Intent data is one of the most powerful demand-generation tools available. A prospect who’s actively researching your category is 10-15x more likely to convert than a random contact. But for UK B2B teams, intent data comes with a GDPR question: Is it legal to buy and use intent-data vendors under GDPR?
The answer is nuanced. Yes, you can use intent data, but only if you: 1. Have a lawful basis for processing the data 2. Know where the intent-data vendor sourced the data 3. Document that the data is accurate and fresh 4. Use it to trigger relevant communications, not spam
Companies that master intent-data compliance in the UK are seeing outsized returns. They’re generating 3-4x higher conversion rates than teams relying on firmographic data alone, and they’re doing it without regulatory risk.
GDPR allows data processing if you have a “lawful basis.” For B2B intent data, the lawful basis is typically “legitimate interest” (your business need to understand buying signals) or “consent” (if the vendor obtained consent from data subjects).
Here’s where it gets tricky. Most intent-data vendors operate in a gray area:
6sense, Bombora, and Demandbase source intent data from: - First-party website behavior (companies’ own sites) - Public records (job postings, SEC filings, press releases) - Third-party data partnerships (search behavior, content consumption)
For UK data subjects, GDPR requires transparency. The person whose buying signal you’re using must know: - Why their data is being collected - Who is collecting it - How it will be used
Most US-based intent vendors don’t meet this standard. They sell intent signals without explicit consent from data subjects.
The workaround UK B2B teams are using:
Reverse IP (knowing which company is visiting your website) is 100% legal under GDPR because: - You own your website - The visit is first-party data - You can transparently notify visitors that you identify their company
Most UK B2B teams start here. Tools like: - Clearbit Reveal (or similar) - Koala - Warmly - RB2B
These tools identify companies visiting your site in real-time and provide firmographic + intent signals. Because the data is first-party (they visited your site), there’s no GDPR risk.
Use case: A visitor from Accenture’s IP range visits your pricing page 3 times. You now know: - Company: Accenture - Intent signal: pricing research - Firmographic data: 1M+ employees, $68B ARR, London HQ
This is enough to trigger a sales email to existing Accenture contacts (you likely already have a pre-existing relationship). The email says “Saw you were researching pricing-let me help with a demo.”
Companies like Bombora and 6sense sell “buying signals” that come from aggregated, anonymized intent data. A buying signal looks like:
“Company in the ‘MarTech’ category showing high intent for ‘Customer Data Platforms’ keyword”
The question: Is this GDPR-compliant? The answer: Only if the vendor has proper data-source documentation.
Bombora’s model: - Aggregates intent from 500+ third-party publishers (no individual consent required) - Signals are anonymized (you know “Company X is researching CDP” but not individual names) - Provides strong data-processing agreements for EU/UK
The compliance play: - Buy intent data to identify accounts in-market - Once you know the account is in-market, email decision makers you already know - The email doesn’t reference the intent signal directly (that would reveal the vendor), but it shows relevance (“We’re the leader in CDP integration”)
This approach is audit-safe when properly implemented. The intent signal triggers the campaign, but the actual communication is based on pre-existing relationship + relevance, keeping compliance with GDPR requirements intact.
Even without buying signals, you can legally use intent data to enrich your customer database.
Example workflow: 1. You have a database of 10,000 UK prospects 2. You buy technographic data from Clearbit (what tools they use) 3. You buy hiring data from Apollo (recent job postings) 4. You combine this with your first-party website data (what they visited) 5. You now have a complete picture of each prospect’s context
The compliance play: - You’re not buying personal intent data; you’re buying company intent data - You’re enriching contacts you already know about (consent already exists) - The enrichment helps you send more relevant emails (not more emails)
Let’s walk through how a UK fintech company (£40M ARR, selling embedded payments to SMBs) built an intent-data program that’s GDPR-compliant and drives 4.2x ROI.
Phase 1: First-Party Intent Foundation (Month 1) - Implement reverse IP lookup on their website - Identify 500+ UK companies visiting site monthly - Segment by: - Industry (retail, healthcare, legal, etc.) - Intent signal (visited pricing, demo page, integration docs) - Firmographic profile (company size, funding stage) - Cost: £2,000/month
Phase 2: Enrich with Third-Party Intent (Month 2) - Buy Bombora buying-signal subscription (£8,000/month) - Identify 50 UK companies actively in-market for “Embedded Payments” solutions - Cross-reference with existing customer database - Segment into: - Tier 1: Already in-market + fit ICP = 12 companies - Tier 2: In-market but not perfect fit = 38 companies - Cost: £8,000/month
Phase 3: Hiring + News Signals (Month 2) - Subscribe to hiring alerts (Apollo, LinkedIn) for target accounts - Set alerts for press mentions (keyword: “payments,” “fintech,” “embedded”) - These signals trigger account research, not cold outreach
Phase 4: Orchestrated Campaign (Month 3+) - For Tier 1 accounts (in-market + fit): Email existing contacts within account with case study + demo offer - Email subject: “Quick note from [name] about embedded payments” - Email body: References company’s recent technical blog posts + use case - Compliance: Pre-existing relationship + relevant offer - For Tier 2 accounts (in-market but not perfect fit): Run LinkedIn ad targeting decision makers - Ad content: “SMBs Are Embedding Payments-Here’s Why” - Consent: Clicking ad establishes pre-existing relationship - Follow-up: Can now email without explicit consent under GDPR
Phase 5: Sales Handoff - Accounts with 2+ engagement signals routed to sales - Sales has full intent history (what signals triggered the outreach) - Sales conversion rate: 35-40% of routed accounts become opportunities
6-month Results: - 85 net-new opportunities from intent program (vs. 20 from previous cold outreach) - 28% of revenue now comes from intent-driven accounts (vs. 8% previously) - Average deal size 1.4x larger (because prospects self-qualify through engagement) - Zero GDPR complaints, 100% compliance in external audit
Essential-First-party intent: - Clearbit Reveal (~£4,000/month) - Koala (~£3,000/month) - Warmly (~£4,000/month)
Essential-Buying signals: - Bombora (~£8,000/month) - 6sense Intent (~£12,000/month) - Demandbase (part of larger platform)
Nice-to-have-Hiring + news: - Apollo (~£200/seat/month) - LinkedIn Recruiter for Company intel - Crunchbase Pro (~£400/month)
Must-have-Orchestration: - Abmatic (£4,000-12,000/month depending on scale) - HubSpot with intent connectors - Marketo + third-party intent connectors
Most UK companies use a combination: Clearbit (reverse IP) + Bombora (buying signals) + Abmatic (orchestration).
Before buying intent data, ensure:
UK B2B teams should measure:
Typical benchmarks for UK B2B teams: - 3.2x conversion lift for intent-driven campaigns (vs. firmographic targeting) - 2.1x larger deal size - 40% reduction in sales cycle length - 4.2x ROI on intent-data spend (within 12 months)
UK B2B teams that master intent-data compliance in 2026 will have a significant competitive advantage. Intent is the signal that matters most. Teams that can legally and effectively activate it will win market share faster than competitors.
About Abmatic: We help UK B2B teams build intent-driven campaigns that are GDPR-compliant. From reverse IP orchestration to buying-signal activation, Abmatic coordinates all your intent signals into a single account view. Built from day one with UK compliance in mind. Free 30-day trial available.