One of the most common questions related to GDPR and email marketing is whether you need to switch all your opt-in forms to double opt-in.
While single opt-in only requires that users submit their information in order to be added to your list, double opt-in requires that users first validate their email address before being added to your mailing list. The validation is carried out when users click on a specific link contained in a “confirmation” message sent to their email address.
In short, double opt-in allows you to make sure that the person who received your email actually wants to be on your list.
No, there’s no requirement under GDPR to have a double opt-in process. Yet, it’s considered best practice in many countries, especially Germany and in the EU in general. With this method, you can ensure the email address receiving your communication actually belongs to the person giving the consent and hereby further ensure that you avoid high unsubscribe rates, retain the integrity of your list and the reputation of your address.
While there are benefits in using double opt-in, it’s not enough to be GDPR compliant. In fact, double opt-in on its own doesn’t guarantee GDPR compliance because it’s not enough to prove consent.
GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. It means that you must be able to provide proof of when and how you got consent and what they were told at the time.
Our Consent Solution simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users.
Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.