Short answer: no, cold calling isn’t illegal in the UK. There’s no law that bans picking up the phone and calling someone you haven’t spoken to before. But it is regulated, and getting the rules wrong can mean a genuine fine — so it’s worth understanding what actually applies.
This is a general guide, not legal advice. If you’re dealing with a specific complaint or a large-scale campaign, it’s worth getting proper legal advice for your situation.
The Short Version
- Cold calling businesses (B2B) is generally allowed, with some conditions.
- Cold calling consumers (B2C) is more tightly restricted, particularly around the TPS register.
- GDPR governs how you use someone’s personal data, not whether you’re allowed to call them.
- PECR (the Privacy and Electronic Communications Regulations) is the specific law that actually covers phone calls, texts, and emails.
- The regulator that enforces all this in the UK is the ICO (Information Commissioner’s Office).
GDPR vs PECR — What’s the Difference?
People often say “GDPR” when they actually mean PECR, and it causes a lot of confusion.
GDPR is about data protection generally — how you collect, store, and use someone’s personal information. It applies to almost everything a business does with data, not just marketing calls.
PECR sits alongside GDPR and specifically covers marketing communications — calls, texts, emails, and faxes (yes, still technically covers faxes). This is the law that actually determines whether a specific call or message is allowed.
In short: GDPR is about the data. PECR is about the contact itself.
Calling Businesses (B2B)
If you’re calling a business to offer your product or service, the rules are more relaxed:
- You can call a business number to speak to a relevant contact.
- You should check the business isn’t registered with the CTPS (Corporate Telephone Preference Service) — if it is, you can’t cold call that number.
- You need a legitimate reason for the call and shouldn’t be misleading about who you are or what you’re offering.
- If someone asks you to stop calling, you need to respect that.
There’s no requirement to have prior consent for a B2B cold call, provided the business isn’t CTPS-registered and you’re not calling about something wildly irrelevant to what they do.
Calling Consumers (B2C)
This is where the rules tighten up considerably:
- You must check the TPS (Telephone Preference Service) register before calling any individual’s personal number. It’s illegal to cold call a number registered with the TPS for marketing purposes.
- Even for numbers not on the TPS, you need to be able to justify why you’re calling and be transparent about who you are.
- Consumers have stronger rights to object, and repeated unwanted calls can trigger an ICO complaint.
What About Texts and Emails?
Under PECR, unsolicited marketing texts and emails to individuals generally require prior consent — this is different from phone calls, where the TPS opt-out model applies instead. B2B email marketing has a bit more flexibility if the message is relevant to the recipient’s role, but it still needs to be transparent and give a clear way to opt out.
What Happens If You Get It Wrong?
The ICO can issue fines for breaches of PECR, and in serious or repeated cases these can be significant. In practice, most enforcement action targets large-scale, high-volume operations — mass unsolicited text campaigns, automated dialling to thousands of consumer numbers, that kind of thing — rather than a small business making a reasonable number of relevant, well-targeted calls.
That said, “we’re too small to get in trouble” isn’t a strategy. The basics — checking TPS/CTPS, being transparent, respecting opt-outs — are quick to follow and remove almost all of the actual risk.
A Simple Compliance Checklist
Before making a cold call, ask:
- Am I calling a business or an individual?
- Have I checked the CTPS (business) or TPS (individual) register?
- Do I have a genuine, relevant reason for this call?
- Am I being upfront about who I am and why I’m calling?
- Will I respect it immediately if they ask me to stop?
If you can answer yes to all of these, you’re on solid ground.
What This Means Day to Day
For most small businesses, the practical takeaway is simple: check the register before you call, be honest about who you are, and stop the moment someone asks you to. That’s the vast majority of the compliance work done.
If your business follows up with people who’ve already contacted you — asked for a quote, made an enquiry, filled in a form — you’re on much firmer ground still, since that’s a different situation to cold calling a stranger. If that’s more your situation than cold outreach, our guide on chasing a quote you’ve already sent covers that specific case in more detail.
Keep track of who you’ve called and when. DailyDial gives you a daily list of who to follow up with, so nothing falls through the cracks. Try it free for 14 days — no credit card required.
Related reading: Is It Legal to Keep Chasing a Quote? · GDPR for Tradespeople