Double Opt-in for EU GDPR Compliance



We are getting ready for the EU GDPR ( for 2018.  We are going through the compliance and need to do a Double Opt-In for “Right to Access” in the regulation.

Here is the current way we are gathering data:

We have an AEM Forms Page (each country has its own AEM Page) that is collecting the information (i.e. email address) and sends the information into ACS via the API integration. The data (i.e. email address) is then placed in an ACS Service along with showing in ACS Profiles (e.g. email address, and GEO/ORG based on the AEM page you enter info).

User Flow that I am trying to accomplish:

Germany User goes to AEM Page and signs up

ACS received Data and sends out an acknowledgement email for confirmation.

After acceptance of Email confirmation, the data is stored in ACS.  If User doesn’t accept in 48
hours the data is removed from ACS.

What is best method to accomplish the Double Opt-in?  Through ACS Message Center or JS or Workflow

Please let me know your thoughts on this?

Accepted Solutions (1)

Accepted Solutions (1)





I would start by asking How many customers are there?

If you have a low Peak volume(less than 10k daily customers) go with Workflow, Just like standard subscription service workflow.

If you have something 20k- 30K Daily customers work with JS API to send the email notifications.

If you have anything more than 30K Peak volume then Go with ACS Message Center as mentioned here Setting up a double opt-in process(Recommended process by Adobe)



Answers (5)

Answers (5)



Hi Majid,

Please refer to this post to have the latest updates about GDPR: Adobe & GDPR - General Data Protection Regulation

There will be some more information shared later this month or in early January. In the meantime, feel free to ask if you have specific questions. I will send them over to our team dealing with GDPR.




Hi Clarence,

In addition to that, more generally about GDPR, Adobe will be releasing more details for every product in the upcoming weeks. I'll make sure to share it when it's available.




Hi Clarence,

I think documentation was recently updated with a double opt-in example (the one linked in Amit's post). Maybe you can reuse at least part of it to make it work with the data received from the API.

Let me know what approach you chose and implemented and if you need further help with this.