Before you start sending promotional emails, you have to make sure you received consent to do so. If we are talking about consent, the big trending question pops up: do you go for single opt-in or double-opt in? Spoiler alert: go for double-opt in.
What is the difference between single opt-in and double opt-in?
Let’s start with the differences between these two methods. Single opt-in is a one step process to subscribe to your email list. A person only needs to enter their email address and click sign up to subscribe to your list. Confirmation of the email address is not required and the person becomes a subscriber immediately. Single opt-in helps grow your email list within a simple process.
Double opt-in is a two step process to subscribe to your email list. A person needs to enter their email address, click sign up and after that, the email address needs to be validated. For this, a verification link needs to be clicked to confirm the email address. Double opt-in makes sure the person who received your email actually wants to be on your email list.
What does the GDPR say about single opt-in or double opt-in?
It is considered best practice to use double opt-in and with that, I totally agree. But hear me out. The GDPR actually says nothing about double opt-in. Double opt-in is not even a requirement under the GDPR. At least, not explicitly.Words such as single-opt in or double-opt in do not show up in the whole regulation. Consent is one of the six lawful bases to process personal data as listed in Article 6 of the GDPR. When we are talking about email marketing or data collection and email lists, it all comes down to consent and double opt-in is a good way to make sure consent is valid. The GDPR is all about consent and record keeping of consent.
Email marketing? The burden of proof is on you.
So, double opt-in gives you the consent to put someone on your email list? Well, sure, but it’s not that simple. Double opt-in is a good start to ensure compliance under the GDPR. But here’s the thing, you also need to be able to prove the consent. The GDPR clearly outlines the explicit obligation to demonstrate a consent. You want to send marketing emails out to your list? The burden of proof is on you. You have to be able to demonstrate that the person you mailed actually consented to the processing of his or her personal data, according to article 7(1) of the GDPR. It is up to you to prove that valid consent was obtained. The GDPR does not prescribe exactly how this must be done. Single opt-in or double opt-in? Proving valid consent with double opt-in is definitely way easier than with single opt-in.
You need to keep a record of consent statements received and show how the consent was obtained, when consent was obtained and the information provided at the time. You even need to demonstrate documentation of the consent workflow at the time of the session and a copy of the information that was presented for obtaining the consent. The major concern is not just choosing in between single opt-in or double opt-in but demonstrating a valid consent. Double opt-in is for sure a step forward to prove the consent and to be GDPR compliance.
Keep in mind your email marketing software will keep track of your double opt-in data, like IP addresses and time of consent. Just make sure you keep that data safe and don’t download it to your personal computer for no reason.