Marta from MailerLite

Marta10 min read Tips & Resources June 28, 2018

How to create effective opt-in forms that still work under GDPR

How to create effective opt-in forms that still work under GDPR

GDPR has given us many new requirements to consider with email marketing, but the biggest source of confusion and the most questions have revolved around one area — opt-in forms.

We want to clear up the confusion of opt-in forms under GDPR by showing you real-world examples and analyze what works and what doesn’t. 

We'll show you opt-in form examples for:

  • Getting consent for one thing
  • How to use lead magnets
  • When to use checkboxes
  • How to comply with age verification
  • When too much explanation is confusing

Let’s get started!


What does GDPR state about consent?

Before we get into all the fun opt-in form examples, we want to start with the actual legal language from GDPR regarding consent. Creating effective opt-in forms under GDPR starts with understanding what it actually says.

Article 4(11) states,

“Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

Recital 32 further specifies:

“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data.”

Wow! That is a lot to take in. As you can see, the GDPR sets a high standard for consent. 

Now let’s go over some opt-in form examples to help you figure out how to implement these requirements.

For more background on GDPR and opt-in forms, read our recent article
New MailerLite GDPR Feature: Opt-in Forms

How to ask for consent to one thing

If you only need consent for one item, such as to receive newsletters, the opt-in form can be super easy and straightforward. The easier your form is to fill in, the more subscribers you will get.

Discovery Magazine GDPR Consent Example

asking for consent to receive newsletters - MailerLite

This is a good example to follow. There’s no need to add a checkbox because consent is needed for one purpose — to receive weekly news. There’s also a link to the Privacy Policy which is a good practice.

That said, pay attention to the statement underneath the submit button. It says that after signing up, a subscriber will receive occasional surveys and special offers. This is not clear to the subscriber.

In order to avoid a misunderstanding, we recommend that this text is placed in the main area. So the copy could read: 

“Get the latest weekly science news, occasional surveys and special offers delivered right to your inbox”

This would be a better way to approach consent.

The Huffington Post GDPR Consent Example

asking for consent to receive newsletters #2 - MailerLite

This is also a good example of simple, clear and accurate opt-in form with no unnecessary information. From our point of view, the only thing missing is a link to the Privacy Policy. It’s also a good practice to mention that the person can unsubscribe at any time.


How to use an incentive in your form

It is very common to give away something for free in exchange for an email address. These are often called lead magnets. Under GDPR, you can’t just obtain an email with a lead magnet without explaining how you will use the email.

CottonOn & Co. Perks Example

give away exchange for email address GDPR - MailerLite

 In this example, there is not a clear explanation of what the person is signing up for. If you are asking to exchange an email address for a freebie or voucher, you won’t be able to send them newsletters, news, special offers or other emails.

A safe option here would be to add a checkbox underneath and ask people to tick the box if they want to get a newsletter or special offers.

You could also say something like:

"To receive a voucher, please subscribe to our newsletter and daily news. Don’t worry, you can unsubscribe at any time"

You wouldn't need to add any checkboxes in this case because you make it explicitly clear that the lead magnet is being offered in return for joining the email list.

Red Bull does a much better job in the next example.

Red Bull GDPR Lead Magnet Example

give away exchange for email address GDPR example - MailerLite

Follow Red Bull’s example of being super clear and explicit. They show how a freebie can be connected to a subscription. They include the incentive, the explanation of consent and they mention the unsubscribe option. 

Great job Red Bull!


When you don’t need checkboxes

Checkboxes are necessary when you are trying to get consent for two separate things, such as a newsletter and advertising. If you don’t need to use checkboxes, it is much better to avoid them. You’ll get higher conversions with fewer checkboxes!

Bratislava GDPR Checkbox Example

unnecessary checkboxes for opt-in forms under GDPR - MailerLite

From our point of view, the checkboxes in the form above are not necessary. Let’s take a closer look at the first checkbox, which says:

“I agree to my email being stored and used to receive the newsletter”

The form is GDPR compliant without this checkbox because the only purpose of this form is to get consent for receiving newsletters. The second checkbox is not needed because you are allowed to put offers in your newsletters.

If someone has to read several checkboxes and make multiple decisions, they are less likely to complete the form.

Michael Kors GDPR Checkbox Example

unnecessary checkboxes for opt-in forms under GDPR #2 - MailerLite

This is also a GDPR compliant opt-in form. However, we would recommend that you let your customers choose how they want to receive news from you — by email, via SMS, by post and etc. In this case, you would use multiple checkboxes.

The checkbox is needed because the original purpose of the form is to check out of the store. In order to send newsletters, they needed to add a separate checkbox asking for explicit consent.


Age verification

Article 8 of the GDPR states that in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old.

If the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility for the child.

age verification under GDPR - MailerLite

Member States may provide by law a lower age for those purposes provided that such lower age is not below 13 years.

The controller shall make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility for the child, taking into consideration available technology.

To comply, you should consider adding age verification or parental consent options to your forms if you offer online services directly to children.

At this time, EU regulators have not provided definitive guidance on how to verify parental consent, but we believe they will develop further specific guidance soon.

Monki Style GDPR Age Verification Example

age verification under GDPR example - MailerLite

Do you think the above form works under GDPR?

Let’s take a closer look at it. There are two types of confirmation: age verification and consent to receive personalized marketing material, but only one checkbox.

What if someone wants to confirm that they are 16+ years, but they want to disagree to receive marketing emails? From our point of view, this kind of opt-in form is bundled, which means it should separate the two items using checkboxes.

That said, the text they use to verify age is good. Just don’t merge it with the other things and you are good to go.


How to get consent for a multiple purposes

Let’s take a look at one of the most important GDPR explanations regarding consent, which is stated in Recital 32:

“Silence, pre-ticked boxes or inactivity should not, therefore, constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them.”

It is mandatory to ask for a consent for each purpose. Here are some GDPR-compliant examples, which place separate checkboxes for marketing purposes and profiling.

Armani Store GDPR Consent Example

getting consent for multiple purposes under GDPR - MailerLite

Juventus GDPR Consent Example

getting consent for multiple purposes under GDPR #2 - MailerLite

Guess GDPR Consent Example

getting consent for multiple purposes under GDPR #3 - MailerLite

The important thing to notice in the example above is that if a subscriber doesn’t choose the "Yes” or “No” boxes, it counts as "No”. We recommend simply using one checkbox to avoid confusing the user.

VANS GDPR Consent Example

getting consent for multiple purposes under GDPR #4 - MailerLite

Can you guess what Vans did wrong in the above form?

This webform is pre-ticked, which is not allowed. According to GDPR, consent requires an active opt-in. The user must freely give consent, which makes pre-ticked opt-in boxes invalid.


When the text is too confusing

GDPR requires the explanation of services to be explicit and clear. While this is a subjective rule, you need to do your best to communicate as clearly as possible.

Here’s our last example, which shows how wording can get confusing. This is an example of what NOT to do:

GDPR opt-in form explanation of services - MailerLite

A checklist for creating compliant opt-in forms

To help you create the best opt-in forms that comply with GDPR, we created a checklist that you can use to verify that your forms are good to go.  

A checklist for creating compliant opt-in forms - MailerLite

We hope that this article was helpful. If you still have questions regarding consent, checkboxes or the structure of opt-in forms, please leave your comments below and we will do our best to answer your questions.

Check out our pre-built GDPR-friendly forms.
New MailerLite GDPR Features:Opt-in Forms