GDPR and cold email
Is cold email legal in Latvia?
Sending B2B cold emails to company work addresses in Latvia is usually legal when it is based on legitimate interests (Article 6(1)(f) GDPR): a clear sender, a link to the recipient's business and an easy way to opt out. Personal addresses usually require prior consent. learnxMI (Rīga) builds cold email systems that meet these requirements.
1. On what basis are B2B cold emails allowed at all?
The General Data Protection Regulation (GDPR) does not prohibit sending commercial emails without prior consent. It requires that every processing of personal data has a legal basis. For B2B cold outreach to company work addresses, that basis is usually legitimate interests: Article 6(1)(f) GDPR.
The legitimate interests basis means your commercial interest in approaching a potential business partner is balanced against the recipient's rights and reasonable expectations. If you write to a specific company about a service directly related to its business and offer an easy way to opt out, that balance is usually on your side. If you blast an unrelated mass offer to thousands of random addresses, it is not; and that is exactly where the problems start.
2. How does B2B differ from B2C?
The difference is fundamental. Writing to a company work address (for example, name@company.lv or info@company.lv) about a business matter is usually possible on the basis of legitimate interests. Writing a commercial offer to a private person's personal address is usually not allowed without prior consent.
In Latvia, in addition to the GDPR, ePrivacy requirements also apply (the Information Society Services Law), which tie commercial communications to natural persons to consent. That is why B2B cold outreach is built on work addresses, not private ones, and always with clear company context: who is writing, why this specific company, and with what offer.
3. What requirements apply in practice?
Legality does not follow from the choice of legal basis alone; it also follows from how the email looks and behaves. In practice, a B2B cold email must meet several conditions:
- A clear sender: a real name, company and contact details, not an anonymous or misleading "From" field.
- A link to the recipient's business: the offer must be reasonably related to what the company does; a random blast is not a legitimate interest.
- Easy opt-out: every email offers a clear way to decline further correspondence, and opt-outs are honored immediately.
- Data source on request: if a recipient asks where their address came from, you must be able to answer honestly.
- Proportionality: send a targeted, personalized list, not a mass blast with no selection.
4. What does the Latvian Data State Inspectorate oversee?
Data protection in Latvia is overseen by the Data State Inspectorate (Datu valsts inspekcija, dvi.gov.lv). It clarifies how the GDPR applies, handles complaints and can impose sanctions for violations. In practice, most problems come not from the principle of B2B outreach but from how it is done: when there is no opt-out, when addresses come from questionable sources, or when private persons are approached as if they were companies.
So the practical principle is simple: approach companies with respect, keep only what is needed for the correspondence, and always let a person easily say "stop writing". Honest practice protects you not only from complaints but also from damaging your domain reputation.
5. What must you not do?
The line between a legal cold email and a violation often lies in practice, not in theory. These are the most common mistakes that strip B2B outreach of its legal basis:
- Purchased, questionable contact databases: lists from unknown sources often contain private addresses and contacts with no link to your offer.
- Misleading subject lines and senders: "Re: our conversation yesterday" when there was no conversation is both a reputation and a compliance risk.
- Hidden or missing opt-out: if there is no way to opt out of the email, the processing is no longer fair.
- Ignoring opt-outs: if a person has asked you not to write, continuing the correspondence is a direct violation.
- Approaching private persons as companies: personal addresses (for example,
@gmail.com) usually require prior consent.
How learnxMI does it
learnxMI (Rīga) builds cold email campaigns where compliance is built into the process, not added at the end. In practice this means:
Our own data extraction pipeline with really published contacts: we work with addresses companies have published themselves, not guessed name.surname@ patterns or purchased lists. That alone removes part of the compliance and deliverability risk.
AI agents with context memory: agents do the outreach and answer interested replies while keeping the conversation context, and they always respect opt-outs.
Personalization and targeting: every sequence is built for a specific segment, with a clear link between the offer and the recipient's business.
A free test batch: before any cooperation you can see the data quality on a sample of your segment.
Work in Latvian, Russian and English: to match your market in Latvia and the Baltics.
Instead of burning a domain with a mass blast, we build a flow that stays both legal and deliverable, and is part of broader client acquisition.
Frequently asked questions
Can you write to `info@` and sales addresses?
A B2B offer can usually be sent to general company work addresses (info@, sales@, name@company.lv) on the basis of legitimate interests, provided the offer relates to the company's business and the email has an easy opt-out.
Do you need consent before sending?
For B2B correspondence to work addresses, prior consent is usually not required when the basis is legitimate interests and the requirements are met. Private (B2C) addresses usually require prior consent.
Do you have to say where an address came from?
Yes. If the recipient asks, you must be able to name the data source. That is why it is important to work with really published contacts whose origin can be traced, not with lists of unknown origin.
How long can you keep the contacts?
Contacts are kept as long as needed for the correspondence about the specific offer. If a person opts out or asks for their data to be deleted, the request must be fulfilled.
Planning a B2B cold email campaign in Latvia?
See cold email campaigns and lead databases, or write to us and we will discuss your segment. This article is a general explanation, not a legal opinion. For your specific situation, consult a lawyer or the Latvian Data State Inspectorate (Datu valsts inspekcija, dvi.gov.lv).