Iceland solely follows EU GDPR to cover and regulate all aspects of electronic marketing in Iceland.
All emails sent for marketing purposes should have a mention of the sender name, mailing address and a clear identification of the sender. The law requires you to have these as compulsory data to be mentioned in your marketing emails.
You can only send marketing emails to those who have provided explicit consent to receive marketing emails from you.
This can be either by having a double opt-in or by checking an explicit checkbox while subscribing with your privacy policy link mentioned there.
As Iceland follows GDPR, it requires that companies have a data security officer. The person is in charge of maintaining and enforcing data security standards.
The maximum fine available under the GDPR is up to 20 million EUR, or 4% annual global turnover – whichever is higher. The Data Protection Authority or Persónuvernd is the supervisory authority.