What is Opt-in and Opt-out in GDPR?

By Haritha

Published on 3rd Sep 2019

In the era of GDPR, running a website has to be done in a very cautious manner especially when you are dealing with your users’ (from the EU) personal data. Under the GDPR; the collection, storage, and processing of data should be carried out only after securing explicit consent from users whose data is in the question. This demands a need for simple and effective mechanisms on your website, that provide easy means for users to allow consent, to refuse consent and for even revoking their consent at any point of time.

Opt-in and Opt-out are two such mechanisms that have become a popular way to handle the consent requirements of the GDPR. Employing checkboxes, toggle buttons, etc., are examples of how you can present opt-in and opt-out system on your website/WooCommerce store.  

What are Opt-in and Opt-out?

What is meant by opt-in and opt-out? when do you need to employ it on your website? These must be doubts you may have over it. Let’s take a deep dive into it to get a clear picture of it.

Opt-in is the process that describes the positive action using which a user takes an affirmative action to offer their consent. Unticked checkboxes are the most common way in which opt-in mechanisms are implemented. Once a user ticks the box, it is taken as their consent for whatever consent request you made.

This method can be used during several situations to seek consent from your users. Examples include; getting consent to use cookies, to get an agreement for your legal and privacy policies and to get your users to subscribe to your website’s email lists, etc.

On the other hand, opt-out is the process using which a user withdraws or refuses consent for certain actions to be carried out. This method provides the user with a fairly large amount of control over their data and other privacy settings. The opt-out method is practiced in two different ways on the websites. 

Employing pre-checked boxes for users to uncheck and by allowing them to withdraw a previously approved consent are two types of opt-out mechanism in use today. 

Under the GDPR guidelines, processing of personal data can only be carried out after procuring consent from related individuals. But, under certain circumstances, you are not required to seek consent from your users. Those situations include, 

  • A contract with the individual
  • Compliance with a legal obligation
  • Vital interests
  • A public task
  • Legitimate interests

Obtaining consent is a must only when you process the sensitive data of your users. GDPR has listed sensitive or scheduled data as given below.

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data
  • biometric data
  • health data
  • sex life or sexual orientation

To process any one of the above data you are required to get explicit consent from your users via opt-in or other methods you find the best.

Make Your Website GDPR Compliant With CookieYes

CookieYes is a new and easy solution to make your website comply with the GDPR Cookie Law from Cookie Law Info. Join the 1 Million+ website using our solutions now!


Haritha is a technical content writer for WPFloor. She's passionate about writing and WordPress. Her articles help website owners find different solutions and beginners to learn.