7 min read

Writen by Zlatko Delev

Posted on: November 25, 2021

Is buying data legal and GDPR compliant?

This is a complicated question, but in short, using bought data is legal and in line with GDPR (General Data Protection Regulations). HOWEVER, this is only the case if it has been purchased in the right way, from the right source.

GDPR states that, to contact an individual, you need explicit consent from them. Most of the time, individuals whose email addresses are on a bought data list have not explicitly agreed for companies such as yours to contact them, therefore you would be breaking GDPR regulations by doing so.

If you have bought your data from a reputable company such it’s still important to make vital checks before contacting people in your purchased list. It’s essential, for instance, that you offer recipients a clear, easily accessible means of unsubscribing from further updates from you.

It’s also a best practice to utilise a double opt-in process, which means sending them an email asking them to confirm their subscription before contacting them again. Any recipients who neglect to double opt-in should not be contacted again.

Remember to check any bought data against your current ‘Do Not Contact’ list (those who have already unsubscribed etc). You can face a fine for breaking GDPR restrictions if you contact someone who has already opted out.

Dangers of buying email addresses

There are many reasons to avoid buying data online, the most important of which we’ve detailed below.

1) Bought data lists tend to be out of date and low quality

That’s right, many emails in your bought mailing list will be defunct, left logged in on a dusty laptop in an attic, untouched for years and just slowly collecting spammy marketing emails for the rest of time.

How many of you have abandoned an email address and started a new one after growing increasingly frustrated by spam? This will apply to a lot of email addresses in those bought data lists.

2) It can negatively impact your email marketing click and open rates

The fact of the matter is, people who have explicitly opted in to your marketing communications are much more likely to open your emails as they’ve gone out of their way to request them in the first place. Bought email addresses, on the other hand, are not expecting your emails and will therefore be unlikely to open them.

When looking at your email marketing reports, bought leads will skew the data, undoing any hard work you’ve put into increasing your open rates and click rates and ultimately raising the eyebrows of your service provider.

3) It can damage the reputation of your business

In marketing terms, there’s not a lot worse than being called a spammer, but that’s the risk you take with buying leads for business. All it takes is one person to raise a complaint with MailChimp (or another provider) and your company will get a black mark next to its name.

If MailChimp receives a spam complaint for your communications, you’ll need to verify how you obtained permission to email the subscriber in the first place. You will, of course, struggle to do this if you bought the data.

The more people that identify your promotional emails as spam, the less likely your future emails are to turn up in your subscribers’ proper inbox. This will obviously damage the reputation and profits of your business.

4) Bought data tends to get blocked by email marketing services

As touched upon in the previous point, a lot of promotional email content backed by bought data will be blocked by Outlook, Gmail and similar providers. Spam filters are more intelligent than ever before, and are likely to detect emails its users have not explicitly opted into receiving.

When contacting a bought mailing list for the first time, you are likely to get a hefty bounce rate and spam rate due to the fact some addresses will now be derelict, while others will have strong spam filters in place that block emails from unknown sources.

5) People on your bought list will not know who you are

If you receive an email from a company you have never heard of, how likely are you to open it? Not very. This is the case for every email address on your bought list.

Speaking metaphorically, contacting a bought email address is the same as entering someone’s home without knocking on the door or asking for permission to do so. You may be offering them the best thing in the world, but most people will be frustrated by the level of intrusion you’ve displayed in doing so.

6) Your email service provider can block you for using bought data

It’s not just your recipients’ email providers you have to be wary of, your email marketing provider, such as Campaign Monitor or MailChimp, can block your account and even fine you for using bought email lists.

7) You won’t be the only one using your bought list

An easy mistake to make is assuming you’re the only business that will be using your bought list. This list is available to everyone who can afford it, therefore, you will be contacting people who are probably already drowning in a sea of promotional marketing emails, most of which have dropped into their inbox without warning.

Just think, you could be emailing your competitors or people who have no interest in your business or service!

8) You can get quality leads for free!

The best way to get quality, strong, GDPR compliant business leads? By generating your own subscribers list through engaging, effective and creative marketing, of course!

Forget buying marketing data and lists, and put your effort, time and money into building a loyal audience and customer base, full of people who are explicitly interested in what you have to say, sell and offer!

Is buying email addresses worth it?

In summary: no. The many risks massively outweigh any minor benefits of buying marketing data for your business. The most effective method of building a strong list of contacts is to do so through organic methods.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

ISO 27001 Controls: A Comprehensive Step-by-Step Guide

Organisations in today's world filled with technology require a good information security setup and

Comparing Information Security Frameworks and Data Protection Frameworks

With cyber threats evolving at an unprecedented rate and regulations tightening globally, understan

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy