Skip to main content

Understanding email consent

At NationBuilder, we spend a lot of time helping our customers understand the benefits of good email deliverability practices. As one of our certified experts, Ian Hines, puts it, “email is still the best, most effective way to stay in touch with supporters. And email deliverability  -  the part art, part science of getting your email blasts into the inboxes of your supporters - is one of the most important and least sexy parts of online organising.

This article is a follow-up to our previous ‘Understanding email consent’ blog post. In this post, we are specifically focusing on the changes now required after the GDPR will come into effect on 25th May 2018.

Over the years we have suggested that our customers use opt-in rather than opt-out as a consent mechanism, as we believe that recipients who actively give consent are less likely to unsubscribe or mark emails as spam. Over time, this increases your email deliverability. This is now more true than ever. Actually, according to the GDPR, opt-ins are the proscribed method to get consent. Consent is still the single most important element in setting yourself up for email deliverability success.

What is changing with the GDPR with regards to collecting consent (to do after 25th May)

Valid consent now needs to be explicit. This will require you to obtain consent in a way that leaves no room for misinterpretation. According to the ICO, “consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build customer trust and engagement, and enhance your reputation

Valid consent is explicit: Practically this means it must be provided in a clear statement – whether written or spoken. You can no longer assume people want to opt-in to receiving communications from your organisation (i.e. opt-outs are no longer allowed).

Valid consent requires transparency: This also means that you will need to be clear and upfront about why you are collecting a data owner’s data and all the ways you might want to use it, in advance. The recipient must have a reasonable expectation that she is going to hear from you, how often, and regarding what content. Explain the above in plain language.

Valid consent cannot be bundled and needs to be granular: In other words, consent must not be bundled into your Terms of Service or Privacy Policy, nor can you have just one all-inclusive opt-in button for all your communications. You need to offer options that individuals can choose from - both channels of communications (e.g. email, text, call…) and type of content (for example, signing up to a national newsletter vs. local newsletter).

Consent must be easily redrawn: You must inform individuals that they have the right to withdraw their consent at any time, and clearly explain how to do this. It must be as easy to withdraw as it was to give consent.

Why do a repermissioning campaign (to do before 25th May)

A repermissioning (or reconfirmation) campaign is a way to reaffirm the consent of current subscribers. In practice, you send an email asking subscribers to reconfirm consent by clicking a link to a signup page and signing up. A recipient is considered opted-in after she reconfirms her consent.

Note: In most European countries (France, for example), the law does not require double opt-in. The GDPR does not require double opt-in either. That said, be aware that some countries in Europe (such as Austria and Germany, and specifically in politics), will likely require double opt-in.

Repermissioning campaigns are not a way to get people who have previously unsubscribed to change their minds. Repermissioning are best used when you have a list that is already familiar with your organisation and has received emails from you in the past. Many organisations will be doing such campaigns ahead of 25th May 2018 to ensure that all their subscribers on their email lists have actually opted in to hearing from them as part of their GDPR compliance readiness efforts.

We suggest you do the same, and sooner rather than later, as I imagine we are soon going to witness a fatigue with regards to the amount of repermissioning emails subscribers will be receiving. Read here for an example of a repermission (or reconfirmation) email.


Here are some easy best practices to keep in mind in general but also for your repermissioning campaign:

When in doubt do a repermissioning campaign: If you have people in your existing database for whom you are unclear about their opt-in status (i.e. you are unsure if they gave you explicit consent and/or how you got their email), you will need to put them on a repermissioning campaign. If you have the smallest doubt about their status (i.e. you might not be allowed to email them in the first place), remove their record from your email list.

This exercise will also allow you to clean your database. It’s not a numbers game, no matter how much we think it is. Having lots of people in your database that don’t want to hear from you or haven’t given consent to be there are not actually useful to you, and could even damage your reputation over time. It’s better to have an engaged list of one thousand people than an apathetic list of ten thousand.

Have a clear value proposition to share: Think about what you have to offer your subscribers in return for this very crucial piece of information; their email address. The services we are offering today, we are offering them to increasingly more empowered consumers.

Finally, the more you are able to build trust with your users and subscribers, the more you can ask from them down the line (such as signing a petition, responding to a survey, donating, attending an event…) while obviously keeping in mind the consent they have previously given you.

Give your supporters and/or subscribers options: The GDPR requires that consent be granular and specific. Therefore, if you can no longer bundle consent, you have the opportunity to think about all the different opt-ins, one for each activity, people can subscribe to. You can imagine having a different statement and value proposition for each. You can have as many opt-ins as you need.

Offer the opportunity to sign-up via pop-ups on the website: Another way to get people to actively sign-up to received your content and/or hear from you is to invite website visitors to sign-up to your mailing, or other activities by launching a pop-up on your website. All the same best practices regarding consent apply here, too.


Read more here on how to maintain a healthy email list.

Share this post