Hi @Holger_Z ,

Before activating the GDPR toggle including double opt-in email, I would advice you first to get a legal basis and consent from your existing contacts. So the double opt-in would be less of a bother to them.

What we generally advise is:

1. First check the contacts that already have a legal basis for processing their data (which can be the value 'not applicable' in the case of contacts from non-GDPR countries). 

2. Then check the status of subscriptions of your existing contacts. Who has opted in to what and who has not?

3. Make sure you get a consent and opt-in from your existing contacts without subscriptions and/or legal basis. For example by sending a consent email. 

4. Decide what you want to do with contacts that did not opt-in. General advise: delete from the account. Our experience tells us that 10% of your contacts will remain if your consent email is setup right. In this email you could prepare your recipients that they will receive a double opt-in email later on.

5. After cleaning up the account, make sure you set GDPR options like you want them to (cookie banner, GDPR field in forms, etc). You could consider enabling the cookie banner and double opt-in for specific pages only, that would probably make it easier to control the different audiences.

I think it's really wise to differentiate pages for visitors between countries based on IP. For leads I would do the same, but then use the Legal basis property for it. In that way you make sure every contact in the account has a value for Legal basis. You can use 'Not applicable' for contacts outside the GDPR countries.

You could set this in a workflow as well for your exisiting contacts 🙂

It's probably not aswering your question for 100%, but I hope my answer helps you to figure your issue out!

Best,

Nynke