The GDPR has more stringent requirements for businesses targeting EU citizens:
Obtain explicit consent before sending marketing emails. Provide clear privacy notices detailing how personal data will be used. Allow recipients to access, correct, or delete their data upon request. Appoint a Data Protection Officer (DPO) if you process large volumes of personal data.