Opt-in and Opt-out: How to get, record, and manage customer consent

Consent and preference management has become a must for all companies looking to collect and leverage customer data. It’s required by law to set up processes that allow customers to consent to data collection, while also making sure that they have the option to opt out of this process.

Complying with laws and regulations is not the only benefit of consent and preference management—it is also a way to maximise a company’s marketing efforts. Using a robust consent and preference management platform, you can also increase your opt-ins and reduce blanket opt-outs.

And maximising opt-ins allows you to collect more accurate customer data, while minimising opt-outs leads to higher conversions and improved brand reputation.

In this article, we’ll cover what “opt-in”and “opt-out” actually mean, what types of opt-ins and opt-outs that you need to know, why they are important for your business and how you can implement them.


●    Opt-in vs opt out: What do they mean, and what is the difference?
●    Why are opt-ins and opt-outs important?
●    When and why would your customers opt-out?
●    How can you increase opt-ins and minimise opt-outs?
●    What is a double opt-in?
●    Why would you need double opt-ins? How can you set up a double opt-in?

Opt-in vs opt-out: What do they mean, and what is the difference?

What is an opt-in?

An opt-in is when a customer chooses to give their consent for a specific purpose, such as receiving marketing emails from you or participating in a survey. Opt-ins are obtained through a checkbox or button that your customer must click on to give their consent.

There are two types of opt-ins:

  1. Single opt-in - Here a customer only has to subscribe once before they start receiving communications from your company.
  2. Double opt-in - It involves a second step where the customer has to confirm their subscription through an email by clicking a confirmation link.

Here is an example of an opt-in

An opt-in would be a website that requests its visitors' email addresses to send them newsletters or promotional offers. The website includes a form asking the visitor's email address. It also has a checkbox or button that must be clicked to indicate their agreement. Here is an example:


Email: [__________]

[ ] I would like to receive the newsletter and promotional offers from this website.



The visitor will not be added to the mailing list unless they check the box and press the submit button.

What is an opt-out?

An opt-out is when a customer is automatically enrolled in a program or service but has the option to remove themselves from it. This gives the customer more control over their data and privacy settings. It also reassures them that their data is not tracked or used without consent, which in turn helps strengthen customer relationships.

Here is an example of an opt-out

Let’s say a company automatically adds new customers to its mailing list for promotional offers and discounts. The company would then send emails to the customer with information about the mailing list and give an option to unsubscribe from future emails. Here is how it might look:


Welcome to our company!

We are so pleased to have you as a customer and want to keep you informed about our latest products and promotions.

Please note that you can unsubscribe at any time by clicking ‘unsubscribe’ from this list. It’s right there in the footer.



The biggest difference between opt-in and opt-out is that, with an opt-in, customers have to actively take action to show their agreement. With an opt-out process, customers must actively take action if they don't want to give their consent.


Why are opt-ins and opt-outs important?

Apart from complying with customer consent and preference rights, here are a few reasons why businesses should implement opt-ins and opt-outs:

  • Comply with data protection laws

It's important to note that different countries may have specific laws and regulations about obtaining consent. It's also essential to comply with them. Two of the most prominent laws—the GDPR and CCPA— state that consent must be “freely given, specific, informed, and there must be an indication signifying agreement”.

These laws provide the following criteria that consent management processes must adhere to:

Active opt-in - Providing pre-ticked opt-in boxes is not valid. Use methods that require an action from the user, like unticked opt-in boxes.

Granular - Give detailed information about the data you collect and provide options to consent separately to different types of processing.

Named - Include a description of your company and any third parties that will be relying on consent.

Documented - Maintain records on customer consent, including the specifics of what was said, when it was said, and how it was said.

Easy to withdraw - Inform customers of their right to withdraw consent and provide a simple method of doing so.

  • Enhance customer engagement through targeted communications

Opt-in ensures that your company only contacts customers who gave their consent. It enables ongoing communication of offers, promotions and information. Keep in mind that opt-in customers are more likely to be interested in the products or services offered. So, this can improve the relevance and effectiveness of your business’ communications.

While, opt-out ensures your subscribers or customers don't receive unwanted communications and your company doesn't violate privacy. This reduces the number of complaints, unsubscribes. On the other hand, it helps you build a better, privacy-first relationship with your audience. 

  • Build a trustworthy brand

By providing clear and easy-to-use opt-in and opt-out options, you can display your commitment to protecting customers’ privacy and building trust with them. Additionally, opt-in and opt-out also means you comply with data privacy regulations. It demonstrates the lawfulness of your company.

Understanding when and why customers opt-out can also help you identify areas where you need to work on improving their satisfaction and engage more.

When and why would customers opt-out?

When customers opt-out, it may indicate that they are not satisfied with the brand experience they are receiving. There can be several reasons why:

  • High frequency of communication

This can happen when a company sends too many emails, text messages, or other communications frequently. These messages can overwhelm the customer at some point. As a result, they can unsubscribe or opt-out of future communications.

  • Irrelevant communications

A company should send out communications about products or services only to customers that have shown interest in them. If customers receive communications on things they have no interest in, they may feel like the company is not paying attention to their preferences and they don’t care, so they will opt-out.

  • Inconsistent brand experience across channels 

Customers may opt out if the messaging, tone, or branding is inconsistent across different channels. This could make it difficult for them to recognise the brand and understand what it stands for.

  • Communication on less preferred channels

Customers have different preferences for how they want to receive communications, such as email, text messages, phone calls, etc. If you’re communicating with a customer on a channel that they don’t prefer, this can lead to frustration and dissatisfaction.

There are many reasons why customers would opt-out of a brand’s communication, but there are also solutions to make sure this doesn’t happen.

How can you increase opt-ins and minimise opt-outs?

To help you increase opt-ins and minimise opt-outs, DataGuard’s Consent and Preference Management solution allows you to implement strategies such as:

  • Making marketing preferences a part of your customer’s journey

By asking for marketing consent and preferences throughout the customer journey, you allow customers to tell you what they want to hear about, when and how frequently they want to hear about it. This way, you don't send them irrelevant promotions or offers.

  • Let your customers submit, manage and edit their preferences anytime

You can only call your company customer-centric if you prioritize consent and preference management. One of the best ways to do that is to offer your customers the ability to submit their preferences when they sign up, and then manage and edit them anytime they like. This way, you give them a choice and complete control over how they want to communicate with you.  

  • Deploying progressive capture points

Progressive capture points, or progressive profiling, is an approach to gathering first-party data by asking customers to provide small bits of information throughout the customer journey. Deploying progressive capture points can assist in capturing priority consents, which have the most value for a company, without driving negative behaviour and frustrating customers.

With our consent and preference management platform, you can improve your engagements and conversion rates. You can also increase your opt-in rates and sign-ups by giving your customers a choice and control over how, what and when they want to hear from you on their consent journey.

Single opt-ins are not the only area we can help you improve. With DataGuard, you can also set up your double opt-ins. Now let’s look at how it can be beneficial for you.

What is a double opt-in?

A double opt-in is used to add new contacts to your email list. It involves a two-step process in which a potential customer first provides their email address through a signup form, and then confirms their subscription through a company-generated email.

Only once they have confirmed their subscription will their email be added to the company’s list.

Example of a double opt-in

Let’s say a customer fills out a form on your website to subscribe to a newsletter. After submitting the form, they would receive an email with a link to confirm their subscription. They must click the link in the email to complete the double opt-in process and confirm their consent to receive the newsletter.

The email would look like this:



Thank you for signing up to receive our newsletter! To complete your subscription, please click the link below to confirm your email address:


If you did not sign up to receive our newsletter, please ignore this email.

Thank you,

[Company Name]


Why would you need double opt-ins?

There are several reasons why a company might choose to use double opt-ins for their email marketing efforts:

  • Enhance your email deliverability

Double opt-ins ensure that only customers who are truly interested in receiving communications from a company are added to their email list. This enhances the deliverability of emails, as less emails will be marked as spam or unwanted messages.

  • Enrich your database with more qualified contacts

Double opt-ins ensure that only active email addresses are added to your list. New subscribers must confirm their subscription by responding to an email to be included in the contact list. Additionally, problems caused by customers entering invalid email addresses or incorrect ones in the sign-up form can be avoided.

  • Establish powerful relationships

With a single opt-in, new subscribers don't hear from you again until they open the first campaign you send them. But with double opt-in, you can turn your first transactional email into a welcome email to familiarise new subscribers with your company.

How can you set up a double opt-in?

Setting up a double opt-in is easy with our consent and preference management platform. All you need to do is follow these two simple steps

Step 1: Copy the code snippet provided by the platform and paste it into your website or landing page.

Step 2: Tailor the code to match your brand and design, such as by adjusting the colours, fonts, and images.

You can also speak to our experts to get more information on setting up double opt-ins.

There is no doubt that consent management is an important aspect of data privacy and security, and opt-ins and opt-outs are key tools for obtaining and managing consent clearly and transparently.

Companies can use consent and preference management platforms that can help them stay compliant while also giving them the power to choose what they should be communicated about.

Buyers Guide General  212x234 UK Buyers Guide General 800x600 MOBILE UK

One single source of data truth

Lean how a platform can benefit your organisation as a single source of data truth across all your business systems

Download your decision guide

About the author

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies

100% success in ISO 27001 audits to date



TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk