Single vs double opt-in for email marketing has been a hot topic for a while. Generally speaking, for list growth and user experience single opt-in is the way to go, but for deliverability and engagement, some data suggests double opt-in is best (It could also be argued that consistent list scrubbing could mitigate the issue.) Regardless, this blog isn’t about the intricacies and preferences of email marketers around the world—it’s about compliance with the General Data Protection Regulation (GDPR).
If you’re not aware, the GDPR is a new regulation that take will effect this May and require businesses to clearly state to users how their information will be used, gain consent to use their data, as well as provide easy access to users to update how their information is being used. This isn’t a best practice, either. Businesses could incur fines up to €20 million or 4% of a businesses global annual revenue—whichever is greater.
Let’s dive into how this new regulation will affect consent for email marketing tactics.
Double Opt-In Doesn’t Prove Consent for Email Marketing
Let us first define what it means to “gain consent”. In the marketing world, this means that you, the marketer, have permission to capture someone’s data and use it (i.e., email newsletters, nurturing campaigns, etc.) Many marketers believe double opt-in gives them the consent needed to put a user in a drip campaign or on specific email lists. Here’s the harsh reality: It doesn’t. When a user fills out a form and is then sent an email with a confirmation link to complete their subscription, it does not provide the consent needed to be compliant with the GDPR.
While double opt-in does not provide consent neither does single opt-in on its own. Regardless of your preference for single or double opt-in, the major concern is that many email marketers believe they *must* use double opt-in to be GDPR compliant. Some marketers are building intricate double opt-in workflows as a way to track consent. This method is well intended, but misses the mark for compliance. The information a double opt-in provides is not enough to prove consent.
So Here’s How You Must Track Consent to be GDPR Complaint: Click-Through Agreement Tracking
There are some best practices in place for presenting click-through agreements (like never pre-ticking them), but tracking consent for GDPR compliance adds another layer (like tracking when somebody revokes consent). The latter is a key piece marketers need to make sure they implement to be GDPR compliant. Not only will marketers need to provide users the ability to manage how their data is used (i.e., subscribing only to what they want), but they must also provide users the ability to revoke consent.
The Long-Term, Scalable Solution: Consent Management Workflows
PactSafe’s recently launched a Consent Management product that thoughtfully addresses the unique requirements of the GDPR consent mandate. It serves as your hub for all consent-related activities, from integrating (most marketers send their data to multiple systems, i.e. a CRM tool), publishing and tracking privacy policies (including email marketing consent) to creating automatically triggered workflows when a subscriber revokes consent.
For example, Twitter provides users a place for subscribers to manage their email preferences, but lacks the ability to explicitly revoke consent entirely, which will be required under the GDPR.
Part of PactSafe Consent Management includes a hub for data subjects (the people you're emailing) a centralized hub to track their consent preferences—including revoking consent.
Learn more about how PactSafe Consent Management can help your email marketing efforts become GDPR compliant at our upcoming webinar: How Will the GDPR Affect Marketing.