GDPR and ePrivacy regulation double opt-in: Yay or nay?

GDPR and ePrivacy regulation double opt-in: Yay or nay?

There’s loads to get your head around with GDPR and ePrivacy Regulation. Most of it, like consent and the use of pre-ticked boxes, is pretty clear-cut. Some of it, however, gets – as Joe Rogan would put it – “a little squirly”

One area that people are playing around with is double opt-in. Specifically, is a GDPR or ePrivacy Regulation double opt-in process a good idea?

Never one to shy away from putting our two penneth in, we’re going to exercise our right to free speech and get stuck in. Considering it’s a dry subject to say the least, I’m also going to sporadically interject headings in the style of a character from 90s sitcom Common as Muck.

Common as muck


What’s double opt -in when it’s at ‘ome?

Our Chi-town mates, Marketing Automation system provider ActiveCampaign define double opt in as follows:
“A double opt-in means that after a contact submits a form, they are sent an email asking them to confirm their subscription to your list.”
Nice and simple then.


Worra ‘bout when I’m on the blower?

Good point. There’s not loads on the interweb about this currently, but you could easily apply this process to telemarketing too. If a contact agrees on a phone call to be subscribed to a marketing list, you can then send an email asking them to confirm.



Yes. That works too.


Making a case for ‘yay’

Managing shedloads of different channels

If you’re using different channels to go out and get consent from your database, without double opt-in things can get messy.
With GDPR and ePrivacy Regulation, it’s not enough to just get the consent, you need to keep a record of that consent. It needs to have a time and date stamp applied to it.

That means when using phone as a channel, you would need some sort of fancy pants call recording software linked to a CRM system, which in itself would probably be a GDPR consent task. It’s likely to be expensive too, which always sucks.

Likewise with post, if that consent was received in paper format, there would need to be Jurassic-era style filing of paper copies or sledgehammer to crack a nut managed document solution (what dodgy 80s photocopier sales people now do with their time).

Double opt-in is great for the multi-channel approach because it gives that time and date stamp, in a digital format, regardless of where the actual initial consent was given. It means you only have to maintain one process going forward. Simplifying things is always awesome.


Get rid’a crap

Whenever there’s someone manually doing anything, there’s always the chance of a mistake. Whether it’s a missed key, or a misunderstanding, if you’re chatting to someone on a phone for example then it’s easy to see how an email address can end up being put in the system incorrectly.

Perhaps rarer, but arguably more serious, is where an individual is signed up to something without their knowledge where the intent is to cause distress.

Without double opt-in consent, this can mean that marketing information is sent to people who never consented to receiving it. This is obviously bad when it comes to GDPR and ePrivacy Regulation compliance. When you have that additional comfort blanket, that additional step, you really have a bulletproof approach. You can sleep at night knowing that everyone opted in to receive more information wants to be there, and nothing has slipped through the cracks.


The case for ‘nay’

Getting folk to do stuff

As inbound marketers, we spend the vast majority of our time thinking about conversion. How to get it, how to measure it, and how to improve it. There are

lots of things that can affect conversion. Sometimes that is a positive affect, and sometimes it’s negative. Conversion most of the time is a micro consideration. It varies massively depending on the business, the industry and the goal. It’s pretty hard to make generalisations without testing individual variables.

There is one generalisation I feel comfortable making. When you ask someone to change channels during a conversion process, it will negatively affect conversion in some way. It could be a tiny little effect that you wouldn’t notice unless you’re geeking out on stats in a slightly obsessive way, or it could be a ‘oh shit I’m in front of the board on Monday morning’ big way.

It could be that by introducing a double opt-in consent process that you find it difficult to get consent, which defeats the whole purpose. Obviously if you’re trying to run a consent campaign, the goal is to opt-in as many as possible, in a compliant way. As we covered off earlier in the article, there is no specific legal requirement to run a double opt-in process.


Make yer mind up

We’ve presented the case for and against. With your data controller hat on, you need to assess the risk of adding contacts in error, or by malicious means. You need to evaluate how much it would cost to implement single opt-in across difficult channels, like telephone.

You don’t need to suffer alone. We can help. From helping to identify a consent process that goes across your different channels, through to running a GDPR and ePrivacy Regulation double opt-in campaign as an end-to-end service, we are always at the end of the phone.

Contact us now and take the first steps towards an opted in database.