Is Cold Calling Illegal in the UK? GDPR, PECR & TPS Rules Explained

Short answer: no, cold calling isn’t illegal in the UK. There’s no law that bans picking up the phone and calling someone you haven’t spoken to before. But it is regulated, and getting the rules wrong can mean a genuine fine — so it’s worth understanding what actually applies.

This is a general guide, not legal advice. If you’re dealing with a specific complaint or a large-scale campaign, it’s worth getting proper legal advice for your situation.

The Short Version

GDPR vs PECR — What’s the Difference?

People often say “GDPR” when they actually mean PECR, and it causes a lot of confusion.

GDPR is about data protection generally — how you collect, store, and use someone’s personal information. It applies to almost everything a business does with data, not just marketing calls.

PECR sits alongside GDPR and specifically covers marketing communications — calls, texts, emails, and faxes (yes, still technically covers faxes). This is the law that actually determines whether a specific call or message is allowed.

In short: GDPR is about the data. PECR is about the contact itself.

Calling Businesses (B2B)

If you’re calling a business to offer your product or service, the rules are more relaxed:

There’s no requirement to have prior consent for a B2B cold call, provided the business isn’t CTPS-registered and you’re not calling about something wildly irrelevant to what they do.

Calling Consumers (B2C)

This is where the rules tighten up considerably:

What About Texts and Emails?

Under PECR, unsolicited marketing texts and emails to individuals generally require prior consent — this is different from phone calls, where the TPS opt-out model applies instead. B2B email marketing has a bit more flexibility if the message is relevant to the recipient’s role, but it still needs to be transparent and give a clear way to opt out.

What Happens If You Get It Wrong?

The ICO can issue fines for breaches of PECR, and in serious or repeated cases these can be significant. In practice, most enforcement action targets large-scale, high-volume operations — mass unsolicited text campaigns, automated dialling to thousands of consumer numbers, that kind of thing — rather than a small business making a reasonable number of relevant, well-targeted calls.

That said, “we’re too small to get in trouble” isn’t a strategy. The basics — checking TPS/CTPS, being transparent, respecting opt-outs — are quick to follow and remove almost all of the actual risk.

A Simple Compliance Checklist

Before making a cold call, ask:

If you can answer yes to all of these, you’re on solid ground.

What This Means Day to Day

For most small businesses, the practical takeaway is simple: check the register before you call, be honest about who you are, and stop the moment someone asks you to. That’s the vast majority of the compliance work done.

If your business follows up with people who’ve already contacted you — asked for a quote, made an enquiry, filled in a form — you’re on much firmer ground still, since that’s a different situation to cold calling a stranger. If that’s more your situation than cold outreach, our guide on chasing a quote you’ve already sent covers that specific case in more detail.


Keep track of who you’ve called and when. DailyDial gives you a daily list of who to follow up with, so nothing falls through the cracks. Try it free for 14 days — no credit card required.

Related reading: Is It Legal to Keep Chasing a Quote? · GDPR for Tradespeople

Frequently Asked Questions

No. Cold calling itself isn't illegal, but it's regulated under PECR (the Privacy and Electronic Communications Regulations). You need to check the TPS register before calling individuals, or CTPS before calling businesses, and respect any request to stop.
Yes, calling a number registered with the TPS (Telephone Preference Service) for marketing purposes is against PECR and can be reported to the ICO. Always check the register before calling a personal number.
No. GDPR governs how you handle personal data generally. The specific rules on whether you can make a marketing call are set out in PECR, not GDPR, though the two work alongside each other.
Generally yes, provided the business isn't registered with the CTPS (Corporate Telephone Preference Service), you have a genuine relevant reason for the call, and you stop if asked to.