Every country has slightly different rules, but on the ICO website in the UK it clearly says:
"You don't need consent if you're marketing to a corporate subscriber. But you’ll need to say who you are and tell people how they can opt-out from receiving further marketing from you."
With GDPR you need to consider the gathering, processing and storage of data together. Ultimately it comes down to making sure anyone being contacted is being contacted for legitimate reasons. If they don't wish to be contacted, it needs to be easy for them to stop receiving messages. And any data that has been stored is removed in a timely manner. There is no specific time frame for this, but once a contact has gone through a 30 email day sequence... if they haven't responded then they could be removed completely from the list.
The key things to focus on are:
- Targeting prospects where your service is of legitimate benefit to them.
- Explaining clearly in emails why the service/product is directly relevant to them.
- Making sure it is easy for them to stop receiving messages should they wish to.
- Not keeping personal data on file for longer than is necessary.
As long as we're contacting relevant prospects, with legitimate messages, and there is a process for handling anyone who does not wish to receive emails or wishes to have their data removed, these are the things that make outreach compliant with GDPR.
But any questions, just let us know :)