compliant before 25th May. There is still a lot of confusion in many areas such as telemarketing and businesses are not sure what they need to do.

GDPR aims to increase the protection and on-going management of personal data. If you hold data lists that contain personal data, you will need to be compliant before May. You will also need to show your compliance so ensure that you keep records of all processes, opt-in methods etc. to meet these requirements.

When it comes to telemarketing, some believe it is all doom and gloom and others believe not much will change. Many people are asking exactly how will GDPR affect telemarketing? In this post, we will look into this further. Previously, we have given an overview of GDPR and provided a run down of what you need to know.


One of the most important aspects of GDPR is consent. Although this is not a new concept, most marketing is currently undertaken on an ‘opt-out’ basis. If you receive an email from a company and you no longer want to receive them, you can unsubscribe. However, with GDPR, marketing must be done on an ‘opt-in’ basis. Therefore, businesses must establish that a record fits under one of six lawful basis to process data. We cover this in greater detail in another post.

Companies cannot just market the same way they are now. They must gain explicit consent from an individual or have a valid legitimate interest before they can send marketing materials to them. The good news for you as an individual is this should mean the days of PPI and car accident calls are ending!

However, if you own a data list or manage personal records, you will need to re-opt records in. You must state what their information will be used for, by whom and by which methods. Many companies are re-wording their opt-in statements to meet these new requirements.

For you to be able to contact potential prospects by phone, they need to ‘opt-in’ to receive these calls. More so, they need to ‘opt-in’ to receive calls from your company. The days of opting-in a prospect for a service or product and these details being available to all companies in the same sector are ending.

This is a great positive albeit laborious as it will potentially eliminate any competition.

The other way to contact a prospect is to have a legitimate interest. You must be able to produce a legitimate interest assessment, proving you have done your due diligence and showing you are able to make contact.


In order to comply with GDPR regulations, you must demonstrate your compliance to the relevant authorities. Companies need to keep records of their opting-in processes, details of how they process and cleanse data, and show that they store it safely.

If you undertake telemarketing activities and record your calls, this will also apply to you. Individuals must be aware and understand the purpose of the recording. Depending on the call and the business, individuals sometimes disclose their address, date of birth, vehicle details etc over the phone. Therefore, this is personal data and falls under the GDPR guidelines. Therefore, if you do record your calls, recordings need to be stored securely for data protection as you must be able to demonstrate this if required by the record or a regulatory body.

In order to record calls, you must show that you have a legitimate basis to process their personal data. We cover processing data under GDPR in another post. Businesses must establish their basis before any calling is undertaken. To be compliant, businesses will need to keep records to show authorities should the occasion arise.

Ability to Opt-Out

An individual that no longer wishes to receive marketing materials must be able to opt-out easily. If you undertake telemarketing activities, ending the call asking the person if it is OK to call them again will provide them with this opportunity. It will also continue to opt them in if they say yes.

An opt-out must be as simple as an opt-in. For any marketing activities, there must be an unsubscribe option and businesses must delete the data they hold of that particular record.


Data cleansing is already one of the most vital activities you should be undertaking. It is critical that all records you hold are up to date and correct in order to be compliant. More accurate records also perform at higher rates on marketing campaigns. Under GDPR, there is further emphasis on the need for regularly cleansed data. This will ensure you only market to individuals who opt-in with the correct contact details. Furthermore, under GDPR, you can only hold a record for as long as agreed/ needed for the purposes of the marketing campaign. After this time period is up, you must remove the record.


At this stage, it is difficult to predict exactly how telemarketing will change under GDPR. However, as companies have a legal responsibility to keep more detailed records, gain prior consent, and demonstrate this to authorities, it is fair to say that a number of nuisance calls will disappear. This is especially true for the PPI you need to claim back which doesn’t exist!

However, for reputable companies that already manage their data correctly and undertake best practice, telemarketing can continue. Consent is a key issue under GDPR so ensure you obtain explicit consent and keep records of all processing and marketing activities. Secure all personal information securely to prevent any potential leaks.

If you have any questions regarding GDPR and how it may affect your business, get in touch and we will be happy to advise further.

Leave a Reply