Skip to main content
GDPR and the UK GDPR require a lawful basis before you process personal data for marketing email. For most newsletters, that basis is consent—clear, specific, and freely given. This page describes best practices for signup flows. It is not legal advice; consult counsel for your jurisdiction and use case.

Principles for newsletter signups

Specific

Say what people are signing up for—for example product updates and newsletters—not vague “communications.”

Affirmative

Use an unchecked box or explicit action. Do not rely on pre-checked marketing consent for EU/UK subscribers.

Informed

Link to your privacy policy where appropriate. Explain who sends the email and how to unsubscribe.

Documented

Record when and how consent was collected (form name, timestamp, source) in your systems of record.

Good signup patterns

Standalone checkbox: “Email me product news and newsletters” (unchecked by default)
Newsletter form with clear purpose and privacy link
Checkout marketing opt-in separated from terms of service acceptance
Double opt-in for high-risk or imported funnels (confirm via email before first marketing send)
Preference center so subscribers can change topics or unsubscribe anytime

Patterns to avoid

Pre-checked “send me marketing” on EU/UK forms
Bundling newsletter consent into account creation with no separate choice
Adding event attendees to marketing lists without explicit newsletter consent
Importing CRM or sales contacts who never opted in to marketing email
Assuming legitimate interest covers all promotional email without a documented assessment
For list imports, see What you can send with Migma and CSV Upload.

After signup

1

Send only what they agreed to

If they subscribed to a product newsletter, do not add unrelated promotional streams without new consent.
2

Make withdrawal easy

Every marketing email should link to unsubscribe or Preference center options.
3

Honor data subject requests

Support access, correction, and deletion requests per your privacy policy. See Security & Compliance for Migma data rights features.

How Migma helps

Preference center for branded unsubscribe and topic management
Contact status and suppression so unsubscribed users are skipped on campaigns
Preflight compliance checks for sender identification and unsubscribe presence
Security & Compliance documentation for GDPR principles, retention, and DPAs
Configure double opt-in and consent tracking according to your legal requirements in your signup tools and CRM; Migma is where you design, review, and send email to contacts you already have permission to reach.

CAN-SPAM checklist

U.S. commercial email requirements.

Preference center

Subscriber-facing preference and unsubscribe experience.

Privacy policy

Migma privacy policy (legal).