The GDPR defines multiple legal grounds on which you are allowed to process personal data (such as collecting an email address for contacting). Consent is only one legal ground. Another one is "legitimate interest", which a lot of salespeople will use in order to find prospects. However the recipient is allowed to say "not interested, don't contact me again" and you'll have to comply.
Furthermore the GDPR does not apply to small-scale, ad-hoc, personal situations. Contacting a CEO as a customer is fine. Your personal phone's address book is fine. So is keeping a list of attendees of your birthday party. But wearing a camera on your body all day and recording everything and running face recognition on the video, even if you do it for personal reasons, is not ok.
> It may be the most appropriate basis when:
> you cannot, or do not want to, give the individual full upfront control (ie consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.
Furthermore the GDPR does not apply to small-scale, ad-hoc, personal situations. Contacting a CEO as a customer is fine. Your personal phone's address book is fine. So is keeping a list of attendees of your birthday party. But wearing a camera on your body all day and recording everything and running face recognition on the video, even if you do it for personal reasons, is not ok.