One of the most common questions related to GDPR and email marketing is whether you need to switch all your opt-in forms to double opt-in.
While single opt-in only requires that users submit their information in order to be added to your list, double opt-in requires that users first validate their email address before being added to your mailing list. The validation is carried out when users click on a specific link contained in a “confirmation” message sent to their email address.
In short, double opt-in allows you to make sure that the person who received your email actually wants to be on your list. See more details here.
No, there’s no requirement under GDPR to have a double opt-in process. Yet, it’s considered best practice in many countries, especially Germany and in the EU in general. With this method, you can ensure the email address receiving your communication actually belongs to the person giving the consent and hereby further ensure that you avoid high unsubscribe rates, retain the integrity of your list and the reputation of your address.
While there are benefits in using double opt-in, it’s not enough to be GDPR compliant. In fact, double opt-in on its own doesn’t guarantee GDPR compliance because it’s not enough to prove consent.
To collect consent upon subscription, you have to add checkbox fields with consent clauses and a link to your privacy policy to your forms. As we said, it’s definitely a good idea to enable the extra confirmation step to improve deliverability, but you cannot rely solely on double opt-in to be compliant with the GDPR.
This article is a part of our series on GDPR and GDPR compliance. Read also:
GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. It means that you must be able to provide proof of when and how you got consent and what they were told at the time.
Our Consent Database simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users.
Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.
