Ironclad Journal icon IRONCLAD JOURNAL

What You Need to Know About Double Opt In, GDPR, and Email Marketing


Single vs double opt-in for email marketing has been a hot topic for a while, and the GDPR has made this conversation louder. Generally speaking, for list growth and user experience single opt-in is the way to go, but for deliverability and engagement, some data suggests double opt-in is best (though consistent list scrubbing could mitigate the issue). Regardless, this blog isn’t about the intricacies and preferences of email marketers around the world; it’s about compliance with the General Data Protection Regulation (GDPR).

GDPR requires businesses to clearly tell to users how their information will be used, inform users how to give consent for companies to use their data, and provide easy access to users to update how their information is being used. This isn’t a best practice, either. Businesses could incur fines up to €20 million or 4% of a businesses global annual revenue—whichever is greater. 

How does GDPR affect consent for email marketing?

GDPR: Double opt in doesn't prove consent for email marketing

Let us first define what it means to “gain consent.” In the marketing world, gaining consent means that you, the marketer, have permission to capture someone’s data and use it (i.e., email newsletters, nurturing campaigns, etc). 

Many marketers believe double opt-in gives them the consent needed to put a user in a drip campaign or on specific email lists. Here’s the harsh reality: It doesn’t. When a user fills out a form and is then sent an email with a confirmation link to complete their subscription, it does not provide the consent needed to be compliant with the GDPR.

While double opt-in does not provide consent, and neither does single opt-in on its own. Regardless of your preference for single or double opt-in, the major concern is that many email marketers believe they *must* use double opt-in to be GDPR compliant. Some marketers are building intricate double opt-in workflows as a way to track consent. This method is well intended, but misses the mark for compliance. The information a double opt-in provides is not enough to prove consent.

Use clickwrap agreements for GDPR consent tracking

You should be collecting and tracking consent the moment a person subscribes to your emails. The most familiar way to do this is with a click-through or clickwrap agreement. Clickwrap agreements are those agreements you accept by checking a box or clicking a button. You’ve probably already used them to accept Terms and Conditions while signing up for almost any service online.

There are some best practices in place for presenting click-through agreements (like never pre-ticking them), but tracking consent for GDPR compliance adds another layer (like tracking when somebody revokes consent). The latter is a key piece marketers need to make sure they implement to be GDPR compliant. Not only will marketers need to provide users the ability to manage how their data is used (i.e., subscribing only to what they want), but they must also provide users the ability to revoke consent.

Next steps: A long-term, scalable solution

Ironclad’s product thoughtfully addresses the unique requirements of the GDPR consent mandate. It serves as your hub for all consent-related activities, from integrating, publishing, and tracking privacy policies (including email marketing consent), to creating automatically triggered workflows when a subscriber revokes consent.

Ironclad’s software includes a hub for data subjects (the people you’re emailing): a centralized hub to track their consent preferences, including revoking consent. Want to learn more? Request a demo of Ironclad’s clickwrap solution.

Want more content like this? Sign up for our monthly newsletter.

Book your live demo