What is a double-opt-in process?

The double-opt-in procedure is mainly used in email marketing or online stores. Here, your user has actively consented to the processing of his data, for example via a checkbox. However, this is only an opt-in. In the case of a double opt-in, the user then receives an e-mail in which he or she once again agrees to the processing of his or her personal data via a link. This process is intended to protect the user from spam. It also helps you to send e-mails with commercial content in a legally compliant manner.

Since the introduction of the GDPR in 2018, it is no longer allowed to send unsolicited advertising content to users without active consent.

When is an opt-in necessary?

For you, an opt-in procedure becomes necessary as soon as you collect personal data on your website. This can happen, for example, in the form of cookies, contact forms or an online store. The user must be able to actively consent to the processing of his data. This has its origins in consumer protection, the General Data Protection Regulation and the Unfair Competition Act. However, the GDPR also stipulates that you may contact your customer if, for example, queries have arisen about an order, without the clarification of which the purchase contract could not be fulfilled.

How does the double-opt-in differ from the single opt-in process?

Double opt-in uses a two-step process, whereas single opt-in is only the one-step process. The first step is the same for both procedures. The user actively consents to the processing of personal data. On most websites, this is represented by the ticking of checkboxes.
With double opt-in, however, the user then receives another e-mail. In this e-mail, the user must become active again and click on a link. Only when this has happened have they confirmed their data and consented to its processing.

When do you have to use a double opt-in?

The answer here is very clear and simple – there is no obligation to do so according to the GDPR. In Germany, the double opt-in is not mandatory by law. However, users have become accustomed to verifying their data in a separate mail. This is a common procedure, especially for online stores. This prevents the misuse of data and spam. With a double opt-in, you as the operator of the website are on the legally safe side. Through this procedure you can clearly prove the registration in case of dispute.

The double opt-in procedure seems more complex at first, but it not only protects your users, but also you legally. In addition, you create trust for you and your company.

In case of dispute, it is up to the sender of the e-mail to prove the recipient’s consent. With a double-opt-in, this is not too much of an effort for you. If you use a provider, such as Mailchimp, for your newsletter marketing, the provider will record the following in the backend:

This data can be used to prove the active consent of the user.
If you do not use a provider service, it is recommended to document the data independently in a similar structure. It is also advantageous if this is done under the dual control principle, because a CSV file or an Excel spreadsheet can easily be modified and would therefore have little credibility in court. Ideally, your company has a certified data protection officer who is entrusted with this task and records the data after receiving the double opt-in confirmation.


Just contact us

  +49 9381 5829000