GDPR double opt in strategy

Email Marketing Regulations = A Good Time to Make You Use Double Opt-in Anyway

The debate for single vs. double opt-in is likely over with major revisions to the personal data consent laws coming to Europe in 2018 that have world-wide implications. Here’s what to know about how this should influence your choice in opt-in strategy.

By C&EN Media Group

Reading Time: 4 minutes

You’ve spent hours designing beautifully branded email templates and drafting the perfect email copy and subject lines. Your email recipient list is set up and you’re ready to hit ‘send.’

Not quite. One critical quality check remains: Is your email list compliant with international email marketing regulations, and to what extent do the new regulations line-up with best practices?

Before second guessing your email marketing proficiency, here’s what you should know about the new personal data laws put into effect by the European Union this past May, and how this should influence your choice for an opt-in strategy.

Email marketing is a permission-based endeavor

When performing an email marketing campaign, there are regulations that require you to get permission from the recipient in order to be able to send them business-related emails such as newsletters or advertisements. This is distinct from sending emails that are personal or regarding a product or service, such as order confirmations, shipping information, and tracking updates, which do not require permission. Then of course there’s straight up spam – unsolicited, bulk commercial emails that are sent without obtaining permission at all.

So, how do you get permission from a recipient to add them to your email marketing campaign list? You give them the option to receive your emails, known as opt-in email selection.

Single vs. Double Opt-In

There are two types of opt-in email strategies: single opt-in and double opt-in.

The difference between these opt-in subscription processes boils down to whether the recipient has the option to confirm their inclusion to a subscription retroactively or proactively –that is, after being added or before being added to the email marketing campaign. The different opt-in strategies can be defined as the following:

Single opt-in (SOI) is a subscription process where a new email address is added to your mailing list without requiring the owner of that email address to confirm definitively that they knowingly and willingly opted in. Even if a user checks a box [or leaves the pre-checked box as is] that yes, they would like to subscribe to a newsletter, but you don’t send them a confirmation asking them to verify that, then you are still in the single opt-in category.

Double opt-in (DOI), also known as confirmed opt-in (COI), is a subscription process where a new email address is only added to your mailing list after its owner clicks a confirmation link in a subscription activation or opt-in confirmation request email sent to them after they opt in via a form or checkbox.

Why should you use double opt-in?

The advantages of the single opt-in subscription process are obviously clear: quick quantities of subscribers for you and instant content for the subscriber. The general gist of a single opt-in defense is essentially that of instantaneous gratification rooted in confirmation redundancy – why should your subscriber have to reconfirm something they have already confirmed? Which is a fair question. (For current C&EN Marketing Elements subscribers, you’ll note this has been our logic! ☺)

But when double opt-in is enabled, you know your contacts are more qualified and likely to read and engage with your content, as they’ve re-confirmed their interest. To achieve long-term online marketing success, qualified and engaged subscribers are far more valuable than the quantity.

(On that note, expect to see our own double opt-in campaigns going forward! We’ve provided an example of this type of email at left.)

Why do you have to use double opt-in?

Regardless of your subscription process preference, the European Union’s General Data Protection Regulation (GDPR) is now enforceable, and is being touted as the most significant change in data privacy regulation in two decades. The GDPR states that explicit consent is required for processing sensitive personal data of EU citizens, and, in the context of opt-in preference, nothing short of double opt-in will suffice.

Now that *you’ve* decided on double opt-in, what’s next?

You likely will have to take different double opt-in approaches depending on whether the recipient is already a customer in your email marketing database.

mailchimp gdpr

Mailchimp’s GDPR back-end settings

The good news is that most marketing software have a setting for selecting double opt-in, so making the switch to prepare for consents from potential contacts could literally take seconds.

In addition to the GDPR’s updated regulations on explicit consent, it also states that “it must be as easy to withdraw consent as it is to give it.” In essence, you are required to provide a functional, timely unsubscribe or opt-out process. If someone is no longer interested in your message, let them leave without any complications or barriers.

More importantly, inactive recipients will botch your online marketing statistics because, by not reading your message, all of your rates (e.g. email open, click through, time spent on page, etc.) will plummet. To achieve long-term online marketing success, qualified and engaged subscribers are far more valuable than the quantity, and the same applies for those who want to unsubscribe. If you don’t make it easy for them, you’ve lost them already.

So, how prepared are you for GDPR as a whole?

Have you thought about your cookies policy and asking visitors to accept them when they’re on your site? Are you still sending excel files containing user email addresses over email? What about data breaches? The GDPR also has regulations for marketers beyond obtaining explicit consent for email. One of the biggest challenges that the GDPR presents to organizations is its data breach notification requirements: you must report data breaches to your respective supervisory authority within 72 hours of discovery and provide them with as much detail as possible. Here, marketers aren’t concerned so much with the reporting, but the time in which they’re required to provide all the details. Complicated breaches can take awhile to figure out.

In Short….

While it may not always sound entirely clear how GDPR will be enforced, – GDPR has very different legal implications for B2C and B2B marketing, as well – there is definitely consensus that all marketers need to be prepared.

Sweeping email marketing regulatory changes to data privacy requiring explicit consent are coming to the EU that have world-wide repercussions. That’s a fact. And the US is discussing similar rules already. Email marketers are recommended to employ double opt-in processes when obtaining consent explicitly and unambiguously. If you haven’t already, consider talking to your lawyers or finding legal counsel as quickly as possible to ensure your preparedness for the GDPR when it takes effect.

Keywords: , , , ,