Second, is to understand that there is no such thing as implied consent anymore. No more buying email lists, no more capturing emails from free offers, e-books or reports, no more sending marketing emails to previous customers, no more default tick boxes etc. You must have consent.
Third, get a copy of the both the Australian and GDRP privacy laws and work tirelessly to comply.
You can read all about GDPR from watchdog ICO that has to enforce it.
You should also read the simple 12 step guide published by ICO.