The new marketing director of a mid-sized mechanical engineering company imports a LinkedIn list with 8,000 decision-makers from the DACH region and launches a cold outreach campaign via email. Three weeks later, the first cease-and-desist letters arrive. Cost: several thousand euros. The damage to reputation: even greater. The mistake: The marketing director overlooked that in DACH B2B, in addition to GDPR, the Unfair Competition Act (UWG) applies. Cold email outreach without opt-in is legally problematic even in B2B mechanical engineering. International outreach strategies from the US or UK don’t work one-to-one.
GDPR is only half the battle: The UCA regulates B2B outreach
Many sales organizations in mechanical engineering assume that GDPR is less strict for B2B contacts than in B2C. This is a dangerous misconception. GDPR regulates the processing of personal data and does not distinguish between B2B and B2C. Even in the B2B sector, the full requirements of GDPR apply as soon as personal data is processed, for example when you address a CEO by name.
The greater risk, however, lies in the UCA (Unfair Competition Act). Section 7 Para. 2 No. 2 UCA prohibits advertising via email without prior express consent, regardless of whether consumers or companies are being addressed. A single inadmissible advertising email can trigger cease-and-desist and even damage claims if it is assessed as an unlawful interference with the recipient’s established and operating business.
International sales organizations systematically underestimate this DACH specificity. The cold outreach practice common in US sales cultures (LinkedIn mass messages, unsolicited email sequences, WhatsApp marketing) collides head-on with German law. Anyone transferring outbound strategies learned from the USA, UK or Scandinavia to the DACH market risks not only cease-and-desist letters but also long-term reputational damage.
Three classes of consent in B2B sales
Consistent consent management requires a clear distinction between three classes of consent. Each class needs its own logic, its own documentation and its own technical implementation in the systems.
Marketing consent refers to newsletters, whitepaper downloads, event invitations and general information materials. Here the legal basis is relatively clear: no electronic advertising without explicit opt-in consent. This means: double opt-in for newsletter registrations, explicit checkbox for whitepaper downloads, documented consent for event registrations. This consent is purpose-bound and must be stored in the CRM system with timestamp, source and exact wording of the consent declaration.
Sales consent is the most critical class. It regulates direct 1:1 outreach by sales, i.e. cold calls, emails and LinkedIn messages. Different rules apply here: Cold calling by phone in B2B is permitted under the condition of presumed consent, but cold email acquisition is not. The presumed consent must be factually justifiable: A provider of machine safety solutions may call a mechanical engineering company. An insurance broker may not simply call all mechanical engineers because “everyone needs insurance”. For emails, the rule is: no advertising without explicit consent or existing customer exception (Section 7 Para. 3 UCA), not even in B2B.
Service consent includes maintenance reminders, product information, technical updates and after-sales communication. Here, in many cases, legitimate interest can be argued, provided there is an existing business relationship. A customer who has bought a machine expects maintenance notifications. This communication is part of contract fulfillment and does not require separate consent. However, as soon as cross-selling elements are added (such as: “In addition to maintaining your machine, we have an offer for an additional module”), it becomes advertising and the consent logic applies.
Consent management architecture across all systems
The three consent classes must be consistently mapped throughout the entire system landscape. A mechanical engineering company typically works with marketing automation, ERP, CRM, service portal, helpdesk and field service systems. Customer contacts are stored and processed in each of these systems. If marketing consent is documented in the CRM but not visible in the helpdesk, there is a risk that a service employee will unintentionally send an advertising email.
The solution: Centralized data objects for consent and subscription. MARINI, the platform for Customer Intelligence with Data Integration, Data Cloud and Agentic, provides the technological foundation for this. The MARINI Data Cloud consolidates all consent data in structured data objects: who consented to what purpose when, through which channel did the consent occur, when was it revoked. This central source of truth is then bidirectionally synchronized into all connected systems.
This means concretely: If a contact revokes their newsletter consent in the marketing automation tool, this revocation is propagated to CRM, ERP and service portal in real time. If a sales representative documents telephone consent for follow-up emails in the CRM, this information is immediately visible in the marketing system. Without this synchronization, data silos emerge that pose legal risks.
The MARINI Data Cloud offers pre-configured consent objects with fields for consent type, channel, timestamp, source, revocation date and legal basis (GDPR Art. 6 Para. 1 lit. a, b or f). These objects are linked to the respective contact via the Customer 360 view and are available to all systems. The platform also handles deduplication: if the same contact exists in multiple systems, the consent information is stored centrally only once and provided consistently via Golden Records.
Audit logs as governance backbone
The question “Who gave which consent when?” is not only relevant under data protection law, but also critical for business. In the event of a cease-and-desist letter or an inquiry from the data protection authority, the company must be able to prove seamlessly that the contact was lawful. GDPR requires documented evidence of all data processing operations, including consents.
Audit logs must therefore contain the following information: the exact time of consent, the channel (web form, telephone, email, event), the wording of the consent declaration, the IP address (for online consents), the user who recorded the consent in the system, and the time of any revocation. These logs must not be editable retrospectively and must remain available beyond the legally prescribed retention periods.
MARINI automatically generates these audit logs for all data flows. Every change to a consent object is logged with timestamp, source and user. If a sales representative manually adds consent in the CRM, this action is logged. If a contact revokes their consent via a web form, the revocation is saved with full context. These logs are not only a GDPR requirement, but also business insurance: in case of dispute, the company can prove that it acted in compliance with the law.
Without this logging infrastructure, a company remains liable to provide evidence in case of doubt. If a recipient claims never to have given consent and the company has not documented it, the consent is deemed not to have been granted. The risk is not borne by the recipient, but by the sender.
What MARINI does differently in mechanical engineering
MARINI positions itself as a specialized platform for Customer Intelligence with a clear focus on customer data across the entire customer journey. Unlike generic iPaaS platforms or isolated MDM solutions, MARINI covers the entire chain: from data integration via data quality to AI-supported workflows for recurring data processes. For mechanical engineering companies with complex system landscapes (SAP ERP, CRM, service portal, marketing automation), this integrated architecture is crucial.
EU-only hosting, ISO 27001 certification and revDSG compliance are not add-ons, but platform properties. MARINI stores all data exclusively in the EU and thus meets the strictest data protection requirements of the DACH market. For companies working with sensitive B2B data, this is a critical differentiator compared to US-based platforms that rely on transatlantic data transfers.
MARINI’s central DataEngine natively maps consent and subscription objects and synchronizes them bidirectionally into all connected systems. A mechanical engineering company can thus ensure that every consent status is available in real time in ERP, CRM, marketing automation and service portal. The platform also handles deduplication: if the same contact exists in multiple systems, the consent information is provided consistently via Golden Records.
MARINI Professional Services accompanies customers in implementing this consent architecture: from data cleansing and initial classification through building customer-specific AI workflows to CIEF-based roadmaps for Customer Intelligence. This is not just software deployment, but a strategic transformation process where legal compliance and operational efficiency go hand in hand.
From cold outreach to permission marketing
The legal reality in the DACH region is clear: cold email outreach is prohibited, cold LinkedIn messages are prohibited, WhatsApp marketing is prohibited. What remains? Telephone (under the condition of presumed consent), postal mail and above all: permission marketing. Instead of contacting potential customers unsolicited, you create incentives for them to actively reach out.
This works through content marketing (whitepapers, webinars, case studies), SEO-optimized landing pages, event marketing and social selling on LinkedIn, but without cold messages. You build a relationship before you sell. The contact gives their consent as part of the inbound process (download of a whitepaper, registration for a webinar, inquiry via a contact form). This consent is documented, purpose-bound and legally sound.
For mechanical engineering companies, this means a paradigm shift. Instead of buying lists and cold calling, you invest in thought leadership, technical content and industry events. You position yourself as an expert, not as a salesperson. This requires patience and a longer time-to-lead, but leads to higher quality contacts with genuine purchase intent. And: it is legally compliant.
The MARINI platform supports this approach through integrated marketing attribution and lead scoring. You can track which content pieces lead to conversions, which channels deliver the highest quality leads and where your target audience is actually active. These insights help to allocate the marketing budget efficiently and optimize the permission strategy in a data-driven manner.
