Skip to main content

For companies who have exclusively EU customers it is necessary to have a GDPR-complained Opt-in and Opt-out process in place. This article by Customer.io explains perfectly how to set up a Double Opt-in campaign. But in order to...

  1. make sure users can resubscribe on your website
  2. be strictly complained
  3. be able to gather all necessary information in case of a data access request by a user (Art. 15 GDPR)

you should additionally make sure to…

 

Let’s get into it:

Remove resubscribers from the Opt-out list

This is actually not related to GDPR nor to Double Opt-in, but a “must have”. You should make sure that the attribute unsubscribed is removed or set to “false” once a user (re)subscribes. This is not done automatically by Customer.io!

 

Send second Double Opt-in email for resubscribers

If a user unsubscribes, you should make sure that the attribute double_optin (or whatever you named it) is removed or set to “false”. You can simple create a campaign that updates the user’s profile when s:he unsubscribed:

This is important because in case the user resubscribes again in the future on your website s:he will otherwise not receive a second Double Opt-in email (which s:he should regarding GDPR) in case you are using a segment-based campaign for the Double Opt-in process.

If you, as mentioned above, removed the unsubscribed attribute it is even worse because in that case the user receives the Double Opt-in email, but will receive your newsletters even without clicking the link in the email (the user’s double_optin status was and still is “true”).

 

Save Registration, Double opt-in and Unsubscribe timestamp

Yes, I am pretty sure all these timestamps can be found in the events or triggers somewhere in Customer.io as well, but it is much easier to have it all in one place. You don’t want to start searching if the customer service hands you over a data access request from a user, do you?

Just to be clear, here is what mean with the terms:

  • Registration timestamp: date and time the user submitted the form
  • Double Ept-in timestamp: date and time the user clicked the link in the Double Opt-in email
  • Unsubscribe timestamp: date and time the user unsubscribed

For all three timestamps you can simple use the “create or update a person” in the workflow to set the timestamp with Liquid:

 

Save consent text the user agreed to

Again, this is useful in case there is a data access request in which you also should state the exact consent the user has given. You can either store an consent text ID if you have a reference table for a lookup of the exact words or simple store the whole text in Customer.io. Make sure you to pass the information over with your event or form submission and store it by using the “create or update a person” (see screenshot above).

 

In sum, a Double Opt-in and a Opt-out campaign could look something like that:

 

 

Hope that helps,

Felix

Felix this is super helpful! Thanks for sharing!


Hello Felix,

thank you. Very helpful. The only thing I'm still interested in your solution is, which condition must be fulfilled in the "Wait until..." part? Is it a “wait until event “double optin confirmed” gets performed”?

Best regards, Hendrik


Hey Hendrik,

for this you will have to to create a new segment, e.g. “double optin confirmed within the last day”. In there, you will have to select everyone that clicked the link in the double optin email which is the link to the landing page that says “Thank you! Your subscription has been confirmed”.

Within the last day because the user might unsubscribe and resubscribe again. If the user stays in the segment, the attribute changes will be done even if s:he did not click the link the second time (s:he is still in the segment).

Hope that is clear. Don’t hesitate to ask again 😁

Felix

 


Reply