Data Privacy (GDPR, CCPA)

If you collect any personal data — emails, phone numbers, names — you must comply with data privacy laws.

Applies if you target EU residents, regardless of where you're based.

Key Requirements:

Consent — Clear opt-in before collecting data (no pre-checked boxes)

Purpose limitation — Only use data for the stated purpose

Right to access — Users can request their data

Right to erasure — Users can request data deletion

Data breach notification — Report breaches within 72 hours

Privacy policy — Must be clear, accessible, and up-to-date

For IBs, this means:

Your email signup form needs explicit consent checkbox

You can't share leads with brokers without consent

You need a privacy policy on your website

Every email must have an unsubscribe option

Key Requirements:

Tell users what data you collect and why

Users can opt out of data selling

Users can request data deletion

"Do Not Sell My Personal Information" link required

Cookie consent banner (for EU traffic)

Explicit opt-in for email marketing

Unsubscribe link in every email

Don't buy or sell email lists

Store data securely (encrypted, access-controlled)

Delete data when users request it

Document what data you collect and why

Only email people who explicitly opted in

Include your business name and address in emails

Provide clear unsubscribe mechanism

Honor unsubscribe requests within 10 business days

Don't use deceptive subject lines