Email: Phone: 866-709-6002 Raleigh, NC United States

How to Capture Your User’s Consent? Opt-In to Great GDPR Form Examples

How to Capture Your User’s Consent? Opt-In to Great GDPR Form Examples
May 6, 2021 Noreen Bifulco

How to Capture Your User’s Consent?
Opt-In to Great GDPR Form Examples

Even before Facebook’s Cambridge Analytic scandal came to a head, the European Union had been seriously planning a move towards data protection and privacy. On May 25, 2018, the EU’s General Data Protection Regulation (GDPR) went into effect.

The legislation supports greater privacy rights to users in the EU and established new rules for marketers and software providers to follow about collecting, tracking, or handling EU-based prospects and customers’ personal data.

But, what’s critical for all organizations to note is that companies do not need to be physically located in Europe for this to apply. GDPR pertains to anyone who processes or stores data of users in the EU.

Under GDPR, businesses need to give users the chance to consent to their details being used for marketing and other purposes, put them in charge of how those details are used, and allow them the option to withdraw if they so choose. And if your company is found non-compliant, you could incur fines of up to 4% of your annual global turnover.

It’s understandable, for some, that the task to persuade users to actively consent to have their data used for marketing purposes is much easier said than done, but really, this EU legislation isn’t a setback for skilled marketers.

Here’s a look at some opt-in form examples of companies obtaining their users’ consent under GDPR to help inform your opt-in efforts.


Sainsbury’s sign-up form is straightforward and clear. In spots where the form asks for extra personal details, such as their phone number and Nectar Card number, explanations are provided as to why the company needs them.



Sainsbury’s also clearly separates consent to its Terms & Conditions from permission to receiving marketing communications with white content blocks.

The contact permission section requires that users select either ‘yes please’ or ‘no thanks.’ This is clearly noticeable and what a consumer prefers when registering for an eCommerce account.



Future Content

Future Content’s colorful GDPR opt-in form opts the user into receiving a whitepaper on GDPR.

The form is straightforward and up-front about how users’ information will be used, with a clear link to Future Content’s privacy policy.

The fine print also fulfills two other key conditions of consent under GDPR. It informs users that they can unsubscribe from communications and provide details about any third parties who might access the data.



Tip: If you only need consent for one item, such as to receive whitepapers or newsletters, the opt-in form can be easy and straightforward. The easier your form is to fill in, the more subscribers you gain.



The Forbes opt-in form clarifies how often a subscriber will receive their newsletter and what their emails will be about. They also add a link to the Privacy Policy and inform their users about their ability to opt out.



Tip: Checkboxes are needed when you try to get consent for two separate things, such as a newsletter and advertising. If you don’t need to use checkboxes, it is much better to avoid them. You’ll get higher conversions with fewer checkboxes.


The Guardian

Early on, The Guardian started reaching out to its users to resubscribe to the communications they want to continue receiving through a website banner and emails.

Consent to marketing communications is separated from consent to the site’s general Terms and Conditions. Users are required to proactively opt-in to the types of product communications they want to receive, by email and/or SMS.

The form also links to a clear explanatory page, with an informational video and an FAQ, to educate users about the context for these changes.

The Guardian’s GDPR opt-in form scores high on what’s known as “granular consent,” which, as the ICO explains, requires obtaining separate consent for separate things, not “vague or blanket consent.”

However, the only problem is that the last two boxes require users to opt-out of receiving communications by phone and post. Per the ICO, consent under GDPR requires a positive opt-in from users, without using “pre-ticked boxes or any other method of default consent.”



The GDPR has undoubtedly given us many new requirements to consider when creating our marketing campaigns. To clear up the confusion around opt-in forms, MailerLite has created a “Handy dandy opt-in form checklist” to help you create and verify if your forms are GDPR compliant.



If you need additional help creating effective opt-in assets to comply with GDPR, send us a message. We love to help.



Leave a reply

Your email address will not be published. Required fields are marked *