Double Opt-in Functionality and GDPR Opt-in Discrepency


I'm trying to wrap my head around why there isn't any connection between the GDPR element in forms and the Double Opt-in functionality. 


What is the point of having a GDPR checkbox, when the system sends a Double Opt-in email regardless of whether or not the GDPR checkbox is selected?!


What is the best way to approach creating a form for gated content? Aren't we legally required to give people access to the content regardless of whether or not they officially opt-in?


Any resources for how to manage this? 


4 Replies 4
Community Manager

Hi @lesliebartels,


I apologize for the delay in responding to your inquiry. I want to tag in some subject matter experts to get their thoughts on this. 


@Kim_HM@MatthewShepherd@himanshurauthan do you have any suggestions for @lesliebartels in regards to the best approach to creating gated content? 


Thank you,



Key Advisor



I actually have the same question. The new GDPR is really confusing. I've been trying to wrap my head around it. I think having more documentation around CAN-SPAM, GDPR, CASL, CCPA and Double Opt in would be helpful. 


Top Contributor | Diamond Partner

Hi @lesliebartels , 


Sorry for my late reply!


I can not give you any legal advice, since I'm not a legal professional. What I can tell you is that gating your content is the best way of collecting leads, which I assume is your goal.


The double opt-in functionality makes sure the contact signed up for your content themselves. So for example, I wouldn't be able to sign my colleague for your marketing e-mails of other subscription types. This double opt-in is an option, so you can leave this out if you like. 


When the consent to communicate checkbox below a form isn't checked, you're legally not allowed to send this contact anything for that specific subscription type. I would recommend using the checkboxes for communicaties and making the subscription you use for follow-up emails required in order to be able to send this. 


Does this help? 


Kind regards, 



Key Advisor



I'm familiar with the Double Opt-in in Hubpsot. However, it's still a separate control from GDPR settings.


GDPR, CASL & possibly CCPA also cover other electronic communication methods like SMS. Should you use GDPR controls to configure a SMS subscription or create custom contact properties? Should a global opt-out  include other communication methods as well? If, yes this get's more complicated if it's not controlled under GDPR settings as you'll need to setup workflows.


Also, there's still a lot unanswered about CCPA.