Lead generation and direct marketing is a core part of most sales cycles. It is also an area where well-intentioned teams can accidentally trip on legal landmines if they aren’t aware of consent rules.
In this article we give an overview of what is generally permitted in the UK, what typically requires consent first, and how to reduce risk without slowing sales teams down.
1. Not all channels are created equal
Different channels are governed by different rules in the UK. Before writing copy or building a list, decide which channel you are using and what legal basis you are relying on.
Typically it is easier to use phone or postal mail than it is to email, text or voice AI.
2. What is usually possible without prior consent
While each situation needs a fact-specific review, sales teams often have more flexibility when:
The outreach is to business contacts rather than consumers (but notably not with AI voice).
The message is replying to a request from the recipient.
The sender provides clear information about who is contacting the recipient and why.
The recipient is someone that has interacted with or bought something from the business before.
Every message includes a simple, working way to opt out.
3. What typically needs consent first
Consent is more likely to be required where:
The recipient is a consumer.
The channel is email or SMS.
Any use of AI voice agents
The recipient has had no previous interaction with your business
Even where consent is not mandatory, overly broad outreach can still create complaints and reputational harm, so the bar should be set with both legal risk and brand risk in mind.
4. Checklist to stay out of trouble
To keep outbound activity safe and scalable, build a simple process your team can actually follow:
Use clean data and know where it came from.
Segment lists by channel, audience type, and permissions.
Be transparent about who you are and why you are contacting the recipient.
Include an unsubscribe or opt-out in every appropriate channel.
Maintain suppression lists and make sure they are respected across tools.
Keep records of consent where consent is required.
5. A practical approach for teams that move fast
If your sales team is uncertain, the answer is rarely to stop outbound entirely. Instead:
Create a short internal policy that maps channel → audience → permission required.
Provide pre-approved templates for the highest-risk channels.
Train the team on a few clear red flags, and give them a route to escalate unusual cases.
If you operate internationally, the rules can vary significantly by country, and each country needs its own sense check.
Final thought
This is one of the areas that data protection regulators (in the UK’s case, the ICO) are most active in and they are quick to hand out 6-7 figure fines for unsolicited communications.
With clear channel rules, sensible consent handling, and strong opt-out hygiene, teams can stay compliant while still running effective sales outreach.
If you want help turning this into an internal playbook for your team, or pressure-testing a specific marketing or sales campaign, get in touch.
