By now, marketers should know that the General Data Protection Regulation (GDPR) went into effect on May 25, 2018. A common belief is that double opt-in methods for email marketing solves the regulation’s requirement for gaining consent to collect and/or process a person's (or, data subject’s) data—but it doesn’t. Why? Let’s break it down.
The GDPR requires that you obtain affirmative consent from a data subject to use their personal data. Many marketers are primarily concerned with how this will affect their email lists. What they're not usually thinking about? Privacy policies. While double opt-in is a best practice for building healthy and engaged email lists it doesn’t show you:
A record showing if a user actually accepted that policy;
Or, if a user receives and accepts an updated policy.
These three aspects of a person's consent for using their data are crucial for GDPR compliance. The takeaway here isn't that you shouldn't be using double opt-in (it's an email marketing best practice!), but that you shouldn't rely on it for GDPR consent management compliance. In fact, double opt-in can work alongside a GDPR consent management tool.
Take a look at this simple graphic that outlines how consent management workflow (like the solution we provide) works with double opt-in methods to give marketers a healthy, GDPR-compliant marketing list.
GDPR for Marketers: Here’s everything you need to know
Want more GDPR tips for your marketing methods? Check out the articles below: