One of the most common questions related to GDPR and email marketing is whether you need to switch all your opt-in forms to double opt in.
While single opt-in only requires that users submit their information in order to be added to your list, double opt-in requires that users first validate their email address before being added to your mailing list. The validation is carried out when users click on a specific link contained in a “confirmation” message sent to their email address.
In short, double opt-in allows you to make sure that the person who received your email actually wants to be on your list. See more details here.
Yes, double opt-in is generally considered a good idea as it helps ensure that people who sign up for a service or mailing list have intentionally and knowingly given their consent, reducing the likelihood of spam complaints and improving the overall quality of the email list.
No, there’s no requirement under GDPR to have a double opt-in process. Yet, it’s considered best practice in many countries, especially Germany and in the EU in general. With this method, you can ensure the email address receiving your communication actually belongs to the person giving the consent and hereby further ensure that you avoid high unsubscribe rates, retain the integrity of your list and the reputation of your address.
While there are benefits in using double opt-in, it’s not enough to be GDPR compliant. In fact, double opt-in on its own doesn’t guarantee GDPR compliance because it’s not enough to prove consent.
This article is a part of our series on GDPR and GDPR compliance. Read also:
GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. It means that you must be able to provide proof of when and how you got consent and what they were told at the time.
Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.