You typed “buy b2b email database” into Google and got ten results. Every one of them sells email databases. Every one of them has a GDPR badge in the footer. None of them will tell you what happens after you press send — because by then, they’ve been paid.

Here’s the short answer. You can legally buy a B2B email database in the UK. Expect to pay £275–£350 per 1,000 records from an established broker. Under PECR you can email limited companies without prior consent, but sole traders need it — and checking how the data was collected is your legal responsibility, not the seller’s.

The long answer is the rest of this guide: what a database actually costs, what the rules actually say, why bounce rates kill more campaigns than compliance ever will, and the six questions that separate a usable database from a £300 spreadsheet of dead addresses.

What It Costs to Buy a B2B Email Database in the UK

Pricing splits into four tiers, and the gap between them is mostly about when the data was last checked against reality.

OptionTypical priceWhat you get
Budget database sellersFrom 8–15p per contactPre-compiled bulk records. Verified once, sold many times. Highest decay risk.
Established UK brokers£275–£350 per 1,000 recordsCompliance-screened lists with accuracy guarantees, usually 90–95%. Single or multi-use licences.
Highly targeted dataUp to £1+ per contactFiltered by job title, sector, revenue band, tech stack. Priced per filter, not per record.
Built-to-order verified lists£50–£120 per 1,000Compiled fresh against live public sources at the point of order, not pulled from a warehouse.

The number that matters isn’t the price per record. It’s the price per record that still works. B2B contact data decays at 22.5–70.3% per year, so a database compiled twelve months ago and “verified” once at the point of sale can be a quarter dead before your salespeople open it. A £300 list that’s 30% dead costs you £430 per thousand usable records — plus the sales hours burned finding out which 30%. We covered how the broader provider market stacks up in our UK B2B data providers comparison.

The Rules: What UK GDPR and PECR Actually Say About Bought Email Data

Vendor sites handle compliance with a badge. Here’s what the law actually says, in four points.

1. Emailing limited companies without consent is allowed. PECR’s consent rule for marketing email applies to individual subscribers, not corporate subscribers — limited companies and LLPs. You can email a limited company cold, provided you say who you are and offer a way to opt out. This is why B2B email marketing exists at all.

2. Sole traders are not companies. Under PECR, sole traders and most unincorporated partnerships count as individuals — the same protection as consumers. They need prior consent. If you buy a database of “UK builders” or “plumbers near Manchester”, a large share of those records are sole traders, and emailing them cold breaches PECR regardless of what the seller’s badge says. Ask any database seller for the split between limited companies and sole traders. If they can’t answer, they haven’t checked either.

3. Named contacts are personal data. The moment a record says “Sarah Wilson, Operations Director” rather than “info@company.co.uk”, UK GDPR applies. You need a lawful basis — for B2B marketing that’s usually legitimate interests, and it must be a documented assessment, not a vibe. You also have to tell people where you got their data and honour objections. This is workable. It just isn’t optional.

4. The soft opt-in never applies to bought lists. The exemption that lets you email past customers without fresh consent only works if you collected the details yourself, during a sale or negotiation. A bought list fails that test by definition. And where consent is needed, ICO guidance is blunt: it’s only valid if the person specifically agreed to hear from your company — a tick-box covering 300 unnamed “trusted partners” doesn’t count.

What enforcement actually looks like

That last point isn’t theoretical. In January 2026 the ICO fined ZMLUK Ltd £105,000 for sending 67.7 million marketing emails using third-party data. The “consent” came from a website listing 361 partner companies with no way to choose between them. The ICO ruled it invalid — and found ZMLUK had done no meaningful due diligence on the data it bought. Buying the list didn’t transfer the risk. It just added a receipt.

Since March 2022 the ICO has issued 49 PECR fines totalling £4.63 million — roughly £95,000 per fine — and the Data (Use and Access) Act 2025 raised the maximum penalty from £500,000 to £17.5 million. For a full walkthrough of buying and using B2B data lawfully, see our guide to GDPR-compliant B2B data.

The Quality Problem Nobody Prices In

Compliance gets the headlines, but deliverability is what quietly kills most bought-database campaigns in week one.

Mailbox providers track your bounce rate as a core part of sender reputation. A healthy list bounces under 2%; above roughly 5%, major email platforms restrict or suspend accounts. A twelve-month-old email marketing database decaying at even the bottom of the 22.5–70.3% range will blow through that threshold on the first send.

Then there are spam traps: dead addresses that mailbox providers recycle specifically to catch senders using bought data. They’re rare — around 0.01% of addresses on a typical purchased list — but one hit can get your sending domain blocklisted. That doesn’t just end the campaign. It can put your normal business email — quotes, invoices, customer replies — into spam folders for weeks.

Three practical rules follow. Never send to a bought database from your main company domain. Run every list through a verification service before the first send — it costs pennies per record and finds the dead addresses before mailbox providers do. And read your email platform’s terms: most mainstream tools prohibit purchased lists outright, so plan your sending infrastructure before you buy the data, not after.

Six Questions to Ask Before You Buy a B2B Email Database

A seller who answers all six clearly is worth your money. Most won’t get past three.

1. What’s the split between limited companies and sole traders? This determines who you can legally email without consent. A seller who doesn’t know hasn’t segmented for PECR at all.

2. When was each record last verified — not collected, verified? The gap between the two can be a year or more. Ask for the verification date on your specific segment.

3. How was the data collected, and what were people told? The ZMLUK fine turned on exactly this. If consent is claimed, ask to see the wording. If the seller deflects, the due-diligence failure becomes yours the moment you send.

4. What’s your ICO registration number? Any legitimate UK data seller will give it without hesitation. Check it against the ICO’s public register.

5. What’s the accuracy guarantee — and what does it pay out? “95% accurate” means nothing without a remedy. The honest version is specific: free replacement of records that bounce within 30 days.

6. Single-use or multi-use licence? Cheaper prices often buy one campaign, not the data. Know which you’re getting before you build a nurture sequence on top of it.

When Buying a Database Is the Right Call — and When It Isn’t

Buy a database when your targets are overwhelmingly limited companies, you need campaign volume this month, and you’re treating the data as perishable — used within weeks, verified first, sent from a dedicated domain. For mapping a market or filling a telemarketing floor, a well-sourced database is a fair tool at a fair price. Our guide to B2B marketing lists covers how to segment one properly once you have it.

Don’t buy one when your buyers are sole-trader trades (the consent problem), when you plan to email from the same domain your invoices come from (the deliverability problem), or when your service is triggered by an event — a failed inspection, a new registration, a planning application. A static database can’t tell you when a business needs you, and timing is where the response rates live: trigger-based prospecting generates 20–35% response rates against 5–10% for cold sends to static lists — and average cold email converts at 0.2%.

The Alternative: Buy the Data Fresh, Not From a Warehouse

The core defect of every pre-compiled database is the compile date. The data was true once, then it was warehoused, and you’re buying the gap between then and now.

The fix is to buy data compiled at the point of order. Our verified lead lists are built fresh against live UK public sources when you order — business name, domain, verification status, phone, and email, from 5p per lead with a 95%+ accuracy guarantee or free replacement. If you’re targeting a specific profession, our email lists by profession cover 574,000 UK records across accountants, architects, solicitors, dentists, builders and more, filtered by Companies House SIC code — which also means you know the company structure before you send.

And if your business is one where timing decides who wins the deal, a list — even a fresh one — is the entry point, not the destination. A list tells you who exists. A signal tells you who needs you this week: the restaurant that failed its hygiene inspection on Tuesday, the care home that registered with the CQC last Thursday. That’s a different product, and for the right business it changes the economics of outbound entirely.

Either way, the test is the same one you should apply to any database seller: ask for a sample and call the records yourself. We’ll give you one free — real UK leads from your target market, verified this week, with the sourcing shown for every field. If the data doesn’t survive contact with a telephone, don’t buy it. From us or anyone else.

Frequently Asked Questions

Is it legal to buy email lists in the UK?
Yes — there’s no ban on buying B2B contact data. The law regulates use, not purchase: limited companies can be emailed without prior consent under PECR, sole traders can’t, and UK GDPR applies to every named contact. The buyer carries the due-diligence duty, not the seller.

How much does a B2B email database cost in the UK?
Established brokers charge roughly £275–£350 per 1,000 records. Budget sellers start around 8p per contact; heavily filtered data runs to £1+ per contact. Built-to-order verified lists cost £50–£120 per 1,000 depending on enrichment depth.

Can I email businesses without consent under UK GDPR?
Usually, if they’re limited companies or LLPs — PECR’s consent rule doesn’t apply to corporate subscribers. You still need a documented legitimate-interests basis for named contacts, an honest sender identity, and a working opt-out in every email.

What happens if I use a bought email list wrongly?
The ICO fined ZMLUK £105,000 in January 2026 for sending to bought data with invalid consent, and the maximum PECR penalty is now £17.5 million. “The seller said it was compliant” has never once worked as a defence.