Is buying data legal and GDPR compliant?
This is a complicated question, but in short, using bought data is legal and in accordance with GDPR (General Data Protection Regulations). However, this is only the case if it has been purchased in the right way from the right source.
GDPR states that you need explicit consent from an individual to contact them. Most of the time, individuals whose email addresses are on a bought data list have not explicitly agreed for companies such as yours to contact them, so you would be breaking GDPR regulations by doing so.
If you have bought your data from a reputable company, it’s still important to make vital checks before contacting people on your purchased list. For instance, you must offer recipients a clear, easily accessible means of unsubscribing from further updates from you.
It’s also a best practice to use a double opt-in process, which means sending recipients an email asking them to confirm their subscription before contacting them again. Any recipients who neglect to double-opt-in should not be contacted again.
Remember to check any bought data against your current ‘Do Not Contact’ list (those who have already unsubscribed, etc.). If you contact someone who has already opted out, you can face a fine for breaking GDPR restrictions.
Key Takeaways
Lawful Basis for Processing
Under the GDPR, contacting individuals using purchased data is only lawful if explicit consent has been obtained. Typically, individuals on purchased lists have not consented to be contacted by your company, making such use non-compliant. Even reputable data sources require thorough checks to ensure compliance.
Best Practices for Compliance
To mitigate risks, implement a double opt-in process where recipients confirm their subscription before further contact. Additionally, it provides a clear and accessible means for recipients to unsubscribe from future communications. Cross-reference purchased data against your ‘Do Not Contact’ list to avoid contacting individuals who have already opted out.
Risks of Purchased Data
Purchased data lists often contain outdated or low-quality information, leading to poor engagement rates and potential legal issues. Using such data can harm your email marketing performance and damage your business’s reputation if recipients report your communications as spam. Moreover, email service providers may block your account when you use purchased lists.
Dangers of buying email addresses
There are many reasons to avoid buying data online, the most important of which we’ve detailed below.
Bought data lists tend to be out of date and low quality
That’s right, many emails in your bought mailing list will be defunct, left logged in on a dusty laptop in an attic, untouched for years and slowly collecting spammy marketing emails for the rest of time.
How many of you have abandoned an email address and started a new one after growing increasingly frustrated by spam? This will apply to many email addresses in those bought data lists.
It can negatively impact your email marketing click and open rates
People who have explicitly opted in to your marketing communications are much more likely to open your emails as they’ve gone out of their way to request them in the first place. On the other hand, bought email addresses do not expect your emails and will therefore be unlikely to open them.
When looking at your email marketing reports, bought leads will skew the data, undoing any hard work you’ve put into increasing your open rates and click rates and ultimately raising the eyebrows of your service provider.
It can damage the reputation of your business
In marketing terms, there’s nothing worse than being called a spammer, but that’s the risk you take with buying leads for business. All it takes is one person to raise a complaint with MailChimp (or another provider), and your company will get a black mark next to its name.
If MailChimp receives a spam complaint for your communications, you’ll need to verify how you obtained permission to email the subscriber in the first place. You will, of course, struggle to do this if you bought the data.
The more people identify your promotional emails as spam, the less likely your future emails will be to arrive in your subscribers’ proper inbox. This will obviously damage your business’s reputation and profits.
Bought data tends to get blocked by email marketing services
As mentioned in the previous point, many promotional email contents backed by bought data will be blocked by Outlook, Gmail and similar providers. Spam filters are more intelligent than ever and are likely to detect emails that their users have not explicitly opted into receiving.
When contacting a bought mailing list for the first time, you are likely to get a hefty bounce rate and spam rate because some addresses will now be derelict, while others will have strong spam filters in place that block emails from unknown sources.
People on your buy list will not know who you are
If you receive an email from a company you have never heard of, how likely are you to open it? Not very. This is the case for every email address on your bought list.
Speaking metaphorically, contacting a bought email address is the same as entering someone’s home without knocking on the door or asking for permission. You may be offering them the best thing in the world, but most people will be frustrated by the level of intrusion you’ve displayed.
Your email service provider can block you for using bought data
It’s not just your recipients’ email providers you have to be wary of; your email marketing provider, such as Campaign Monitor or MailChimp, can block your account and even fine you for using bought email lists.
You won’t be the only one using your bought list
An easy mistake to make is assuming you’re the only business that will be using your bought list. This list is available to everyone who can afford it. Therefore, you will be contacting people who are probably already drowning in a sea of promotional marketing emails, most of which have dropped into their inbox without warning.
Just think, you could be emailing your competitors or people who are uninterested in your business or service!
You can get quality leads for free!
Of course, the best way to get quality, strong, GDPR-compliant business leads is to generate your own subscriber list through engaging, effective, and creative marketing!
Forget buying marketing data and lists, and put your effort, time and money into building a loyal audience and customer base, full of people who are explicitly interested in what you have to say, sell and offer!
Is buying email addresses worth it?
In summary: no. The many risks massively outweigh any minor benefits of buying marketing data for your business. Organic methods are the most effective method of building a strong list of contacts.
Conclusion
Purchasing data can be legal under the General Data Protection Regulation (GDPR), but only if the data has been obtained from reputable sources and the individuals have explicitly consented to be contacted. Even then, businesses must implement strict compliance measures, such as providing clear opt-out options and using double opt-in processes. However, relying on purchased data carries significant risks, including outdated information, poor engagement rates, potential legal penalties, and damage to your company’s reputation. It’s advisable to prioritise obtaining data directly from individuals who have willingly opted in to receive communications from your organisation.
FAQ’s
Is it legal to buy personal data under GDPR?
Buying personal data is only legal if the data subjects have explicitly consented to your organisation contacting them. Without explicit consent, using purchased data violates the GDPR.
What are the risks of using purchased data for marketing?
Purchased data is often outdated or inaccurate, leading to poor engagement, damaging your brand reputation, and resulting in legal penalties or blocking by email providers.
How can I ensure GDPR compliance when using purchased data?
Ensure individuals have given explicit consent, implement double opt-in processes, provide easy opt-out options, and cross-check data against ‘Do Not Contact’ lists before reaching out.