Where a company has an existing mailing list for emails, is consent required? If they're already doing business with the company, is consent required? Is consent required before sending an initial email?
As regards to the existing emailing list, if the legal basis for processing, where consent has been given under the Data Protection Directive, it will continue to be valid under the Regulation if it also meets the requirements of the Regulation. For example, check that when you obtain the consent you were not using pre-ticked boxes and the request for consent was separate from other matters.
If you have emails of partners you can use “contract necessity as a legal basis for processing assuming you have an already existing contractual arrangement".
As for obtaining the consent by contacting the data subject on email, I would advise against that because by sending an email you are already processing personal data and you would need a legal basis for this.
As key take always:
- Review your existing processes to obtain consent to establish if they are valid under the Regulation;
- Consider if you can rely on an alternative basis for processing;
- If you do want to use consent, put in place processes to record and act on a withdrawal of consent.