What are the key requirements of GDPR for email marketing?

Explicit opt-in consent is required for marketing emails. No pre-checked boxes, no bundled consent with other services, no implied permission from purchases alone (outside soft opt-in exceptions). The subscriber must take an affirmative action specifically to receive marketing communications, and you must record proof of that action.

Transparency and granular control are required. At signup, clearly explain what subscribers will receive, how often, and from whom. Offer granular preferences when practical (\"weekly newsletter\" vs. \"promotional offers\" vs. \"product updates\"). In every email, provide easy unsubscribe that works immediately-no \"processing your request\" delays, no login requirements.

Subscribers have individual rights you must honor: access their data on request, correct inaccuracies, delete their records entirely (\"right to be forgotten\"), and receive their data in portable format. You must also maintain records proving consent was validly obtained. GDPR compliance for email isn't one checkbox-it's a framework of consent, transparency, individual rights, and documentation that runs through your entire email operation.