Whether you heard of GDPR (General Data Protection Regulation) before or not, sure you heard about it by now. If you used an online service before, the likelihood of receiving an updated “Terms and Conditions” increased by a multitude of [[insert some significant number here]]. Personally, before the GDPR took effect on the 25th of May in 2018, I received tons of emails especially when the calendar was closer to the big date.

GDPR requires double opt-in for newsletters, a customer is not added to your email list until they have given their consent. After entering their details, they receive an email asking them to confirm their subscription. Once they click a link in that email, they are added to your list. If they never click the link, they should never receive emails from you.

Well, that’s clear enough and because most EU countries already have stricter regulations you already had your email address confirmed when you subscribed to a service. Email confirmations link was already common practice since the invention of email spam, to prevent malicious users subscribe to your mailing lists. Spam protection is there to protect the organisation running the website, rather than for the safety of the user.

After buying goods or services online, a simple notice about order confirmations is usually enough. Something like:

Enter your email here to receive updates about your order.

Even though when entering this email is required, you should be ok with the new regulations. What is not ok then is to send the user emails about current deals and anything that’s not related to their order without previously asking for consent. This consent can be a checkbox during checkout, but should never be mandatory to place the order and should never be ticked in by default. The user should choose to opt-in. It’s fair to be a wee bit of a marketer here and tell the user why He should opt in and what He miss if not taking this extra special offer.

If your webshop / online service complied with previous EU regulations, then your store already had these features in place. What happened in the past few weeks was absolute chaos. Online retailers nervously tried to update their terms and conditions because the fines increased dramatically and they didn’t know if their service acquired emails without user consent in the past or they didn’t have the record about it as that was not a legal requirement.

So that’s why - every person with internet access - received possibly hundreds of emails from businesses trying to cover their asses or getting that user consent before the 25th of May.