Understanding Laws and Their Impact on Cold Calling

Privacy laws in the European Union (EU), the European Economic Area (EEA), the United Kingdom (UK) and other non-US countries, such as the GDPR, govern how businesses collect, use, share and otherwise process individuals’ personal data. These are designed to strengthen the protection of personal data and to ensure that businesses respect individuals’ privacy rights.

When it comes to cold calling, alongside general privacy laws, businesses must also consider requirements under marketing laws and must ensure that, before making unsolicited calls, they comply with several key principles.

1: Lawful Basis for Processing Personal Data and Cold Calling

When cold calling, businesses must have a lawful basis and may rely, as applicable, on one of the following:

• Consent: Obtaining explicit consent from an individual before contacting them. For example, if a company collects phone numbers through a sign-up form or through a trade show, the company may obtain consent via this form.
• Legitimate Interest: If permitted under relevant laws, businesses may also rely on legitimate interest to make cold calls. However, businesses must still provide individuals with a right to opt-out from receiving such calls and to ensure that the interests of the business do not outweigh the individual's rights and freedoms.

2: Transparency and Informing Individuals

One of the core privacy principles is transparency. Businesses must provide individuals with clear and easily accessible information about how their personal data will be used, including for purposes such as cold calling. This typically involves:

• Pre-call Information: When cold calling, you should provide some information including: who you are, the purpose of the call, and why you're contacting them. This information should be shared at the start of the call.
• Privacy Notices: You should also have a more detailed publicly-facing privacy notice, for example on your website, which should outline how the data will be processed, retained, and shared and the individuals’ rights.
• Opt-Out Option: A key requirement under privacy and marketing laws is the right of individuals to object or withdraw their consent from processing of their personal data. This means that during the call, businesses must tell individuals how they can opt out or refuse further contact. Your privacy policy should also cover this.

3: Do Not Call Lists

One important aspect of cold calling compliance relates to respecting individuals’ preferences, especially regarding "Do Not Call" lists. Businesses are required  to maintain accurate records of individuals who have explicitly opted out of receiving marketing calls.

• National Do Not Call Registries: In many countries, there are official Do Not Call registries. Ensure your company checks these registers before initiating cold calls. Many third party data providers automatically check against national Do Not Call Registries; it’s important to understand the controls your data providers have in place to remain compliant.
• Internal Do Not Call List: Companies should also create and maintain their own internal lists of individuals who have opted out of calls within CRM or dialing tools. This will help ensure that no one on this list is contacted again.
• Third-Party Data Providers: Many businesses purchase subscriptions to third-party data providers. Before importing, integrating, or calling prospects from these providers, it’s important to verify what providers are doing to comply with relevant legal requirements. For example, whether the individuals on the list have been adequately informed and whether these providers remove prospects that are listed on Do Not Call Registries.

4: Tracking, Recording Calls, & Automated Dialing Systems

Some businesses may record cold calls for quality assurance or training purposes. However, recording calls can raise additional privacy considerations, such as:.

• Country-Specific Recording Laws: It’s important for businesses to research and understand call recording laws in each country they operate in, especially if they are calling consumers across multiple countries.
• Informing the Call Recipient: If you plan to record a call, you must inform the individual at the beginning of the conversation and, as applicable, obtain their consent. 
• Purpose Limitation: Ensure that recordings are used only for the stated purpose and are securely stored. They should not be kept for longer than necessary, and access to these recordings should be limited to authorized personnel.
• Automated Dialing Systems (“ADTS” or “Autodialer”): Many countries restrict the use of an ADTS without consent, that plays pre-recorded messages to consumers.

‍

Nooks is not considered an ATDS, because:

• Nooks does not utilize a random or sequential number generator to store or produce numbers for dialing (or for any other purpose)
• There’s full traceability of calls, linking each number dialed to the corresponding user
• There is no number spoofing to maintain transparency
• No prerecorded messages are played to live prospects
• Users can manage and honor opt-out requests in the platform

‍

Best Practices to Stay Compliant

Here are some recommendations best practices that can help your company stay compliant: 

• Always have a lawful basis for processing personal data (such as consent or legitimate interest), including for cold calling and call recording purposes.
• Ensure that your data providers automatically remove prospects from National Do Not Call Registries. 
• Include your name, company name, and reason for call in your call opener.
• If a prospect lets you know they don’t want to be called, thank them for their time politely and properly record this so they are ‘opted-out’.
• Include privacy notices wherever is necessary on your website, digital forms, and other areas where you capture your prospect information. 
• Utilize features like Nooks call recording module to configure rules based on the countries and regions you are calling. You can choose to keep call recording on for both parties, for just your team (1-way), or turn it off. It’s recommended to turn off call recordings for teams that need to abide by laws in the EU, EEA and the UK.
• The following 3rd party data providers are recommended if using the Nooks Numbers feature to enrich prospect data: Zoominfo, Cognism, and Apollo. Click on each provider to review their Do Not Call Registrar capabilities.

‍

Disclaimer:The information contained in this document is provided for informational purposes only, and should not be construed as legal advice on any subject matter or compliance guarantees. Please conduct your own legal assessment before engaging in international calling.

Because carrier agreements and governmental policies are constantly evolving, Nooks cannot provide comprehensive documentation of all known voice restrictions, as this list would be incomplete and nearly immediately out-of-date.

‍