I imagine that, like me, you are getting loads of emails from retailers that you had bought from ages and ages ago asking for permission to continue to send you emails.
The irony is some of these have not bothered you for some time but because of new legislation coming in on the 25th May, they are obliged -- or are taking the opportunity -- to ask anyone who is still on their database whether or not it is OK to contact you (but they already have!) and please could you confirm by ticking a box or clicking on a button??
I am really stuck. I don't actually collect and store any sensitive information from my customers. I don't store credit card details. Third-party providers take care of this. Then once a year, before Christmas, I turn to PayPal and Nochex (payment service providers) for email addresses. As such, these are actual customers who had made a purchase in the previous year. (I do not harvest data by pretending to send out a newsletter every few weeks.)
I then load these data onto another third-party newsletter provider (ReachMail), compare this list with the previous lists, remove those that have unsubscribed as well as those whose emails had bounced, and then send out my latest Christmas newsletter.
I do this once a year. This is my own rule. Now I have to break my own rule to send another email to customers still on the list when I have promised not to bother them during the year!
Sending an email now is a breach of trust where my customers are concerned. If I persist in only sending out a Christmas email (ie later this year), then I'm in breach of the law.
What do I do?
Afterthought: I believe the new legislation is to prevent spam mail under the guise that sensitive data, if you store any, may be hacked. But I am very sure that spam emails will continue and it is small businesses like mine that will have to bear the brunt of additional red tape.