Add GDPR checkbox to your opt-in form

Nina De la Cruz Nina De la Cruz 5 min read

If you want to make your website GDPR-compliant, one of the crucial steps is to add an explicit consent checkbox to all of your email opt-in forms.

Consider the example below. The checkbox above the button is mandatory, which means your website visitors will only be able to submit their details after confirming they agree to your processing of their data.


In this tutorial, we’ll show you how to create a GDPR-friendly opt-in form using the Getsitecontrol form builder. The entire process takes less than an hour and requires zero technical knowledge.

If you’re familiar with the theory of GDPR, you already know that it focuses on personal data: the way it’s collected, stored, and processed. Any data that allows for identifying a person directly or indirectly is considered personal, including IP addresses, names, or emails.

This rule applies to each case when your visitors submit their details through your website — whether it’s an email subscription form, a contact form, or an online survey.

Naturally, the materials below are for informational purposes only, and we won’t be able to provide any legal advice.

☝️ One more thing before we start. Adding a consent checkbox to your opt-in form doesn’t make your website fully GDPR-compliant. It’s just a step towards compliance under the new law, and there are other requirements you’ll need to meet.

How to add a GDPR checkbox to your opt-in form in Getsitecontrol

Some email opt-in forms in the Getsitecontrol gallery already have consent checkboxes. If you select one of them, all you need to do is adjust the text of the consent. However, if you select a template without a checkbox or decide to create an opt-in form from scratch, below, we’ll show you how to do it.

Step 1. Select an email opt-in form template

The first thing you want to do is browse the gallery of email opt-in form templates.

Email opt-in form templates powered by Getsitecontrol

Click on the templates to see them in action, and once you find the one to your taste, follow the prompts to add it to your Getsitecontrol dashboard.

Once in the dashboard, you can change the text and appearance of the form. To add a GDPR checkbox, hit + Add field and select ‘Consent checkbox’. Then type the consent message you’d like to display on the form.

How to add a GDPR checkbox to your email opt-in form in Getsitecontrol

By default, the checkbox is mandatory. This means your website visitors won’t be able to submit the form without providing explicit consent to be a part of your email list.

Step 3. Connect the opt-in form to your email marketing software

If you’re done working on the appearance of the opt-in form, it’s time to integrate it with your email marketing software, so that new email addresses go directly to your list. To do that, open the Integrations tab and hit + Add application. Then select your EMS from the dropdown list.

How to integrate your email opt-in form with an email marketing platform of your choice

If you choose to connect the EMS later, emails will be piling up in your Getsitecontrol account, under the Statistics section of the main dashboard. You’ll be able to view or download them at any time.

Step 4. Activate the form on your website

At this point, your GDPR-friendly opt-in form is ready to go live. Keep in mind that by default, it will be added to every page on your website. If you want to display the form on selected pages, go to the Targeting tab and paste the URLs of these pages in the Include field.

How to specify on which pages the opt-in form should display

💡 Using the targeting settings, you can also adjust the moment when the opt-in form will pop up on the page, and who will see it.

Once finished, hit Save & close in the top right corner of the screen, and make sure you’ve installed Getsitecontrol on your website.

Now that you know how easy it is to create a GDPR-friendly opt-in form, let’s go over its key components:

  • Enticing copy
  • Clear call-to-action
  • Email capture field
  • Mandatory consent checkbox

The question you might still have in mind is whether there is a strict requirement about what to include in the consent message.

Just like with cookie consent banners, it’s essential to specify how exactly user data (email address, in this case) is going to be used and to require explicit consent from a user to such use.

In other words, if you’re adding someone to your weekly newsletter – be upfront about that.

There is no golden rule for the GDPR consent, and if you sift through websites, you’ll see dozens of copy variations. Below, we’ve collected a couple of examples.

Sign up in exchange for an eBook

If you’re offering a lead magnet in exchange for an email and planning to blast new subscribers with your newsletter, it’s crucial to specify that.

As a rule of thumb, you want to explain what else people should expect to receive in their inbox after filling out the form.

Sign up in exchange for a discount

Offering a discount is the most common and the most efficient way to get more email subscribers as an ecommerce business. However, this tactic also requires disclosure, and you should collect explicit consent from those who will be receiving your promos.

Remember to follow the principles of permission-based email marketing even after adding a new email subscriber to your list. On a very basic level, this means they should always have an easy, obvious way to unsubscribe or decide which type of emails they want to receive from you.

What if I require a double opt-in from new subscribers?

Double opt-ins are great at preventing your emails from ending up in the Spam folder. If you require a double opt-in, you may get away without a mandatory checkbox and ask new subscribers to confirm their desire to hear from you by clicking on the link in your first email.

In this case, you may still want to spell out the fact of the subscription on the form — for example, below the button. Notice that you can also link to your Privacy Policy and Terms of Service 👇

However, keep in mind that this approach is a grey area when it comes to explicit consent, and it’s your responsibility to make it clear what people are signing up for.

Complying with GDPR is beneficial on many levels

When you start collecting emails following the GDPR requirements, not only do you comply with the law, but you also build a more efficient email list.

Think about it. If every person subscribing to your newsletter explicitly confirms their desire to hear from you, you can expect high open rates and click-through rates. It’s a win-win situation for both sides, so there’s no reason not to practice it.

Nina De la Cruz is a content strategist at Getsitecontrol. She is passionate about helping small and medium ecommerce brands achieve sustainable growth through email marketing.

You’re reading Getsitecontrol usecase collection where we talk about the best practices for using website popups. This usecase is a part of Build email list section.

Get the print version

Download a PDF version of our use case for easier offline reading and sharing with coworkers.

Download PDF