We get a lot of industry colleagues and friends talking to us in pure fear about the GDPR and what it means to them. That's mainly because of the amount of email marketing they do and their reliance on it as a channel.
As a GDPR practitioner and a marketer, I'd be more inclined to point them to the ePrivacy directive as this covers electronic communications. The EDPS (European Data Protection Supervisor) most definitely wants more stringency than GDPR and definitely wants consent for you to be able to email a subject.
There are still groups lobbying against this and I don't think (or know) that it'll be law by May 25th. But prepare as if it is.
Long and short, assume email will be opt-in only (and it doesn't have to be double opt-in, that's a myth).
Our advice would be to gain as much consent as possible now.
Finally, watch this space. Kingpin will be launching GDPR workshops for B2B marketers in Jan 2018.
The EDPS advises that the confidentiality of communications should encompass content, metadata and data related to the terminal equipment used by the end user. The EDPS also recommends that the ePrivacy Regulation should offer a higher level of protection than the GDPR and require privacy protective settings by default.