7 Tips to Keep Your Email Subscriber Form Compliant

Last year it was GDPR; a few years before that it was CASL; and even before that it was CAN SPAM. Rules regarding how to gain new subscribers, and what you need to do to ensure you can keep them on your list, are changing.

With each new set of rules, updates to your form need to happen. While this may be time consuming, in the end these changes will most likely help you to make sure you are only adding highly engaged subscribers. Not only that, but it will also help increase your deliverability. If you are new to email marketing, or just want to double check that you have all the information you need to set up your new form, below is a list of things your online subscribe form must have.

1. Have an unchecked box that states they are giving you permission to send emails. It can be something as simple as, “Yes, please send me email about…” If you are sending emails that are from your partners, then I would recommend a second box that addresses emails from your partners with wording such as, “Yes, please send me emails with information about partners.”  The box has to be unchecked or it will not be in accordance with CASL or GDPR.
2. Your subscribe form also must have a link to your privacy policy; I would recommend putting this somewhere near your submit button.
3. Ensure you’re protected against bots/hackers. This can be as simple as putting a CAPTCHA code on your form, but be prepared that a CAPTCHA code may decrease the amount of people willing to fill out your form. Another option is a “HoneyPot field,” a hidden field on your form that, when filled out by a bot, will allow your database to automatically disregard the information. This is a link that explains the benefits of having a honeypot, and how to set one up.
4. Make sure only the information that is needed to send emails is required. For every field that is required, you run the risk of somebody getting fed up with your form and leaving before hitting submit. For an email-only subscribe form, I would recommend only having the email address and zip code required (as well as the check box). You can still ask for more information on your form, but people can choose how much information to give.
5. In order to be compliant of CASL and GDPR, you need to have proof of consent for your subscribers. This can be achieved by stating your purpose of the consent request, identifying the entity making the request, providing contact information and explaining how to withdraw consent.
6. Capture the IP address at submit. You can use your capture of the IP address as proof of consent, and where the consent was submitted if needed. It is also important to capture the source of the subscriber by labelling all of your different forms so you can easily see where they came from.
7. Use a double opt-in confirmation email to confirm consent. This is an easy way to prove consent, as you will have records of them receiving the email and clicking on the “confirm your opt-in” link. It is also a great way to weed out any bad email addresses that may have made it into your database. 

Ensuring you have permission to send emails to individuals is an important and necessary part of email marketing. Businesses that follow guidelines and rules are able enjoy higher deliverability, which leads to higher engagement by subscribers.