We use a CRM app to manage all our quotes and production. If a customer e-mail's us asking for a quote, we simply enter their name, company, e-mail, phone number, address, into this and generate the quote. This is retained, and every year we erase the records for those that never placed an order. Customers who placed an order we retain on the system, along with a record of their job, costing, specifications etc. Some never return, others we deal with weekly, other can be every few years. Reading GDPR, we need to obtain consent from the customer, and record how consent was obtained. Consent cannot be deemed or a default option either. I get why these regulations are being implemented... I'm now thinking how are we going to obtain consent before entering them into our system? I can see many competitors who don't use CRM won't bother, and the customer's not going to want to fill in form just to get a quote. Or have I over complicated things?