Do You Legally Need Double Opt-In For Email Marketing?

This blog post was first published on 21 September 2019

You've perfected a brilliant download which you know your community are going to love and now it's time to get it to them. The question I'm getting asked a lot at the moment is, "Do I need a double opt-in to sign people up to my email list?"

What is double opt-in?

Double opt-in is the process of requiring your perspective clients to confirm their email address once they have already entered it. Someone in your community will enter their email address on your site to get a download or join your mailing list and then your email marketing software will send an email to them asking them to confirm that they wanted to sign up. This helps to protect users should someone sell or share your data.

Is double opt-in required by GDPR?

The introduction of the General Data Protection Regulation (GDPR) in the UK on 1 May 2018 saw protection of personal data increase. The GDPR set out six bases for processing personal data the first requirement being consent. Consent is the primary legal basis for email marketing. The GDPR defines consent as where “the individual has given clear consent for you to process their personal data for a specific purpose.”

In practice this means that you need a positive opt-in. You cannot require customers to opt-out, use pre-populated tick boxes to obtain consent or simply be silent.

The regulations are unclear on the meaning of “specific purpose” but my interpretation is that you should not automatically add anyone onto your general mailing list unless you have their specific consent. This is because, a person requesting to download your opt-in is not necessarily agreeing for you to market to them. If you would like to add them to a marketing list tell them, it can actually help your business.

Why could using a double opt-in could be good for business?

Although not strictly required by the GDPR, having a double opt-in can be good for business and it's something which I operate in my own email marketing. The reason behind this is that there tend to be two types of business owners; those who research and take action and those who will download freebies and procrastinate.

Taking steps to legally protect your business is not something everyone is interested in. Some people are passionate about their business, they want to protect it and they want to set clear working relationships with their clients. Those types of people look forward to my monthly newsletters with short bite-size legal information. Others simply aren’t interested and that’s okay. Not everyone will be interested in your offerings either and you don’t want to be sending emails to people who don’t want to hear from you. That’s why I use double opt-in, so that those who want to hear from me can.

I would love to know your thoughts on this - you can message me on Instagram here. 

Lucy x

P.S. It is mandatory in the UK to protect the data of your clients. For this reason privacy policies can seem daunting and overwhelming but they don’t need to be. Get your privacy policy today, download the template document and within 30 minutes you can legally protect you and your clients.