Hi all, I hope I'm posting in the right area. We're trying to conform with the new GDPR legislation in time. While we follow basic principles, I'm a little confused about a few things and haven't got a response from the ICO. I apologise in advance for all of the questions, but it's important to me that we get this right and conform properly. I really appreciate any advise you can give. 1. Cold calling, we can still do this by acquiring names/telephone numbers/email addresses from business websites? I only ask because the legislation states that we should now expect users to explicitly opt in to marketing. With this being business to business only, is it OK? I thought at the end of a cold call or email, we could ask the question of "is it OK if I schedule a callback or a time to email you in X amount of time?" and on our system to have a checkbox to say they opted out. Would this be OK? 2. There should be a way for customers to opt out e.g. a link in an email, this is still acceptable? What if they are an existing customer? 3. The TPS, should we still use this for B2B? We haven't used it before but I'm sure I could integrate this into our systems. 4. Old records, whilst old data is not of much use to us, there still needs to be something for us to go back to with regards to sales/invoicing etc. Are we still OK to hold all basic contact info? 5. Opting out of future communications, am I correct in thinking if we're chasing a debt that this is OK even if they opted out because of a contract they entered into?