Consent vs Legitimate Interest in B2B Sales

The two GDPR legal bases for commercial prospecting compared step by step

Legal Compliance · Aug 2025 · 6 min read

Key takeaways

Legitimate interest is the preferred legal basis for B2B sales because it allows contacting businesses without prior consent, as long as you use public professional data and offer opt-out
Explicit consent is required for B2C, newsletters and when local regulations expressly demand it
MapiLeads collects verified public data, compatible with legitimate interest as your legal basis

Legal bases

What is legitimate interest and how does it differ from consent?

Legitimate interest (Art. 6.1.f GDPR) allows processing personal data without prior consent when there is a reasonable commercial interest and the impact on the data subject is minimal. It is the standard basis for B2B prospecting across Europe.

Consent (Art. 6.1.a), on the other hand, requires the contact to accept before receiving any communication. It is the mandatory basis for B2C and newsletters, but slows down B2B prospecting because you need the decision-maker to opt in before you can send anything. Interestingly, some teams are finding creative ways to build rapport before the consent step, such as using personalized video at key moments in the sales process to increase engagement.

The choice between them is not optional: it depends on the type of data, the recipient and local legislation. What matters is that your sales team understands when to use each one. The ICO provides a comprehensive guide on choosing the right lawful basis for direct marketing that is especially helpful for B2B teams navigating this decision.

72%

of European B2B sales teams use legitimate interest as their basis for prospecting

— Source: IAPP, Data Protection Benchmark Report 2025

legal bases GDPR provides for processing personal data

72%

of European B2B teams use legitimate interest for prospecting

30d

maximum timeframe to respond to data subject rights requests

Comparison

Consent vs Legitimate interest: head-to-head comparison

Explicit consent (Art. 6.1.a)

Requires prior acceptance. Ideal for newsletters and B2C. Revocable at any time. Slows down outbound prospecting.

B2B agility35%

B2B Standard

Legitimate interest (Art. 6.1.f)

No prior acceptance needed. Public professional data. Mandatory opt-out. Document with LIA. The standard pathway for European B2B sales.

B2B agility90%

Verified public data for legitimate interest prospecting

MapiLeads collects data from verified public sources. The perfect foundation for B2B prospecting with documented legitimate interest.

Generate Database Free

Reference

When to use each legal basis

Scenario	Recommended basis	Reason
B2B cold email with public data	Legitimate interest	Professional data, commercial relevance
Sales call to a business	Legitimate interest	Publicly listed business phone
Newsletter to subscribers	Consent	Recurring opt-in communication
Email to end consumer (B2C)	Consent	Non-professional personal data
LinkedIn prospecting to businesses	Legitimate interest	Public professional profile
Cookie-based remarketing	Consent	ePrivacy Directive requires it

Consent only

Need prior signed form
Only contact people who know you
Pipeline limited to inbound leads
Slow for outbound teams

→

Legitimate interest + public data

Contact businesses from day one
Unlimited outbound pipeline
Data from verified public sources
Opt-out and transparency guaranteed

Legitimate interest is not a shortcut or a grey area. It is the legal basis GDPR designed for B2B commercial activity with professional data. Recital 47 expressly recognises it for direct marketing. The European Commission has also introduced new rules for stronger cross-border GDPR enforcement, reinforcing how seriously the EU takes consistent application of these principles.

Method

How to document your legitimate interest (LIA)

Define your interest

Explain what commercial interest you pursue: acquiring clients for your service, expanding into a new market, etc. Be specific.

Justify the necessity

Explain why you need to process that data: there is no viable alternative to contacting those businesses without using their public contact data.

Assess the impact

The data is professional and public, the contact is relevant, the impact on the data subject is minimal. Document it.

Establish safeguards

Opt-out in every communication, periodic database cleaning, respond to data subject requests within 30 days.

Legitimate interest is the legal pathway GDPR designed for B2B sales

In summary

In B2B sales, legitimate interest is the standard legal basis for prospecting with public professional data. 72% of European teams use it
MapiLeads works with verified public source data, the perfect foundation for documenting your legitimate interest and prospecting legally
Use consent for B2C, newsletters and cookies. Use legitimate interest for B2B cold email, sales calls and prospecting with professional data

Legal B2B prospecting with verified public data

Access business data from public sources in over 120 countries. See plans or contact us.

Generate Database Free

Frequently asked questions

What is legitimate interest in B2B sales?

Legitimate interest (Art. 6.1.f GDPR) is a legal basis that allows processing personal data without prior consent when there is a reasonable commercial interest. In B2B, it applies when you contact businesses using their publicly available professional data and offer something relevant to their activity.

When should I use consent instead of legitimate interest?

Consent is mandatory for B2C and newsletters. In B2B, legitimate interest is more practical when contacting with public professional data. Use consent when the contact is personal (not professional), when local regulations require it, or for recurring communications like newsletters.

How do I document legitimate interest for prospecting?

You must write a LIA (Legitimate Interest Assessment) that includes: what interest you pursue, why data processing is necessary, what impact it has on the data subject, and what safeguards you apply (such as opt-out). You do not need to submit it proactively, but it must be ready if a data protection authority requests it.