My lists are single opt-in. Is double opt-in required to be GDPR-compliant?
There are benefits to double opt-in but it’s not enough to be compliant with the GDPR. Double or single opt-in on their own don’t guarantee GDPR compliance because they’re not enough to prove consent. They also won’t help you track, consent from your contacts. The GDPR requires you to:
- clearly state to your EU-based contacts how you’ll use their information,
- collect consent to use their data,
- give them easy access to withdraw their consent.
Do I need to reconfirm contacts added to a single opt-in list?
Having single opt-in lists doesn’t automatically mean that you have to send a reconfirmation email to contacts in these lists. If your list is single opt-in but you can prove consent, you don’t need to run a reconfirmation campaign.
You should send a reconfirmation email if you:
- can’t prove that your contacts have given you clear consent to process their personal data,
- use their contact information in a way other than the one they agreed to.
For example, they agreed to receive educational content but you’ve been sending them marketing emails.