Hi. Over the years, I've created a database of prospective customers. I will approach these people irregularly, either by phone or email, with news of new products and/or services in the hope that they will put business my way. The data I hold is secure and is limited to contact details plus any notes I've made myself e.g."Called Joe Bloggs on 20th Jan but he wasn't in". I don't hold any personal data on the contact names. Does GDPR come into effect here at all? Do i need to get consent from these people that i can hold their info and send them info/ call them in the future? My obvious concern is that by approaching them, i'm giving them the opportunity to make me delete their details and impact future business.