The difference between GDPR and PECR
According to the DMA (and my experience so far), there are still a lot of marketers who do not understand the difference between GDPR and PECR.
In respect to PECR you can make live calls to individuals and corporates as long as they have not registered on TPS/CTPS or previously opted out of receiving calls from you. Otherwise PECR says you need consent.
You cannot email individuals, partnerships or sole traders without consent or soft opt in.
You can send direct mail to individuals and businesses without consent.
Where PECR does not require consent you can use legitimate interest to process your data under GDPR as long as you have undertakes a legitimate interest assessment.
Where you maybe vulnerable is not knowing who the individuals, partnerships and sole traders are in your database. It is therefore advisable to pull these out of your email campaigns and phone them instead. This can be done as part of another marketing campaign or specifically to gain consent.
This will single out those contacts who are really interested in your proposition or not so if you lose them in the process, it just cleans up your data.
You can of course email individuals without consent if you have gained a soft opt in but this does say that you need to have had a contract with them so be wary of using this option.