GDPR: asking existing members for a double opt-in


(Annick Oosterlee) #1

Hi guys! Not sure if this is the right place to post but I have a GDPR related question. More specifically, it’s about the double opt-in. I run a community for people who work at Schiphol (edit: they work for different employers), we currently count over 2400 registered members. Unfortunately, these members never agreed to a double opt-in (we do send them a confirmation email in which they have to confirm their email address, but the copy is too vague to be GDPR proof - will change this ASAP!). If I understand it correctly I will have to ask all my members to opt-in and if they don’t, I will loose them. HELP! Are there any communities who have been through this already and did this really really well? All I can think of is A/B testing the email before it goes out, offering something in the email that is impossible to resist… etc.


(Sarah Hawk) #2

I’m not sure that this is the case… a member is opting in by signing up.


(rhogroupee) #3

I agree with Sarah, I don’t see a requirement for double opt-in with GDPR. What you may have to do, though, is provide a clear method for your members to opt out (as well as to delete and download all of their personal information you’ve collected). This is a good resource I’m using as we provide guidance for our communities: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en


(Annick Oosterlee) #4

Thanks ladies! Our legal department was pretty strict about this but I couldn’t find any information about it either. I’ll dig a bit deeper into it and will try to remember to post the outcome here.


(rhogroupee) #5

I’d love to hear what they say, thanks in advance! I also found this resource online (although there’s no date on it, it has a good list of links for opt-in/opt-out regulations (of course separate but related can of worms from GDPR). http://www.lsoft.com/resources/optinlaws.asp


(Sarah Hawk) #6

I would also. We’ve spent many months researching GDPR and have in-house counsel specifically focusing on it but I haven’t heard this come up yet.


(Annick Oosterlee) #7

Ok, it seems I misunderstood the reason why I might have to email all my community members again: this is not because a double opt-in is required according to GDPR (it is not), but because we were never clear (enough?) about what our members were signing up for when joining the community. In our case, joining the community means you automatically receive a monthly community newsletter and notifications (members can opt-out for all of these in their profile). Because these members were never actively informed about this when signing up, we might have to email them to actively ask for their opt-in.

:sweat::sweat::sweat:


(Robert McIntosh) #8

Ah! This makes more sense indeed

The good news is that you DON’T need to email them, you just need them to opt-in! A subtle but important difference, because if you create the page for tracking their opt-in (and the date/time) then you can share this within the community first. Your most engaged members will be able to see it there, so you don’t need to rely on them seeing the email and clicking.

This way you can reduce the email load by a substantial % and focus your efforts on the less engaged -
you might even better target the message and use this as a way of re-engaging them.

If the newsletter opt-in is the issue, you can always turn off these messages but keep their profile active. You can then put in place a message that encourages them to opt in (or not) next time they visit. It might be a bit intrusive, but it reaches those you most care about - those who are already using the community.

Hope that helps a bit?


(Sarah Hawk) #9

I’m still sceptical about whether GDPR has anything to do with whether you receive emails or not…