The Iceland government solely follows EU GDPR to cover and regulate all aspects of electronic marketing in Iceland.
All emails sent for marketing purposes should have a mention of the sender name, mailing address and a clear identification of the sender. The law requires you to have these as compulsory data to be mentioned in your marketing emails.
You can only send marketing emails to those who have provided explicit consent to receive marketing emails from you.
This can be either by having a double opt-in or by checking an explicit checkbox while subscribing with your privacy policy link mentioned there.
As Iceland follows GDPR, it requires that companies have a data security officer. The person is in charge of maintaining and enforcing data security standards.
The maximum fine available under the GDPR is up to €20 million, or 4% annual global turnover – whichever is higher. The "Data Protection Authority or Persónuvernd" will be the supervisory authority here.