I came across this article about cold calling under GDPR which is an excellent explanation of when you can or can’t call people. I think the article is aimed at bulk calling consumers (B2C) rather than the more targeting approach to calling business prospects (B2B) but the regulatory details still apply.
There appears to be wiggle room for continuing to cold call, but GDPR brings in the ‘right to be forgotten’ for a call recipient, plus the right to know what data you are holding on them, and the right to restrict what you do with their data.
Have you got a GDPR compliance plan in place? Call me if not and I can provide advice on how to get started.