Filter By

Show All

Connect to


DMA Email Council: How to Use Registration Forms to Get Marketing Opt-In


This article is written by Steve Henderson who is the Deputy Chair of the Email Council and Chair of the Legal and Deliverability Hub.

Online events, resources and services are often created with the objective of lead generation and customer acquisition. Events and resources can be costly to produce and companies need a return on this investment.

This guide looks at how to obtain marketing permission as part of these registration processes, explaining what you must and must not do, with examples demonstrating good and bad practice. Examples are taken from GDPR whitepapers and online events, as these should in theory provide only best practice.

Five specific marketing and communication scenarios

  • Online events (conferences, webinars, seminars, training, live streams) have a range of potential communication requirements and marketing options:
  • Necessary event communications (event confirmations, session times, event content)
  • Event marketing (upgrades, add-ons, supporting services and products, questionnaires)
  • Follow-up marketing from you, the event provider (mailing list sign-up, call from sales team)
  • Follow-up marketing from event partners, sponsors and presenters (sign-up to mailing list, sales and technical discovery calls)

Online resources and services (whitepapers, WIFI, eReceipts, parking reminders) are more simple, typically requiring a confirmation email, with the option of opting-in to follow-up marketing and communications from the service provider.

It is important to keep these clear and distinct because the marketing and communication rules are different for each of these scenarios.

Electronic/Email Marketing Permission (consent and customer opt-out / “soft opt-in”)

For Electronic/Email Marketing in the UK and Europe needs one of two types of permission:

  • Consent
  • Marketing to customers on an opt-out basis

Marketing consent is simple to explain and understand:

  • a clear process, setting the correct expectations for the intended marketing
  • separate from other terms and conditions
  • requires the person to perform an action to indicate and confirm consent – typically achieved with an unticked box, a radio button, or other form of toggle switch
  • Unsubscribe link in each marketing message

Customer marketing also sometimes called “soft opt-in” is less clear. Here’s what PECR explains that you may send email marketing to customers where:

  • you have obtained the contact details during the sale
  • and the direct marketing is only for similar products and services
  • and the recipient has been given a simple means of refusing direct marketing at the time that the details were initially collected
  • and the recipient is provided a simple means of refusing at the time of each subsequent communication”

The reason for this difference is explained further by the ICO:

“The idea is that if an individual bought something from you recently, gave you their details, and did not opt out of marketing messages, they are probably happy to receive marketing from you about similar products or services even if they haven’t specifically consented. However, you must have given them a clear chance to opt out – both when you first collected their details, and in every message you send”

Customer marketing is still permission-based marketing because the customer is still presented with clear information and still has a choice, but it is a lower standard than that of marketing consent which takes into account the expectations and assumptions being set by the active customer relationship.

Customer marketing does not require an action to indicate consent, so this process typically uses a pre-ticket checkbox which allows the customer to opt-out at the point when the email address is collected.

Key points for customer marketing:

  • a clear process, setting the correct expectations for the intended marketing
  • an active customer relationship – providing a customer a service or product
  • marketing consent relating to that service or product
  • Allow the customer to refuse or opt-out of marketing during the sale, registration or data collection process perform – typically achieved with pre-ticked box, or other form of pre-selected toggle switch.
  • Unsubscribe link in each marketing message

Service Messages and Event Communications

Digital events, products and services rely on timely communications to confirm details and keep customers updated. These communications do not require permission, but it’s important to set these expectations when collecting the email address to avoid misunderstanding and complaints.

Because of the broad definition of marketing there are ambiguous scenarios with some service messages. When planning service messages, you should pay close attention to phrasing, tone and context. The latest guidance from the ICO on service messages can be found here, and explains: “If a message is actively promoting or encouraging an individual to make use of a particular service, special offer, or upgrade for example, then it is likely to be direct marketing”

Sign-up forms - Bundled terms

“Bundling” is when multiple options or terms are put together into a single agreement. For example:

  • “by signing up you agree to receive marketing”, or
  • “click here to register and to sign up to marketing”

These give the person signing up no choice. While you can incentivise an opt-in, you can’t completely withhold a service from those who wish to decline marketing.

The ICO clearly explains how this applies to consent here, but it’s less clear how the rules apply to soft-opt-in or customer marketing. Here’s how the rules apply:

  • PECR: a requirement of customer marketing is that “the recipient has been given a simple means of refusing direct marketing at the time that the details were initially collected”
  • GDPR: Articles 12 and 13 require that when collecting personal data you explain your intended use of data transparently. And Article 21 states: “Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing”

So, even for customer marketing, when looking at either PECR or GDPR, you must provide a means of declining marketing and you cannot bundling a marketing agreement with your event or service agreement.

A review of examples, showing these rules in practice

Here are some examples showing some of these points in practice.

Example 1Whitepapers from GDPR:Report

This example demonstrates the separation of:

  1. T&Cs and related privacy policies for both the whitepaper publisher and author
  2. marketing opt-in to the whitepaper publisher
  3. marketing opt-in to the whitepaper author

Example 2Online event signup from Data Protection World Forum and GDPR:Report

This example explains the data transfer to the webinar sponsors and that the communication will be limited to information limited to the webinar session content.

In addition, It allows the registrant to opt-in to the webinar hosts and each of the individual companies delivering the webinar content and other event sponsors

Example 3an on demand video example from the Data Protection World Forum

And the T&Cs

This example is less clear. The registration bundles event registration with a marketing opt-in. The terms are easy to find, easy to read and provide a simple way to decline marketing.

The sign-up form links to an easy to read T&Cs page.

Looking at the rules explained in the Bundled Terms section above, it’s arguable that they are providing a means of refusal at the point of sign-up, but it could also be argued that this is lacking transparency. This approach is risky and is not advised, not just as a legal risk, but the risk to your reputation and customer trust. This is explained more in the following section.

A note regarding the “hiding” of information in privacy policies and other “grey” tactics

Transparency is important. Not only is it a requirement of the GDPR, but deceptive processes or wording designed to dodge requirements or trick people are never good.

Digital marketing and data compliance doesn’t stop at legal standards. Digital events, services and resources are often created for lead generation and customer acquisition. Registration processes are your first touchpoint with new customers, setting the expectation for the lifetime of the customer relationship. Make this process a positive one.

Instead of preaching about this, I’ll let share an example which shows that people don’t read T&Cs (which means you can’t rely on the T&Cs to set expectations):

In 2017 inserted a clause in the T&Cs for people signing up for their free WiFi, where those people agreed to carry out 1000 hours of community service, including:

  • cleaning local parks of animal waste
  • Providing hugs to stray cats and dogs
  • Manually relieving sewer blockages
  • Cleaning portable lavatories at local festivals and events
  • Painting snail shells to brighten up their existence
  • Scraping chewing gum off the streets

A reported 22,000 people signed up to these terms, with only one person calling them out.

This was done to highlight the unfairness of hiding terms for online services.

So, unless your “hidden” terms are to “paint snail shells to brighten up their existence”, please don’t hide anything. Instead, be open, transparent and give those people signing-up a chance to say yes or no.

Read the blog, here.

Summary – a checklist to keep registration processes positive and gain marketing permission

  1. Keep T&Cs and data use for the event or service separate (unbundled) from marketing agreements
  2. Explain your planned service messages required for the event or service
  3. Explain data sharing with partners and presenters, explaining their data use and giving links to their privacy policies and terms
  4. Give separate marketing opt-ins for each option (event, your company, partners)
  5. Keep information simple, transparent, honest, and clear
Hear more from the DMA

Please login to comment.


Related Articles

The DMA Email Council responds to the BBC article on Spy Pixels in Email.

News from the DMA Email Council_Email Council.png

Komal Helyer, Chair Email Council & Guy Hanson, Vice Chair Email Council, will join other email council members to speak at one of the world’s largest virtual email marketing events - Inbox Expo 21. And excitedly, DMA Members are offered a free ticket to access the event and talks!

2021-inboxexpo-logo-final (002).png

DMA Contact Centre Council meet every month to actively seek to identify, reinforce, share, and shape best practice. Find their regulation update here.