The art of prospecting

SoPro offer the most effective prospecting format in the world.

We believe that prospecting is an art form. It has taken us years to perfect it. And we are evolving our systems and processes every day.

So we don’t offer a low cost DIY prospecting tool.

We offer a prospecting service. And it’s amazing.

Our extraordinarily talented individuals deliver multi stage prospecting campaign as a flexible, scalable service.

Welcome to the future of B2B sales

Ask us anything!

GDPR Compliance

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection, storage, and processing of personal information from individuals who live in the European Union (EU).

The Information Commissioner’s Office is the UK regulator dealing with the Data Protection Act 2018 and the General Data Protection Regulation and the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK.

The ICO are like the data protection police and we need to make sure we always keep on their good side. Our determination to be 100% GDPR and PECR compliance will do exactly that!

It is important to take GDPR compliance very seriously, since the penalties for non-compliance are punitive and designed to be painful. You definitely don’t want to be on the receiving end of an ICO investigation or enforcement notice!

How does GDPR affect Marketing?

Most marketing formats have evolved to rely heavily on the use of customer data.
GDPR is a rule set governing the circumstances and manner in which data can be processed legally. It also introduces some scary consequences for falling foul of the law.
GDPR also sets out the framework for which types of data are considered Private and should be treated as such. The GDPR-savvy phrase used to describe private data is Personally Identifiable Information [PII].

Most businesses are surprised by the amount of Personally Identifiable Information (PII) stored within their systems, often without any specific intent or purpose.

How is our service GDPR compliant?

The aim of GDPR is to provide data protection guidelines for companies that collect, store, or process personal data, this is of course almost every company! From an email outreach perspective, GDPR and PECR guidelines oblige businesses to ensure marketing emails are directed to the individuals who are likely to find the content useful and relevant in their working capacity within the target business. That is ultimately the test for designating each communication as B2B in nature, and as such qualifying for the PECR B2B exemption. On that basis we ensure that:

  • We take all reasonable precautions to identify only the types of companies that meet the exact requirements of your campaign.
  • The topic of the email is clearly identified.
  • We carefully craft every email to ensure the topic is relevant to the business prospect.
  • There is a clear way to opt out from future emails.
  • We include a link to the privacy policy of our client which clearly describes how the data was collected, the GDPR lawful basis for processing, the data subject’s  right to stop further processing, and who to contact to exercise their GDPR rights.
Why are some businesses concerned that social prospecting is not GDPR compliant?

It’s true to say that GDPR is complicated and that when you add in PECR requirements the situation can be confusing. However, we understand that both GDPR and PECR apply and we take our obligations very seriously.

Our innovative prospecting approach is inherently GDPR and PECR compliant. We only target business customers with carefully crafted communication and ensure we meet PECR consent and opt-out requirements.

We acknowledge our GDPR responsibility and ensure we meet our obligations throughout the process and help our clients understand and meet their obligations.

A few GDPR related SoPro facts:

We send millions of emails each year. Post GDPR, we’ve noticed that some prospects mistakenly believe that email marketing became largely illegal after May 25th 2018.

A: It didn’t. Why are we so sure? Because we have worked hard to ensure that we meet the regulations’ various guidelines on data protection, relevance, targeting, etc. It hasn’t been easy. In fact, it has taken many months of blood, sweat and tears for us to say with total confidence that every SoPro campaign is and always will be 100% GDPR compliant.

What have we changed to become GDPR compliant?

A: With a long history of supporting hundreds of clients, there are hundreds of technical and operational changes that we’ve had to make to ensure compliance. We’ve read the regulations, received legal advice and training, nominated a Data Protection Officer who has led our GDPR mission, adapted our Terms of Service and Privacy Policy, improved our database functionality and worked with our suppliers and clients in order to ensure every aspect of our operation is 100% GDPR compliant.

Can I do nothing and hope it goes away?


Does PECR still apply?

Yes. The GDPR does not replace PECR – although it has amended the definition of consent. You need to comply with both GDPR and PECR for your business-to-business marketing.

The EU is in the process of replacing the current e-privacy law with a new ePrivacy Regulation (ePR). However, the new ePR is yet to be agreed. The existing PECR rules continue to apply (with the new definition of consent) until the new ePR is finalised.

Holy Sh*t. Do we need to appoint a data protection officer?

It is recommended that businesses appoint a Data Protection Officer to oversee adherence to the rules for certain types of processing however it is not a legal requirement.

At a minimum, you should have nominated an individual able to act as your compliance officer on an immediate basis when needed. That person can be employed directly (I.e. perhaps a CTO or managing director) or employed through a compliance support service.

Am I the data controller or the data processor?

If you are a business conducting in-house marketing activity to help sell a product or service, then you are the data controller with respect to the data associated with that campaign. [Article 24]

If you are a provider (business entity or freelance) of marketing services, employed to help a business sell a product or service, then the client is the data controller and you are more than likely employed as the processor. [Article 28]

In this case, due to our ability to work to your exact requirements, target exactly the type of customers you are looking for with emails that look exactly like you sent them, we have determined that we are acting as Joint Controllers with you, as defined in GDPR. We work in partnership with our clients to ensure that every campaign delivers the best possible results. We jointly determine how data is to be collected, stored, and processes and as such become joint controllers. [Article 26]. Don’t worry – this is not too bad! We have produced a comprehensive Data Sharing Agreement to help us define exactly what this means.

Is it legal to conduct B2B marketing activity?

With respect to data protection laws, B2B marketing campaigns are perfectly legal when conducted in a compliant manner and we recognise that both GDPR and PECR apply.

GDPR defines just six lawful basis on which you can process personal data. Our primary lawful basis is ‘legitimate interest’.  We have completed a full blown Data Protection Impact Assessment to ensure our approach meets GDPR requirements in full.

To ensure that your marketing is conducted in accordance with all relevant regulatory frameworks we recommend you conduct your own assessments and of course complete your own GDPR preparations.

Just in case you need help with this we’ve      prepared a Legitimate Interest Assessment (LIA) which can be undertaken on your behalf.

Does the GDPR mean we need consent for marketing?

Not necessarily. GDPR is concerned with how we collect, store and process personal data.

Under GDPR, Consent is one lawful basis for processing personal data, but there are alternatives. In particular, you may be able to rely on ‘legitimate interests’ to justify collecting, storing, and processing personal data.

When it comes to using data for marketing purposes and questions of consent, the relevant framework is actually  PECR.

Regulations covering B2B marketing communications are generally speaking – less strict under PECR and consent is not required in B2B scenarios. You need to be careful about who you target and the type of messages you send but that’s where we come in, our approach is 100% GDPR AND PECR compliant.

For more info on the relevant regulations,      here is a link to the UK ICO’s Guide to PECR, detailing when you need consent for electronic marketing among other topics:

What data am I allowed to store?

GDPR heavily regulates the storage and processing of Personally Identifiable Information (PII).

You should map your business systems to determine the data fields you store and categorise these in terms of their GDPR status.

Generally speaking, company information is not considered PII and can be stored and processed freely, as needed. This means you do not need to obtain consent to store a database of target companies.

Personally Identifiable Information may include fields such as prospect name, email, phone number, job titles and social profile URLs.

On what basis can I legally store Personally Identifiable Information?

GDPR sets out a number of permissible circumstances under which PII can be processed, the most appropriate category in this case is Legitimate Interest although other categories may apply.

This link explains the Legitimate Interests basis for processing PII:

To ensure marketing activity falls into this category, prior to commencing, you should carry out a full Legitimate Interests Assessment (LIA) for any marketing campaign you intend to run.

What if my marketing activity fails the LIA?

If you determine that your planned B2B prospecting activity does not meet the criteria for Legitimate Interests within the scope of GDPR you may not be able to conduct the activity within any regions subject to GDPR. However, this is very unlikely, and you should definitely talk to us before you abandon all hope!

What policies or processes do I need in place?

We strongly advise that you complete your GDPR preparations regardless of whether you engage SoPro or not!  Failure to complete GDPR can lead to punitive fines and robust enforcement action by the ICO.

We have produced a template Privacy Policy and Legitimate Interest Assessment to help get you started and to allow you to start your Sopro adventure.

Your key document is your Privacy Policy.

Any marketing messages should contain a link to a privacy policy explaining exactly what the user’s rights, as well as the type of data that is held about them, by who, and how the data was collected. You need to include us in your Privacy policy just to keep us both covered.

(If needed SoPro can provide a template privacy policy or review your existing one to ensure it meets the required standard.)

The rest of the documentation is just the standard GDPR set. Probably most importantly you need to know how you will manage any sort of request from a data subject. We can also help with but for example:

Managing Opting Out & Exclusion Lists

All recipients must be able to opt out easily to prevent further email communication being received. This is typically handled with an “unsubscribe” link.

Managing Subject Access Requests
All individuals have the right to request a copy of all data you hold on them.

When you receive a SAR you must have an efficient process to supply all personally identifiable data that you hold in connection with a data subject if necessary.

Managing Right to be Forgotten Requests

All individuals have the right to have their data removed (to be ‘forgotten’). You must have a reliable, repeatable process to remove all personally identifiable data that you hold in connection with a data subject.

Can I send unsolicited emails to prospects legally?

Whilst GDPR controls the collection, storage and processing of personal data in the UK, sending messages is regulated under the Privacy and Electronic Communications Regulations (PECR). This is very clear as to the requirements on business to business communication:

“You can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body). However, it is good practice – and good business sense – to keep a ‘do not email or text’ list of any businesses that object or opt out and screen any new marketing lists against that.”

This is where the SoPro approach really works      – we only target business customers that are likely to be interested in your products and services.

What is the ICO / Direct Marketing Checklist?

Great question – the ICOs direct marketing checklist is a great set of guidelines,
here it is:

Do I need to conduct additional Employee Training

You should ensure all employees undergo GDPR, PECR and general compliance training, covering the GDPR rule set in detail and the relevance and impact of those rules on your business. This training should set out the steps you take to ensure best practice is observed at all times and make clear the consequences associated with failure to meet the strict standards.

Data Storage

We take data security VERY seriously. We have completed a Data Protection Impact Assessment and ensure that all appropriate security measures to protect our data and your data at all times.

Non-EU/rest of world regulations

Where marketing activity is conducted to target non-EU nationals these campaigns are generally not subject to the same data privacy laws and GDPR does not apply.

Just be careful and remember that GDPR applies to EU nationals that now live outside the EU. This is quite a tricky aspect so please talk to us if you are unsure.

Naturally, we cannot be abreast of the constantly evolving regulatory frameworks in all countries at all times, as such it is important that you have knowledge of your local regulatory climate and ensure your business operates within the relevant regulatory frameworks and manage your campaigns accordingly.

Useful Links

We have collated the most useful links available to UK businesses researching the GDPR framework, key areas, timelines, scope and likely impact on B2B marketing.

Please note that GDPR rules are implemented at an EU Government (multinational) level. Each state is separately responsible for developing it own appropriate rule set ensuring, as a minimum, compliance with the EUs GDPR framework.

The UK Government has appointed the Information Commissioner’s Office (ICO) as the official body charged with ensuring national compliance with the GDPR. In light of this the ICO has released several handy guides.

Here are the most useful links from the key official bodies, including the UKs ICO, the UK Government, the European Legislation archives and the UKs Direct Marketing Association (DMA).
We suggest you put the kettle on:
GDPR final text (English)
ICO Guide to GDPR compliance – 12 Steps to take now (PDF)
GDPR Checklist 1 (UK ICO) – Data Controllers
GDPR Checklist 2 (UK ICO) – Data Processors
PECR text (UK Gov)
PECR B2B Exemption – (
UK Direct Marketing Association (DMA) – 7 key points for B2B Marketers
Direct Marketing Guidance – FULL VERSION (UK ICO)
Direct Marketing Checklist – TLDR VERSION OF ABOVE LINK (UK ICO)

Prospecting FAQs

We’ve been offering prospecting as a service for longer than anyone in the UK. It’s all we do. And we love it. We’ve written some answers to common questions below.

How long does it take to set up a campaign?
Our team are on hand to start working on your campaign today. In most cases your prospecting activity will be live within in 14 working days. During this time we will build your targeted prospect database, we will de-list any exclusions, set up your prospect engagement templates, configure campaign volumes to meet your lead requirements and fully brief our prospecting team.
Is social prospecting a bit spammy?
Most marketing formats have evolved to rely heavily on the use of customer data. GDPR is a rule set governing the circumstances and manner in which data can be processed legally. It also introduces some scary consequences for falling foul of the law. GDPR also sets out the framework for which types of data are considered Private and should be treated as such. The GDPR-savvy phrase used to describe private data is Personally Identifiable Information. Most business are surprised by the amount of Personally Identifiable Information (PII) stored within their systems, often without any specific intent or purpose.
Does SoPro provide an automated or human process?
SoPro social prospecting is 100% Human to Human. Of course our platform will batch certain functions such as email append and email verification jobs, however even these batched processes are run manually by our team. In terms of the prospect experience, each qualified prospect is engaged on a one-to-one basis with a personalised introduction to your brand or business. We have years of experience getting the best results from every contact and our experts will identify interests, mutual connections and profile commonalities for every target and use these to craft the perfect introduction
Are there any minimum campaign dimensions?
Fear not. Our simple price plans support campaign based or rolling monthly activity. We have a modest setup cost and our minimum campaign duration is 3 months, after that just give us a months notice at any point.
Do you have any minimum volumes?
For reasons of practicality the smallest campaign size we can support is 50 prospect engagements per day, this equates to roughly 750 contacts per month or £1,500/month in budgetary terms. That’s £1,500 for 750 prospects. Every prospect identified, researched and fully engaged. Compare that with your internal cost per prospect engagement and the business case is a no-brainer. Every time.
What social networks/tools do you use?
We use all good social networks, leading search engines and a variety of integrated data brokers together with internal sources to build a clear picture of each prospect, then we engage prospects passively via social media and directly via email.
How do I see my campaign stats?
You can access all your SoPro campaign stats through our intuitive web portal, The SoPro Hub. Think of it as a one stop shop for everything you need to know about your SoPro campaign, the place where all your questions are answered in our beautiful, analytical manner. The Hub presents your campaign performance through clear dashboards and detailed reports, together with a multitude of useful tools including exclusions management, prospect approval, data extracts, email templates, GDPR FAQS, CRM integration settings and more.
What countries does SoPro support?
SoPro do not operate to any known geographical restrictions. We are able provide Social Prospecting services globally.
What languages does SoPro support?
We are currently prospecting in a number of languages and territories. We have no technical limitation with respect to language, we do ask that you can support the full sales process including pitch, proposal and contract, in any languages you are prospecting in.
Where are SoPro based?
SoPro have offices in London, Brighton and Skopje. We don’t actually need to meet you in person to set up a Social Prospecting campaign but we like to if we can.
What payment methods/terms do you accept?
We will invoice you monthly in advance. Pay whenever you like, your campaign will start/resume upon receipt of payment. We are happy to take payment by credit card, direct debit or standard EFT, just ask your account manager.
What if I want to pause the service?
No problem at all. Most SoPro clients have some form of irregularity in their prospecting requirements… whether it’s sales team holidays, seasonal peaks and troughs, event schedules… we are regularly asked to tailor your prospecting schedules and that’s absolutely fine. Pauses can be requested at any point and while on pause, monthly prospecting credits simply accumulate on your account, rolling over monthly until the campaign restarts.
Short pauses
In situations where you might want to pause a campaign for a week or two (I.e. less than a month) to accommodate holidays or other short periods of unavailability, SoPro will work our scheduling magic to ensure we deliver the agreed volume of prospecting activity within the active days of the month. We take a common sense approach here and if you’re active for 4 days of the month we won’t try to deliver a full months’ worth of prospecting in 4 days, naturally in that situation the remaining prospect credits simply roll over to the following month. Most clients find a slightly accelerated rate of delivery is the perfect way to get sales straight back to full speed after a break. Please provide 5 days’ notice for short pauses. Monthly prospect credits remain unaffected. Billing remains unaffected.
Long pauses
In situations where you might want a campaign paused for a month or two (I.e. to accommodate staff restructure or periods of seasonality, SoPro will place yuour campaign “on ice” for up to 3 months and retain the campaign in fully a reactivatable state. In these situations we require the usual 30 days’ notice, then on the basis of having a confirmed restart date SoPro will keep your campaign on ice, all messaging and technical setup will be saved, all account logins will function as usual during the pause and no setup fees will be chargeable on return. All data, stats, insights and analysis will be saved and the restart will be treated as a continuation of the same campaign. Please provide 30 days’ notice for long pauses. Activity will stop. Prospecting credits will cease during the pause. Billing will stop. Account logins will remain active. Requires restart date confirmed in writing.
GDPR/Compliance questions
Read our dedicated GDPR compliance FAQ.
If you have a different question then please ask us and we’ll respond instantly