General Data Protection Regulations
The GDPR legislation came into force in May 2018. Many companies are still not compliant and this could have significant repercussions for any business that does not make it abundantly clear what information it is collecting and what it will be used for.
You must also make sure you allow customers to opt-in so that they know what they are subscribing to – this cannot change without their knowledge. The Information Commissioners Office has full guidelines about the new act.