[reynard_le_faux]

Consent isn’t required for B2B data processing and cold contact as far as I know, like it is for consumer data. There are six lawful basis including consent. The most relevant one in this case is probably legitimate interest. A company can cold contact someone at an organisation if they believe there is a genuine possibility they would buy the product or service they offer. IANAL however.

PS What’s CYA?

[scrollaway]

"CYA" means "Cover Your Ass", which is used when you have lawyers/compliance people using vague and over-reaching language to "cover their ass", without anything meaningful behind it.

> Consent isn’t required for B2B data processing and cold contact as far as I know, like it is for consumer data.

From what I can tell, the way this company ingests data uses personal channels and lookups. So although a company would be using their services and they are b2b, the targets of those cold emails are getting their personal data ingested by a company they have no knowledge of, and they are for sure not made aware of it in those cold emails.

If those targets are exclusively employees of a company, their professional email is being targeted, and only their professional profiles are being scraped, I would bet it's defensible. I am certain it's not the case though.