Legitimate interest done right: GDPR-safe outbound for recruitment agencies

GDPR does not ban cold outbound. It requires you to have a legal basis. For B2B recruitment outreach in the UK and EU, that basis is almost always legitimate interest.

To rely on it, three things have to be true.

1. The contact is a business contact

You are messaging someone at a work email about their professional role. Personal addresses do not qualify.

2. The use is reasonably expected

A recruiter contacting a VP of Engineering about a candidate is within the expected scope of that VP's job. A recruiter contacting them about an unrelated product is not.

3. You provide an opt out

Every message includes a one-click unsubscribe and you honour it across all future communication, automatically and forever.

What this means in practice

• Use the work email, not a personal address.
• State who you are and why you are writing in the first two sentences.
• Include the opt out link in every message, even the warm ones.
• Suppress unsubscribed addresses globally, not per campaign.

Cleyo handles the third and fourth points automatically. Every campaign includes the opt out token, and the suppression list is enforced at send time across every campaign in your workspace. There is no setting to forget.

Legitimate interest is not a workaround. It is the actual legal basis the regulators designed for B2B outreach. Used cleanly, it produces better deliverability, fewer complaints, and zero regulator surprises.