How To Comply With GDPR On Your Squeeze Page

In my last post here, I covered how to comply with the European regulations about General Data Protection on your blog.

In this post I’m going to look at how to comply with GDPR on your squeeze page or landing page.

Unlike the blog situation, if all you have is a squeeze page or landing page on a website, which may not even be your own (for example a Leadpages or Autoresponder site), then how to comply with GDPR has other ramifications.

As I’ve said before, I’m not legally entitled to give you advice on this and all I can do is sum up what I’ve read from people who have taken legal advice.

Obtaining consent to send people emails

Let’s look, first of all, at the difficult way and easiest way to obtain someone’s consent to send them emails.

A lot of people are playing safe by including a checkbox on their landing page that asks people to accept their Privacy Policy (and includes a link to a GDPR compliant Privacy Policy) before clicking the Submit button. (When I say ‘Submit button’ I’m talking about any button that someone has to click to submit their email address, no matter what text you use on that button).

Obviously this introduces further complications viz:

  1. It’s another obstacle to get over before people sign up (thus potentially reducing your opt-in conversion rate)
  2. It’s a complication to link the Submit button to the check box (in other words, how to you make the Submit button non-operational UNTIL the checkbox is ticked)

Note: you cannot show a ticked checkbox already. It has to be unticked and the user has to be able to tick it to give consent.

GetResponse has decided to comply with GDPR by providing the ability for you to include this checkbox when you use one of their landing page templates.

Use a ClickWrap method

The simpler way is to use what is called the ‘clickwrap’ method where you make the consent statement part of the clicking the Submit button process.

This is called ‘implied agreement’ because, simply by clicking the submit button, the user agrees to receive information from you.

Note: you have to tell the user what type of information they will receive from you in order to comply with GDPR on your squeeze page

This is a summation of the legal argument from the people at PageFair:

If a purpose is sufficiently specific and clear, individuals will know what to expect: the way data are processed will be predictable.’ The objective is to prevent ‘unanticipated use of personal data by the controller or by third parties and in loss of data subject control [of these personal data]

Basically, what you ask people to sign up for has to be specific, transparent, and predictable. People have to know what they’re signing up for — and sign up anyway.

Someone might not expect, for example, if they sign up for a free PDF to start getting daily emails and promotions from you.

Now the legal eagles amongst you might say this is skating on thin ice, and I’d agree with them.

But, consider this…

…the main thrust of GDPR is:

a) to protect the individual’s rights to the use of their personal data

b) to enable them to withdraw those rights at any time

c) to enable them to delete personal data you may hold about them at any time

If all you’re doing, on a squeeze page or landing page, is collecting someone’s email address (and, perhaps, their name) then you make it simple for them to withdraw their consent and delete personal data by allowing them to unsubscribe at the bottom of every email message you send.

This is what Aweber, who are sticklers for email compliance, have to say about this:

Another rumor floating around is that you need to add checkboxes to your signup forms in order to be GDPR compliant. Some are even calling these “GDPR-friendly signup forms.”

This is false. Checkboxes are not required, and are completely optional.

Nowhere in the GDPR does it state that you need to add checkboxes to your signup forms.

What it does say, however, is that you need to clearly communicate how you will be processing subscribers’ personal data, whether using a descriptive sentence or two, or using a checkbox, if you so choose.

Remember: you’re not a big company collecting personal data which may or may not be passed on to marketing departments or third parties to use. You’re just collecting an email address to send out useful information.

So, as long as you tell the person who is signing up what they can expect from you, there is implied consent when they hit the submit button. So here’s what I’m putting on my opt-in pages and pop-up forms:

Yes, I want to receive Peter’s incredible free resources, offers and training messages

And if you want to make doubly sure you have their consent, here’s what to do…

Single or Double Opt-in

One way to ensure that you have people’s consent to receive marketing messages from you is to enable double opt-in for subscribers.

When they opt-in to your list the first email they will receive in the Inbox is a message requesting confirmation that they want to receive information from you.

Here’s a sample from Aweber:


This is the standard Aweber text. However, it doesn’t give more explicit information about what the new subscriber is about to receive.

Here’s a more informative confirmation as suggested by YourWriterPlatform:

You’ll see that Kimberley is much more explicit about what the subscriber is going to receive. You don’t have to do this but it may help if someone ever challenges the consent they have given for you to send them information in your messages.

If you want to play safe, double opt-in is the way to do it.

How about single opt-in?

For the moment I’m sticking with single opt-in.


Because I’ve found that, with double opt-in, a lot of gmail users (and there are a LOT of gmail addresses used for opt-ins) don’t receive the confirmation email because it lands under their Promotions tab and they may not see it.

So, I’m keeping to single opt-in and skating the legal thin ice by covering myself with the implied consent on the squeeze page coupled to the stats that I have about my subscribers.

Both Aweber and GetResponse are fully GDPR compliant in the way they handle subscribers data, meaning that you can easily see the date a subscriber signed up and the form they used. This enables you to confirm that a subscriber did, indeed, consent to receiving your emails should there be any disagreement.

In your email messages

I strongly suggest that you use similar wording to mine in a footer in all your email messages.

Here’s mine and feel free to copy it and reword it for your own needs:

Reminder: This is NOT unsolicited mail

You are getting messages from me because you requested information about one of my educational videos or training products. As always with non-spam newsletters, you are free to unsubscribe at any time and you and your personal data will be removed from this list. There is a link to use at the bottom of this e-mail.

That would be a shame as you will no longer get free updates, tips and news from me if you decide to leave. And, as a subscriber, you can always reply to this email (yes, I’m a real person) whenever you need help.

I also include links, above this, to my Facebook page, Skype address and Blog page – the latter is especially useful as it contains my Privacy Policy and I tell people that, like this:

Add me on Facebook:

Contact me on Skype: petercomeau

Website and Privacy Policy:

By adding these to the footer of all your emails in your autoresponder (and I suggest you set up a Template to automate this) you are covering yourself against Spam and GDPR complaints with every message you send.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.