Iubenda logo
Start generating

Documentation

Table of Contents

Does GDPR require double opt-in?

One of the most common questions related to GDPR and email marketing is whether you need to switch all your opt-in forms to double opt-in.

What is double opt-in?

While single opt-in only requires that users submit their information in order to be added to your list, double opt-in requires that users first validate their email address before being added to your mailing list. The validation is carried out when users click on a specific link contained in a “confirmation” message sent to their email address.

In short, double opt-in allows you to make sure that the person who received your email actually wants to be on your list. See more details here.

double opt in email

Is double opt-in required by the GDPR?

No, there’s no requirement under GDPR to have a double opt-in process. Yet, it’s considered best practice in many countries, especially Germany and in the EU in general. With this method, you can ensure the email address receiving your communication actually belongs to the person giving the consent and hereby further ensure that you avoid high unsubscribe rates, retain the integrity of your list and the reputation of your address.

While there are benefits in using double opt-in, it’s not enough to be GDPR compliant. In fact, double opt-in on its own doesn’t guarantee GDPR compliance because it’s not enough to prove consent.

To collect consent upon subscription, you have to add checkbox fields with consent clauses and a link to your privacy policy to your forms. As we said, it’s definitely a good idea to enable the extra confirmation step to improve deliverability, but you cannot rely solely on double opt-in to be compliant with the GDPR.

🇪🇺
More on GDPR

This article is a part of our series on GDPR and GDPR compliance. Read also:

👉 How to create GDPR compliant forms

How iubenda can help you collect GDPR consent for your forms

GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. It means that you must be able to provide proof of when and how you got consent and what they were told at the time.

Our Consent Solution simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users.

Collect GDPR consent for your forms

Explore our Consent Solution

About us

iubenda

Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

www.iubenda.com

See also