Not necessarily. The ICO is clear that marketing of your own products and services can be a legitimate interest. If you can show that the way you use people’s data is
- has a minimal privacy impact, and
- people would not be surprised or likely to object to what you are doing, then consent is not required.
However, with respect to direct marketing, the Privacy and Electronic Communications Regulations take precedent.
Consent is not always required for direct marketing in business to business communications, but you have to be a little careful as sole traders and some partnerships are treated as individuals.
For direct marketing to individuals, consent is usually required, although marketing related to products and services similar to those they have already bought is OK.
If you are required to have consent under the Privacy and Electronic Communications Regs then this is the Legal Basis of Processing to use for GDPR.