Iubenda logo
Start generating


Table of Contents

Does GDPR require double opt in?

One of the most common questions related to GDPR and email marketing is whether you need to switch all your opt-in forms to double opt in.

double opt in

What is double opt-in?

While single opt-in only requires that users submit their information in order to be added to your list, double opt-in requires that users first validate their email address before being added to your mailing list. The validation is carried out when users click on a specific link contained in a “confirmation” message sent to their email address.

In short, double opt-in allows you to make sure that the person who received your email actually wants to be on your list. See more details here.

Is double opt-in a good idea?

Yes, double opt-in is generally considered a good idea as it helps ensure that people who sign up for a service or mailing list have intentionally and knowingly given their consent, reducing the likelihood of spam complaints and improving the overall quality of the email list.

Is double opt-in required by the GDPR?

No, there’s no requirement under GDPR to have a double opt-in process. Yet, it’s considered best practice in many countries, especially Germany and in the EU in general. With this method, you can ensure the email address receiving your communication actually belongs to the person giving the consent and hereby further ensure that you avoid high unsubscribe rates, retain the integrity of your list and the reputation of your address.

While there are benefits in using double opt-in, it’s not enough to be GDPR compliant. In fact, double opt-in on its own doesn’t guarantee GDPR compliance because it’s not enough to prove consent.

To collect consent upon subscription, you have to add checkbox fields with consent clauses and a link to your privacy policy to your forms. As we said, it’s definitely a good idea to enable the extra confirmation step to improve deliverability, but you cannot rely solely on double opt-in to be compliant with the GDPR.

More on GDPR

This article is a part of our series on GDPR and GDPR compliance. Read also:

👉 How to create GDPR compliant forms

GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. It means that you must be able to provide proof of when and how you got consent and what they were told at the time.

Our Consent Database simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users.

Collect GDPR consent for your forms

Explore our Consent Database

About us


Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.


See also