[SakethRasakatla]

Cold emails to EU region recipients aren’t allowed unless they give you consent to receive your email (you as a company or marketer can do this by mentioning or using check-boxes in the web form’s popup template)

Email list needs to be updated - Only consented customer data needs to be stored, and erase the other unless you want a fine of 20 million euros or so. (remove data of those who have unsubscribed to your service immediately). Data erasure - Remove data of those who have unsubscribed to your service. Check for the Unsubscribe button everywhere - It’s mandatory that each and every mail of yours needs to contain an unsubscribe button with updated privacy policy given below. Update the privacy policy & terms of service - these need to contain what and how you are going to use the user’s data. For more info, read from the links given below in this answer. Double opt-in- for both entry and exit needs to be mentioned. Permission for profiling - Sales people can get prospective customer’s data through gated content(whitepapers, e-books) etc and they shouldn’t get this data from any other source like email hunters etc. (without their consent you can’t even breathe!) Employee data handling - You need to mention how and where is the data used and stored and for which purpose too. If you are using the data for multiple purposes, then you need to mention each purpose every time. Referral Program - You can’t process the referral email ids/data gained through offers/discounts etc. Yes, even they have to be GDPR compliant. Data usage policy - already mentioned in this answer(this is just to remind its importance in this context) Right to forget - option to be provided if the user wants you to erase(forget) their data from your databases. Usage of cookies - to track email opens etc you need to mention you are using cookies to the user. Some notes you would want to keep for GDPR compliance:

GDPR: Key Points and Steps to Prepare (https://www.agilecrm.com/blog/gdpr-key-points-steps-prepare/) https://www.superoffice.com/blog/gdpr-marketing/ (https://www.superoffice.com/blog/gdpr-marketing/) Salesforce PDF on GDPR(fiction vs fact) (https://www.salesforce.com/content/dam/web/en_us/www/documen...) GDPR Regulation (https://www.eugdpr.org/the-regulation.html)