GDPR changes the very concept of a “list”
In the US, buying an email list and launching cold outreach is standard practice. In the EU it violates GDPR. The regulation requires explicit opt-in for marketing communications: the person must check the box themselves, not have it pre-checked by default.
In DACH (Germany, Austria, Switzerland) the de facto standard is double opt-in: after filling out a form, the person receives a confirmation email with a link. Without clicking that link, the address cannot be used. This reduces list size by twenty to forty percent, but simultaneously raises quality - and protects you from fines of up to four percent of global company revenue.
How to build your list legally
Lead magnets work - if they’re genuinely useful. A whitepaper with real market data, a checklist with concrete steps, a document template that companies use every day. A generic “marketing guide” in 2026 will not get downloaded.
Webinars and conferences produce quality contacts: the person clearly invested time and showed interest in the topic. At registration, add an explicit checkbox saying “I agree to receive news and materials from [Company]” - separate from the main registration form. The site form must clearly state what exactly the subscriber will receive and how often. “Subscribe to newsletter” without explanation doesn’t satisfy the spirit of GDPR.
What works in EU B2B email
Newsletters with genuine market analysis get read. Not a summary of other people’s articles, but your own observations: what changed in LinkedIn Ads auctions last quarter, what conversion rates your clients in a specific industry are seeing, what failed in your own testing.
Onboarding sequences for new clients show high engagement: the person just bought, motivation is at its peak. Three to five emails in the first two weeks is normal. Deal alerts for a narrow segment (for example, a weekly digest of changes in the platforms your clients use) build the habit of opening emails.
Segmentation by industry and role raises relevance. A CTO in fintech and a Head of Marketing in e-commerce get different emails - even if both bought the same product.
What doesn’t work
Purchased lists don’t work either technically or legally. Technically - because people who didn’t opt in don’t open emails and hit “Spam,” which kills your domain reputation. Legally - because it’s a direct GDPR violation.
Aggressive nurturing with daily emails annoys EU audiences faster than American ones. The standard for an engaged B2B segment is one to two emails per week maximum. Frequency above this without demonstrably high value per email leads to rising unsubscribes and falling deliverability.
Metrics to watch
An open rate of twenty-five to thirty-five percent for an engaged segment in EU B2B is normal when the list was built organically. Below twenty percent - the problem is either subject lines or list quality. Click rate of three to six percent for informational emails, one to two percent for digest-format. Unsubscribe rate above one percent per send is a signal: either too frequent sends or irrelevant content for the segment.
Deliverability matters more than open rate. Set up SPF, DKIM, DMARC before the first send. A reputable ESP automatically checks these settings.
Tools for EU B2B
Brevo (formerly Sendinblue) - EU servers, GDPR-ready by default, double opt-in built in. A good choice for companies that care about EU data storage. Loops is oriented toward SaaS products with event-driven logic: emails are sent not on a schedule but triggered by a user action in the product. Customer.io allows complex behavioral triggers and suits more mature marketing operations.
Tool choice is secondary to list quality and content relevance. The most sophisticated ESP won’t save a low-value email campaign.