What Does GDPR Mean for Popups? Get Consent with a GDPR Popup

What Does GDPR Mean for Popups? Get Consent with a GDPR Popup

Recent studies showed that only 20% of businesses believe they are GDPR compliant. Not too impressive, right? 

Only 20% of businesses believe they are GDPR compliant

Since 2018, most marketers have likely come across the EU’s GDPR (General Data Protection Regulation) rules, given their significant impact on how businesses manage user data.

This has notably influenced targeted advertising and the way websites store cookies—and manage cookies, for that matter—reshaping the landscape of digital marketing and online data practices.

One critical aspect of GDPR is the requirement to obtain freely given specific informed consent from users, particularly when it comes to data collection and processing.

In this article, we’ll take a deep dive into how you can effectively inform users regarding data collection.

Let’s get started!

What is GDPR (General Data Protection Regulation)?

GDPR, introduced in 2018, is a set of rules to make sure people’s data and privacy are better protected within the European Union. 

It doesn’t just apply to EU businesses in the European Economic Area, but to any business handling personal data of EU citizens.

GDPR has clear wording about privacy laws and it empowers your contacts to make informed decisions on what sort of information they want to receive from your business. 

While you might think people want to be contacted, you need their consent.

How does GDPR impact popups?

You’ll need to include a checkbox under some of your forms that users can tick if they want to opt-in to newsletters or further correspondence. 

The only exception is when the primary purpose of your form is to subscribe to a newsletter. In this case, you don’t need a checkbox.

But if you promote an ebook, for example, it’s not enough to include a link to your Privacy & Policy page and then subscribe users to your newsletter automatically. 

A pre-ticked box is also no longer acceptable. Subscriptions need to be confirmed by clear affirmative action, like ticking the checkbox.

If your headline is “Enter your email to get our ebook,” you are only permitted to contact the user for the purpose of delivering the ebook.

If you wish to include them in your newsletter list, you’ll need to use more explicit wording, such as “Enter your email to subscribe to our newsletter. As a welcome gift, you’ll receive our exclusive ebook.” 

This wording not only clarifies the intention of subscribing but also avoids implying that the subscription is mandatory to receive the gift.

How to incorporate GDPR compliance into popups?

Now let’s take a look at three important aspects of implementing GDPR rules in your popups.

  1. Checkbox inclusion: Make sure to include a checkbox in your forms where users can indicate if they agree to receive newsletters or other communications. Don’t have the checkbox already ticked for them—users should actively choose to give consent by ticking the box themselves.
  2. Clear consent language: When asking for consent, use simple and easy-to-understand language. Explain clearly what users are agreeing to when they tick the box. Tell them what kind of messages they’ll receive and how their information will be used, avoiding any confusing technical terms.
  3. Affirmative action: Users should take clear action to agree to something, like ticking a box to subscribe. Avoid making consent a condition for using your services unless it’s really necessary. People should be able to freely decide whether or not they want to share their information.

How to update your OptiMonk popups to comply with the GDPR?

Take advantage of OptiMonk’s easy-to-use drag & drop editor to smoothly insert a checkbox into your pop-up.

To begin, just go to the editor and drag the “checkbox” element onto your pop-up. This simple tool makes it easy for you to add and customize checkboxes according to your preferences.

Customizing pop-ups in OptiMonk's drag and drop editor

It will look like this by default:

Customizing pop-ups in OptiMonk's drag and drop editor

Then, you can edit your checkbox on the right side.

Customizing pop-ups in OptiMonk's drag and drop editor

With this feature, you can use OptiMonk’s pop-ups without worry or hesitation. They’ll be fully aligned with GDPR, ensuring a stress-free experience.

Compliant or not compliant?

Many websites still struggle with whether their popups are GDPR compliant or not. 

To help you out, let’s take a look at a few pop-up examples and see if they’re compliant with the GDPR or not.

1. Framebridge popup

Collecting data with an email pop-up

Framebridge’s popup serves as an excellent example of GDPR compliance. The popup on Framebridge’s website informs visitors that by checking the box, they will receive text messages and emails from the company.

2. Indigo popup

Indigo website popup example

Here’s another great example from Indigo. Their popup, much like the one above, adheres to GDPR regulations. 

Since this is clearly a subscription popup, there is no checkbox included in this example. Indigo uses terms like “subscribe” and “join our email list,” but also goes the extra mile by including a direct link to the privacy policy. 

This transparent approach ensures users are well informed about the data handling practices before opting in. 

3. BLK & Bold popup

BLK & Bold website popup example

Now, let’s take a look at our final example, courtesy of the BLK & Bold website. This popup does not adhere to GDPR standards. 

The reasons are clear: it lacks a consent checkbox, it only uses implied consent, there’s no link to the privacy policy, and it fails to explicitly state “subscribe to our newsletter.”

GDPR challenges with ecommerce popups

Navigating the delicate balance between ensuring GDPR compliance and maintaining a seamless user experience can be a complex task for ecommerce businesses.

Let’s see some of the challenges ecommerce stores might be facing.

1. Personalization dilemma

Ecommerce businesses thrive on delivering personalized content and recommendations. 

However, GDPR restrictions demand explicit consent for data processing. 

Provide users with granular options to consent to specific types of data processing. This allows for a more tailored approach, giving users control over the information they are comfortable sharing.

2. Transaction transparency

Ecommerce transactions involve sensitive data, and GDPR emphasizes transparency in data processing. 

Implement interactive elements in popups to educate users about data processing in an engaging manner. Use visuals, tooltips, or short animations to explain the purpose of data collection and how it enhances their overall shopping experience.

3. Cookie management

Cookies play a crucial role in ecommerce analytics and user tracking. Integrate user-friendly consent management tools that allow individuals to review and modify their preferences easily. 

This ensures a transparent and user-centric approach to data handling.

Do's and don'ts in GDPR-compliant pop-up design

Now, let’s get into the details of making popups that follow the rules of GDPR while making sure they work well for your audience.

Do: Say it straight

Make sure your popup messages are clear and easy to understand.

Tell people exactly why you’re collecting their data, as one key aspect of the GDPR is obtaining informed consent from users before collecting or processing their personal data.

Do: Ask first

Use checkboxes so that people actively decide to share their info. Let them choose what kind of messages they want to get.

Do: Show the rulebook

Put a link to your Privacy Policy right there on your pop-up. 

This not only demonstrates transparency but also provides users with easy access to comprehensive details about how you collect, handle, and manage their data. 

Keeping users informed builds trust and encourages responsible data practices.

Do: Make it easy on the eyes

Design your popups to be attractive and to fit your site’s aesthetic. 

A growing number of visitors access websites through their mobile devices, so make sure your popups can be read easily on smaller screens. 

Visitors should find it simple and hassle-free to navigate through and give their consent.

Don’t: Use sneaky checks

Avoid the use of pre-checked boxes at all costs. 

According to GDPR regulations, individuals must actively agree to the terms, and having boxes pre-checked by default doesn’t meet the criteria for obtaining explicit consent. 

Keep the decision-making process clear and in the hands of the user.

Don’t: Force users to sign up

Don’t make it seem like signing up is a must for accessing content. Users should be free to set their preferences and decide whether they want to subscribe or opt out. 

Avoid any language or design elements that might pressure users into providing their information unwillingly.

Don’t: Hide key info

Don’t bury important details in long paragraphs. Ensure that key information, especially regarding data handling practices, is prominently displayed and easily accessible. 

Transparency is key, and hiding important details can lead to confusion and mistrust among users.

Don’t: Go crazy with your pop-ups

Don’t bombard users with too many popups or annoying popups. This can make people frustrated and dissatisfied, violating GDPR rules. 

Use popups thoughtfully and only when needed to improve the user experience, not make it worse.


What information should be included in a GDPR popup?

A GDPR popup should include clear and concise information about data processing, the types of data being collected, how data will be used, and an option for users to provide explicit consent.

Can pre-checked checkboxes be used for GDPR consent?

No, pre-checked checkboxes are not allowed under GDPR. Users must actively choose to opt in, and pre-checked options do not meet the requirements for obtaining explicit consent.

Can GDPR popups be used for non-EU users?

While GDPR applies to EU residents, many websites choose to implement similar consent mechanisms for all users worldwide to maintain a consistent and transparent approach to data privacy.

Do I need a GDPR notice on my website?

If your website collects, processes, or stores personal data of individuals within the European Union (EU), then it is likely that you need to comply with GDPR regulations. The GDPR requires transparency, and clear and understandable language about how you collect, use, and handle personal data. A GDPR notice, a footer banner often included in a privacy policy, informs users about these practices.

Wrapping up

GDPR is a big change, aimed at boosting data protection and privacy in the European Union. 

OptiMonk is a great choice for GDPR-compliant popups, making it easy to engage with your audience while respecting privacy rules. 

It’s a user-friendly tool that aligns your marketing efforts with legal standards, ensuring transparency and building trust with your users. Ready to get compliant? Create your free account today!