My lists are single opt-in. Is double opt-in required to be GDPR-compliant?

There are benefits to double opt-in but it’s not enough to be compliant with the GDPR. Double or single opt-in on their own don’t guarantee GDPR compliance because they’re not enough to prove consent. They also won’t help you track, consent from your contacts. The GDPR requires you to:

  • clearly state to your EU-based contacts how you’ll use their information,
  • collect consent to use their data,
  • give them easy access to withdraw their consent.

To collect and track consent upon subscription, add checkbox fields with consent clauses and a link to your privacy policy to your signup forms or landing pages. Of course, you can enable the extra confirmation step to improve deliverability and click-through rates. But, don’t rely solely on double opt-in to be compliant with the GDPR.

This content is provided for educational purposes only. GDPR is fact-specific and the way it applies to your organization may differ from what’s discussed in this article. Please do not treat it as a substitute of a professional legal opinion. Always consult your lawyer or other professionals responsible for data protection within your organization. GetResponse can’t be held liable for any indirect, special, incidental, or consequential damages arising out of any use of or reliance on any content or materials included here.

Do I need to reconfirm contacts added to a single opt-in list?

Having single opt-in lists doesn’t automatically mean that you have to send a reconfirmation email to contacts in these lists. If your list is single opt-in but you can prove consent, you don’t need to run a reconfirmation campaign.

You should send a reconfirmation email if you:

  • can’t prove that your contacts have given you clear consent to process their personal data,
  • use their contact information in a way other than the one they agreed to.
    For example, they agreed to receive educational content but you’ve been sending them marketing emails.