By now everybody knows that business email addresses that go directly to one individual, such as jo********@ex*****.com, are considered personal data (personally identifiable information, or PII) for the purposes of GDPR and, increasingly, email privacy laws in other countries. But what about generic business email addresses, such as in**@ex*****.com, sa***@ex*****.com, or co*****@ex*****.com (also known as 'role account' email addresses)? The conventional wisdom is that those are not considered personal data, and so are fair game to add to your mailing list without prior consent. But not always, there's a catch!