Solved

Proving consent without GDPR enabled SignUps

  • 23 June 2021
  • 6 replies
  • 227 views

Userlevel 1
Badge +3

Hello Alltogether

It would be very nice if you would share your opinions or workflow concerning the double opt in.

We collect new subscribers via a Klaviyo Signup (GDPR Conformity not enabled on that Popup in order to get a cleaner look. But we have a seperate Popup for cookies and tracking consent.) We have a double Optin where the profiles are added into a marketing list only once they confirm, that they want to receive marketing emails. When those profiles unsubscribe, they get suppressed as expected.

My concern is now, what if someone claims to not have confirmed to receive marketing emails? I have no consent details like time of consent, IP adress and so on like I had in mailchimp before.

How do you handle such cases? How can i proof consent without to enable GDPR conformity?

Best regards, Frank

icon

Best answer by David To 23 June 2021, 22:27

View original

6 replies

Userlevel 7
Badge +60

Hello @Frank,

Thanks for sharing your question with the Klaviyo Community!

It’s great to hear that you are utilizing double opt-in to confirm your contact’s subscriptions! Contacts who subscribe through your Klaviyo form and confirm their subscription will then trigger a Subscribe to List metric when they are added to the designated Klaviyo list. This metric will only be recorded when the customer confirms their subscription. If a customer signs up through your Klaviyo form but does not confirm their subscription via the double opt-in email, they would not trigger this Subscribe to List metric as they would not be added to the list. 

Because you are using double opt-in, this event would only be passed when a contact confirms their subscription and shared explicit consent to join the list. You can then review the raw data of this Subscribe to List metric to see the list the customer opted into and the timestamp that this event occurred on when the customer was added to the list. This would also indicate when the contact confirmed their subscription. 

Lastly, from the subscriber’s Klaviyo profile under Channel Details, you can also see details pertaining to the last Klaviyo signup form the contact filled out such as the Klaviyo form ID, the method, and the timestamp.

With both pieces of this information, you can learn exactly when a Klaviyo form was filled out by your subscriber and which one was filled out. Along with the Subscribe to List event/metric you are informed exactly when a contact confirmed their subscription and to be added to which list. 

I hope this helps!

David

Userlevel 1
Badge +3

Hi David, thank you for your reply. My missing Link was the raw data review. I just took a look and came to this:

I see the profile came via our standard Signup Form and as the profile has entered the list and is not suppressed. Therefore the profile completed the opt in. In conclusion: at June 23, 2021 at 11:48 p.m. (from the profiles page, not in foto) the Profile submitted the form. At 21:49:13 the Profil confirmed the subscription, Klaviyo synced one second later.

Looks ok.

Thanks again David :slight_smile: Helped me a lot.

Userlevel 1
Badge +3

Hey @david.to, i thought about it and came to another question. What if someone with bad intentions says: “I didn’t receive the Opt-In Mail, you don’t have a double opt in procedure.

AFAIK i can switch the Lists double opt in to single opt in and back in at any time ...  So kind of tricky to really proof a real double opt in?

It might be nice if i can see in the profile which emails the profile received (like Double Opt In Confirmation email).

Userlevel 7
Badge +60

Hey @Frank,

Great question!

Completely understand your concerns, especially without the ability to track events pertaining to the actual double opt-in confirmation email. 

Although you have the ability to switch a list from double opt-in to single opt-in at any time, we strongly caution against using single opt-in on any of your lists unless you have a specific use case that calls for it. For this reason double opt-in is always enabled by default on all your lists.

To prevent malicious actors from making claims such as the one mentioned, I would recommend enabling and keeping double opt-in enabled and not switch the list’s settings between double and single opt-in. By ensuring a list is either always set to one of these settings you can be sure that everyone either has to adhere to the double opt-in confirmation email before being added to the list or not if the list always set to single opt-in. 

I’ll also be sure to share your feedback regarding this use case with our product team to consider in the future.

Thanks for being a member of the Klaviyo Community!

David

Userlevel 1
Badge +3

Hey @david.to ,

Thank you for your input. We have double opt-in always on. One reason is the legal thing, the other is to really get profiles that are engaged.

In the case sh*t hits the fan, can Klaviyo provide proof/ confirmation that double opt in was always aktivated for that list? Or for a special usecase switched of for a timespan?

Thanks david, really like you top answers.

Frank

Userlevel 7
Badge +60

Hey @Frank,

Klaviyo does not track when a list is switched from double opt-in to single opt-in or vice-versa. For this reason we do not recommend switching them back and forth. If you decide to switch this setting, I would recommend tracking internally amongst yourself and your team when this setting was updated to keep a record of this change. 

As mentioned, double opt-in will always be enabled for any list you create within Klaviyo by default and will be active for that list until you or a member of your team changes that setting. For special situations when you may want to use single opt-in, I’ve seen success with clients creating a whole new separate list that uses single opt-in as opposed to switching their list from double opt-in to single opt-in and then back again afterwards. Creating a separate list will ensure you are separating out those subscribers who have adhered to double opt-in and those who were added to the list via single opt-in as they would be distinguishable by the list you are using. 

Have a great day!

David

Reply