Double-Opt-In Procedure & Burden of Proof
Better secured with Double-Opt-In
The opt-in procedure can be divided into the single and the double opt-in procedure. With the single opt-in, the ticking of a box is sufficient for consent to data processing.
The double opt-in procedure, on the other hand, is a mechanism in which the consent of the data subject is obtained twice.
In the case of double opt-in, the interested party also ticks the corresponding box to consent to the processing of his or her data, for example for the purpose of registering for a newsletter. He or she then receives an email with a confirmation link.
Only by clicking on the link is the interested party added to the e-mail distribution list.
The double opt-in ensures that the email address of the person concerned actually belongs to him or her, which the person concerned confirms by clicking on the link. This way, it can be ruled out that the misuse of an e-mail address by third parties leads to the mailing of unwanted e-mails
Important: Duty to provide evidence
Article 7 para. 1 GDPR also requires that controllers prove the consent of the data subject. This can be done electronically by e-mail or in the form of a written confirmation. With double opt-in, you are also on the safe side. You only have to make sure that the confirmation from the interested party is time-stamped and stored in a database. If you cannot provide this proof, you may be subject to severe sanctions.
Tip: Check whether your CRM meets the requirements of the GDPR. In this article, we have summarised for you what you need to pay attention to.
Obtaining consent to the processing of personal data is not in itself an innovation. However, the fact that the opt-out must now be replaced by the opt-in procedure without exception is. In view of the high sanctions, you should implement this. If you switch directly to the double opt-in procedure now, you will fulfil your obligation to provide proof in the best possible way and thus protect yourself from high penalties.