I have a large email marketing database that has been built over a number of years. The contacts have generally been added to the list via a soft opt-in method (e.g. a pre-ticked box). Over the past couple of years I have thinned this down by annually emailing out asking if people wish to stay on the list. Again, this has been a soft opt-in, in that it has asked that if someone wishes to be removed, they come back to me, else they stay on the list. All emails have an unsubscribe link. Under GDPR, I am changing this tick box to be not pre-filled, but do I need to email everyone and ask them to hard opt-in? I cannot prove where and when these people gave consent exactly, which makes me think I do, but if that is the case, am I personally likely to be receiving a billion and one emails from every website I've ever soft opted in to, asking me to stay? I can't imagine that is going to happen, so am unsure of exactly where I stand.