How to Create GDPR-Compliant Popups: Tips for Privacy and Trust

Last updated on

by

GDPR-Compliant Popups: Tips for Privacy & Trust

Do the popups on your website follow the law? Ensuring your website complies with GDPR (General Data Protection Regulation) can feel overwhelming, especially when using popups to encourage email list signups. But don’t worry: making GDPR-compliant popups doesn’t have to be complicated. In this guide, I’ll show you how to create popups that follow GDPR rules while building trust with your visitors.

This post does not constitute legal advice. Contact your legal team to make sure your website is fully GDPR-compliant.

What Is GDPR and Why Does It Matter?

GDPR is a privacy law from the European Union (EU) that governs how businesses collect, use, and store personal data. If you have visitors from the EU, this law applies to you, even if your business isn’t based there.

Violating GDPR can lead to hefty fines and damage your brand’s reputation. Popups, often used for lead generation or cookie consent, are one of the main tools where GDPR compliance is essential.

What Makes a Popup GDPR-Compliant?

A GDPR-compliant popup follows 2 fundamental principles:

1. Respects User Consent

Consent is at the heart of GDPR compliance. Visitors must actively agree before their data is collected. This means:

  • No pre-checked boxes: Users must tick a box themselves or click an “Accept” button.
  • Active, clear action: Consent cannot be assumed. Visitors need to willingly engage with the popup.

For example, instead of auto-subscribing visitors to a newsletter, include a checkbox that says:
“I agree to receive marketing emails from [Your Brand].”

2. Provides Transparency

Be upfront about what you’re collecting and why. Explain in plain language how you’ll use the data, such as for marketing emails, improving the site experience, or tracking behavior with cookies.

Transparency also means:

  • Detailing data usage: For example, state, “We’ll use your email to send monthly updates and special offers.”
  • Linking to your privacy policy: Include a link to a page where visitors can read the full details of how their data is handled.

By respecting these 2 principles, you ensure visitors feel informed and in control, and you’ll build trust while staying compliant.

Actionable Steps to Create GDPR-Compliant Popups

Creating GDPR-compliant popups involves taking straightforward steps to respect user privacy and build trust. Let’s break it down:

1. Use Clear and Simple Language

Avoid confusing legal terms or complex wording in your popups. Instead, use conversational language that’s easy for anyone to understand.

Example:

  • Instead of: “We require your affirmative action to process your personal data,”
  • Use: “We’d like to use your email to send you occasional updates. Is that okay?”

This approach makes it clear what you’re asking for without overwhelming your audience.

2. Get Explicit Consent

Consent must be actively given. This means:

  • No pre-checked boxes: Users must manually tick a box or click a button to agree.
  • Action-based consent: Include clear statements like:
    “I agree to receive marketing emails from [Your Brand] and understand I can unsubscribe at any time.”

This ensures users fully understand what they’re agreeing to, making the process transparent and compliant.

3. Offer an Easy Way to Opt Out

GDPR emphasizes giving users control. Include a straightforward way to withdraw consent or adjust preferences at any time. Add links to:

  • Manage preferences: Let users choose what they agree to.
  • Unsubscribe easily: Make it simple to opt out of emails or other communications.

For example, every email sent as part of your marketing should include an “Unsubscribe” link.

4. Include a Link to Your Privacy Policy

aProvide a clear link in your popup to your privacy policy, so users can understand exactly how their data will be stored, used, or shared. Transparency is key to earning trust and maintaining compliance.

Example Popup Text:
“We value your privacy. Read our Privacy Policy to learn more.”

5. Avoid Cookie Walls

Cookie walls are popups that force users to accept cookies before accessing your site. They don’t offer a genuine choice, but rather insist that users allow cookies if they want to view your site. GDPR discourages this approach, as it violates the principle of freely given consent.

Instead, give users options to:

  • Accept all cookies.
  • Reject all cookies.
  • Customize cookie preferences (e.g., essential cookies only).

Providing these options ensures compliance while fostering trust with your visitors.

By following these steps, you’ll create popups that not only comply with GDPR but also demonstrate your commitment to user privacy.

How to Use OptinMonster for GDPR-Compliant Popups (With Examples)

OptinMonster offers several features to help you create email signup popups that comply with GDPR regulations. It’s just one of the many reasons why OptinMonster is the best popup tool available.

Here are just a few of the ways that OptinMonster can help you keep every popup GDPR compliant.

1. Geolocation Targeting

With OptinMonster’s Geolocation Targeting, you can display specific campaigns to visitors based on their physical location. This means you can show GDPR-compliant popups only to users in the EU, ensuring that your other visitors aren’t affected. This targeted approach helps you meet GDPR requirements without disrupting the experience for users outside the EU.

OptinMonster has specific settings for “is in the European Union” and “is not in the European Union.” Because of these options,tt only takes a few clicks to set your GDPR popups to only display in the EU:

In OptinMonster's Display setting, you can select "visitor's location" as a rule for GDPR popups. In the drop-down box, both "is in the European Union" and "is not in the European Untion" are options.

2. Easy-to-Add Checkboxes

OptinMonster’s intuitive drag-and-drop builder makes it easy to add consent checkboxes to your email signup forms. Here’s an example of a newsletter popup from OptinMonster. I added a checkbox to consent to receiving marketing emails:

A GDPR popup to sign up for a weekly newsletter. There's also a consent checkbox for "I agree to receive personalised marketing emails."

By including a checkbox that users must select to agree to your terms, you ensure explicit consent, a key GDPR requirement. This user-friendly interface allows you to customize your popups without any coding knowledge.

Later in this article, I’ll give you step-by-step instructions for adding a checkbox like this one to your OptinMonster campaign.

3. Double Opt-Ins

Integrating OptinMonster with your email marketing service enables double opt-ins, adding an extra layer of consent. After users sign up, they receive a confirmation email to verify their subscription. If you use a double opt-in, you should always use the Success View of your popup to instruct your visitor to check their email to confirm. The Success View is the popup view the visitor sees after submitting their email address.

Popup that says "Success! Please check your email to confirm your subscription."

Essentially, users have to opt in twice: once on your website and once through a link in their email. This process ensures that only users who genuinely want to receive your communications are added to your list, aligning with GDPR’s emphasis on explicit consent.

Are Double Opt-Ins Are Right For Your Business?

To help you decide, check out this guide: What Is a Double Opt-In? How to Choose Between Double Opt-In vs. Single Opt-In

4. Button Redirecting

You can easily configure buttons in your popups to link directly to your privacy policy, subscription preferences, or other important information. This transparency allows users to understand how their data will be used, fostering trust and compliance with GDPR’s requirements for clear communication.

An popup being edited in OptinMonster drag-and-drop builder. A button is selected, which opens up settings in the left menu. In that menu, there are fields for Button Text (which says "Manage Email Preferences"), Button Click Action (which is set to "Redirect to a url"), and "Redirect URL", where you can enter the webpage you want the button to go to.

By using these OptinMonster features, you can create engaging popups that respect user privacy and adhere to GDPR standards.

OptinMonster makes it ridiculously easy to add GDPR consent in your email optin forms.

In this tutorial, we’ll be looking at two approaches:

But, before we begin, you need an OptinMonster account.

Don’t have one yet?

Let’s get started.

Method 1: Add GDPR Consent Using a Checkbox

Creating a popup in OptinMonster is simple.

You can design and publish a GDPR consent email optin form like this in under 10 minutes:

GDPR consent popup OptinMonster

Let’s see how simple it is to create this popup with OptinMonster.

Step 1: Create Campaign

First, you’ll need to head over to your OptinMonster dashboard and create a campaign.

Click Create New Campaign in the top right corner of your dashboard.

Create new OptinMonster campaign button

Next, choose your campaign type.

Today, we’ll select Popup.

Choose OptinMonster Campaign Type

Now, we’ll find the right template for our campaign.

OptinMonster has 700+ templates you can choose from. All the templates work perfectly across desktop, mobile, and tablet.

You can filter templates by your campaign goal, like:

  • Grow email list
  • Redirect traffic to another page
  • Target abandoning site visitors

There’s a template for any kind of campaign:

  • Limited time discounts
  • Content upgrades
  • Donation drives

And more.

Using these filters helps you find the perfect template for the campaign you’re creating.

OptinMonster Campaign Templates overview

Today, we’ll go with the Split template because it has the elements we need to create an eye-catching popup to display our lead magnet.

A lead magnet is an incentive you can offer to site visitors in exchange for their email addresses.

Split Template Preview

On the next screen, you’ll name your campaign and assign it to your site.

Click Start Building to customize your popup.

Name campaign

Now, we’re ready to design our popup.

Step 2: Design GDPR Consent Email Optin Form

OptinMonster comes with a drag and drop builder which allows you to easily create beautiful popups.

All you need to do is click on the element you want to change and the editing tools will appear on the left-hand side.

Let’s see how that works.

To change the default image, click on the image.

Split Image Edit

Now, you’ll see the image library. From there, you’ll choose your image.

OptinMonster Image Library upload

Next, we’ll customize to our popup to remove the yellow background.

So, head over to the left panel in the editor and click Optin Settings.

Click Optin Settings

Next, select Optin View Styles.

Click optin view styles_

From here, you can edit the background color of your optin form. Now, we’ll need to edit our text.

Go ahead and click on the text block to pull up the editing tools on the left.

From here, you can change everything about the text:

  • Font
  • Size
  • Alignment
Split Text Edits

What if you’d like to add a block to your popup?

When you head over to Add Blocks at the top of your editor, you’ll be able to choose from these elements:

  • HTML
  • Countdown timer
  • Image
  • Video
  • Additional optin fields
Add blocks

Let’s choose a text block. That’s as simple as dragging it onto your popup.

Drag and drop text Split template

At this stage, you might want to tweak the spacing of the blocks.

All you need to do is click on an element. From the left, click Block and scroll down to padding.

Split template padding

We will also change the color of the button to match our brand.

Again, you’ll click on the button and edit it on the left.

Split template button edit GDPR popup

We’ll stop there today.

But, there are several more editing options. For more details, check out our guide on creating your first OptinMonster campaign.

So, how do you add GDPR consent?

We’ll do this by simply adding a privacy field.

Click the optin field on your form. That’s the box where your subscribers add their email addresses.

Add GDPR box Split Template

Then, the Editing Fields Element panel will appear on the left.

Go ahead and click on the + sign next to Privacy.

Editing fields element_

Now, the default privacy statement will be added to your form.

GDPR consent statement popup

Click on the Privacy button to edit your statement and enable Privacy Checkbox. Once you enable the Privacy Checkbox, visitors will need to click on it before they can complete your form.

privacy checkbox

You can use OptinMonster’s privacy checkbox for general terms and services or for explicit consent.

To meet GDPR requirements, our checkbox:

  • Provides an explanation of what we’ll do with the email addresses
  • Includes a link to our privacy policy

That’s it. Now you’re ready to collect GDPR consent in your email optin form:

GDPR consent popup OptinMonster

Once you’re satisfied with the design and text of your popup, the next step is to display your campaign.

Step 3: Display Your GDPR Compliant Popup

OptinMonster gives you plenty of ways to display your campaigns.

Targeted campaigns deliver better results because you’re showing your popups to visitors right when they’re most engaged.

With OptinMonster, you get more conversions with triggers like:

  • Campaign scheduling: run time-sensitive campaigns for specific dates
  • Scroll trigger: only show after a visitors has scrolled a certain percentage of the page

Today, we’re going to focus on one of the most powerful campaign triggers, Exit Intent ®.

Exit intent popups appear right as your visitors are about to leave your site for good. Using exit intent, you can convert an additional 2 – 4% of visitors into subscribers.

Bonjour Lisbonne doubled their email subscribers with exit intent!

To enable Exit Intent, go the top of the editor and click Display Rules.

Display rules

Find and select Exit Intent.

OptinMonster Exit Intent Display Rule

Head over to the top of the editor and click Save.

Now, your popup will be displayed as your visitors scroll towards the browser bar if they’re on desktop. On mobile, exit intent is triggered by scrolling up or hitting the back button.

Step 5: Publish Your GDPR Consent Optin Form

Once you’re happy with your campaign, you can publish your popup.

Head over to Publish.

OptinMonster publish ribbon

On the next screen, switch your campaign’s status to Live.

OptinMonster Publish Screen

You’re set to start capturing GDPR consent on your email optin forms.

Method 2: GDPR Consent With Geo-Location Targeting

The second method will be using geo-location targeting, so we’ll only show our GDPR consent email optin to site visitors from the EU.

To create your popup simply follow Step 1. Move to Step 2 to design your email optin form.

Again, customizing your popup to reflect your brand.

Then, head over to Display Rules.

Display rules

Select Physical Location.

OptinMonster geo location targeting visitor

Choose is in an EU country.

GDPR consent EU operator

Now, your optin form will only be shown to site visitors in the EU. Make sure you save the form before you leave.

FAQ: Common Questions About GDPR Popups

1. Do I need GDPR-compliant popups if I’m outside the EU?
Yes, if your website receives traffic from the EU.

2. Can I use pre-checked boxes for consent?
No, consent must be freely given and explicit.

3. Do GDPR rules apply to cookies?
Yes. If your website uses cookies to track users, you must inform visitors and get their consent

Keep Every Popup GDPR-Compliant

By creating GDPR-compliant popups, you’re not only following the law but also building trust with your audience. Tools like OptinMonster make it easy to implement these changes without any coding. Start making your email signup popups privacy-friendly today!

Learn More About Website Popups:


Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.



Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Popular Posts

Connect with us:

Start Getting More
Leads & Sales Today
with OptinMonster!

Popups work, and you can get started for a few bucks a month. What are you waiting for?

Create and launch smart capture forms
today in minutes. What are you waiting for?

In only 7 months, we added more than 95,654 names to our email list using OptinMonster’s Exit Intent™ technology. We strongly recommend it!

Michael Stelzner - Best Lead Generation Tool

Michael Stelzner

Founder Social Media Examiner

I hate popups, so I was hesitant to try one on my site. But the results from OptinMonster exit-intent popup speak for themselves. I doubled my subscription rate immediately without annoying my users. I haven’t had a single complaint. My only regret is that I didn’t start using OptinMonster sooner. I can only imagine how many subscribers I could have added to my email list! If you have a blog, then I highly recommend you start using OptinMonster. I’ve researched them all, and it’s the best in market.

Michael Hyatt - WordPress Lead Generation

Michael Hyatt

New York Times Bestselling Author Platform: Get Noticed in a Noisy World

Exit-intent popups have doubled my email opt-in rate. When done right, you can see an instant 12% lift on driving sales. I highly recommend that you use OptinMonster for growing your email list and sales.

Neil Patel - WordPress Popup Plugin

Neil Patel

Founder QuickSprout