There are two types of procedure that can be used when signing up a new subscriber to receive your email marketing messages - single or double opt-in.
Single opt-in for email marketing
Single opt-in is when a person provides their email address and simply indicates that they would like to receive future emails from your business e.g. when a customer signs up to your email communications.
Double opt-in for email marketing
Double opt-in involves following-up the previous step by also sending the subscriber an email with a confirmation link they must click on to complete their sign up to your email marketing list.
Double opt-in is not a legal requirement, but is often considered best practice - as it eliminates the risk of someone having their email address registered by a third party. Also, instructing a subscriber that they need to respond to your confirmation email should prompt them to retrieve your email - which may have been redirected to a 'junk' folder by their spam filter.
Pre-ticked opt-in boxes are banned under the GDPR. You also cannot rely on silence, inactivity, default settings, or your general terms and conditions, or seek to take advantage of inertia, inattention or default bias in any other way. The best practice is to provide an unticked opt-in box, and invite the person to confirm their agreement by ticking. This is the safest way of demonstrating consent, as it requires an affirmative action and positive choice by the individual to give clear and explicit consent.
Soft opt-in for email marketing
Soft opt-in can apply in certain circumstances as an exception to the consent rule for direct marketing. This applies where:
- you have obtained an individual's email address and details during a previous sale or during negotiations for a previous sale of a product or service to them
- your messages are only marketing your similar products or services
- you have given the individual opportunities to refuse marketing messages when their details are collected and with every future message, and they do not opt out
Unsubscribe or opt-out option
The opt-out or unsubscribe option should allow the individual to take a positive step to refuse or unsubscribe from your marketing by replying directly and easily to your message in order to stop any future marketing. If you use text messages, you could allow an individual to opt out by sending a stop message to a short code number - eg text 'STOP' to 12345. If you use email, include an 'unsubscribe' link in your message.
By law, you must allow individuals to opt out or unsubscribe to receiving email marketing messages from you at any time they wish and in the same manner in which they provided you with their consent. You must comply with any opt-out or unsubscribe requests as quickly as possible.
Organisations must not disguise or conceal their identity in any marketing texts or emails, and must provide a valid contact address for individuals to opt out or unsubscribe (which would mean consent was withdrawn). It is good practice to allow individuals to reply directly to the message and opt out that way, to provide a clear and operational unsubscribe link in emails or at least to provide a freephone number.
[Source: ICO Privacy & Electronic Communications Regulations on Direct Marketing P34, point 130]