GDPR-compliant ways to approach clients and prospects (FREE templates included)

GDPR compliant banner
Back to main blog
Veronika Belova
by Veronika Belova

2 Min. Read

In the 3rd article of our GDPR playbook, we provide you with GDPR compliant templates for approaching clients and prospects.

Welcome to the final post in our GDPR Playbook.

Now that we’ve explained a little bit about GDPR and why it’s important that you comply, as well as providing essential tips for prospecting without violating GDPR policies, we’re here to offer you advice on how to approach clients using opt-in/opt-out, including access to helpful templates you can utilize to do so.

Offering prospective clients opt-in/opt-out options is the key in order to comply with GDPR. Use our handy guide with templates for help.

What does opt-in/opt-out mean anyway?

Literally speaking, the word ‘opt’ means to ‘make a choice.’ So when you opt-in, it means yes, and when you opt-out, it means no.

If a potential client or prospect opts in, it means that this recipient is actively choosing to subscribe or accept your message communications. They are open to receiving whatever you are offering, and providing consent for you to use their data to send them communication.

In contrast, if a potential client or prospect opts out, this recipient is actively choosing to decline your communication with them. They no longer want to receive messages from you. Complying with GDPR policies means that if a prospect or client opts out, you must cease sending them communications.

How does location play a part in opt-in/opt-out selections?

All countries located in the EU must follow GDPR rules and regulations. That being said, each EU member state can decide whether to adhere to the policies in the strictest sense, or instead take a more lenient approach.

This is why opt-in/opt-out policies are not as cut and dry as they may seem. In fact, depending on the location of the potential client, they have to opt-in once, twice, or simply opt-out. Here is a map of which countries require which type of choice.

map with laws by country in the EU

The differences between opt-out, opt-in, and double opt-in (and how to best work with each)

GDPR policies are not one and the same. Read on to figure out how to handle them and where each applies.


In the countries colored in green, prospects don’t have to choose to opt-in, but instead must be provided with a simple way to opt-out of receiving communications. This only applies in B2B relationships, as any B2C outreach requires that your prospect opts-in as well. With that being said, stick to using email or phone for B2C outreach to ensure that your prospect willingly opts-in.

Opt-out countries include

  • France
  • Hungary
  • Croatia
  • Sweden
  • Finland
  • Estonia
  • Latvia
  • Ireland
  • Slovenia
  • Portugal
  • Norway
  • *UK was previously an opt-out country, but post-Brexit, GDPR policies no longer apply as it’s not a part of the EU.

How to manage opt-out prospects

For potential clients located in opt-out countries, explain in the message body or at the bottom of an email that they can easily be excluded from communication by clicking ‘unsubscribe.’

Example opt-out templates

Hello John,

(Insert sales pitch).

Simply reply with NO to stop further communication.

Hello John,

(Insert sales pitch).

Type UNSUBSCRIBE if you do not wish to receive any more messages.

Hello John,

(Insert sales pitch).

Click here to unsubscribe. (Link them to unsubscribe request form)

Hello John,

(Insert sales pitch).

Reply with Stop to stop receiving messages from us.

Single opt-in

Countries in yellow are single opt-in countries. This means that you will need to have some form of consent from a prospect in order to send communications. They’ll have to take one positive action to sign up to receive your messages.

Single opt-in countries include

  • Spain
  • Denmark
  • Belgium
  • Italy
  • Poland
  • Lithuania
  • Czech Republic
  • Slovakia
  • Bulgaria
  • Greece
  • Iceland
  • Austria
  • Romania

How to manage opt-in prospects

Opting-in may not need to be as explicitly stated as you think. For example, during your connection request or first message on LinkedIn, you can say something like, “If you reply/accept, this means you want more information.” This is enough to warrant an opt-in from this client. Any reply or acceptance means the prospect has given you the okay on contacting them.

Surfe (ex-Leadjet) template feature

Once you’ve installed Surfe (ex-Leadjet), you’ll be able to access our template feature where you can save the free templates below whenever you are sending a GDPR-compliant sales message to your prospect. This makes it easy to send a message with just one click instead of having to type or copy/paste this message from another Word or Google Doc.

extact linkedin

Example opt-in templates

Hello John,

(Insert sales pitch).

Accepting this request would also mean that you accept the terms and conditions.

Hello John,

(Insert sales pitch).

Accept this request or reply to find out more.

Hello John

(Insert sales pitch)

Click ‘SUBSCRIBE’ to hear more about how our products can help increase your revenue. (Link to email sign up)

Hello John

(Insert sales pitch).

Simply reply with a “yes” to get more information from us.

An alternative is to create a popup on your website and give an incentive for your potential client to sign up for newsletters, or further communication via LinkedIn or email. This can be anything from a free trial, a discount, or a complimentary guide/resource that may be useful.

Double opt-in

Countries that require a double opt-in interpret GDPR in its strictest sense. When contacting prospects in these locations, it’s best to be extra careful to avoid violating any terms. The double opt-in means that a prospective client would have to take not one, but two positive actions to consent to receiving communication.

Double opt-in countries include

  • Germany
  • Switzerland

How to manage double opt-in prospects

Double opt-in actions can include signing up to receive emails or messages, then confirming their sign-up via email. If prospects in these countries don’t provide this double form of consent, your business can’t send them communications.

When it comes to double opt-in communication, make sure your CTA button is large and available for email sign-ups. If prospects can’t figure out where to sign up to receive your emails, they’ll never do so.

Once a prospect signs up, make sure your next email comes immediately after asking them to verify their details. If this doesn’t arrive right away, a potential client may lose interest or forget to complete the double action.

Keep this email simple and brief to ensure your prospect uses it to verify (the second opt-in) their interest and isn’t distracted by other information.

How following GDPR can (and will) benefit your business

If you’re panicking a little about complying with GDPR, don’t. It can actually help benefit your business.\

Following these rules will guarantee an automatic prospect filtration that enables you as a business to best target potential clients. If you know a prospect is interested, you can slowly push them through the sales pipeline instead of wasting your time sending information to those who aren’t interested, right for your business, or wouldn’t bother reading your communication anyway. Think of GDPR as a way to modernize the way you filter your prospects.

It’s also important to make sure that your website and social media channels are updated with plenty of information so that prospective clients are able to see what your brand is about and decide whether or not to opt-in or opt-out.

If you have clear and concise brand messaging, prospects will be able to figure that out immediately and see if your product is right for them and if they’d like to know more. Likewise, this process ensures you won’t waste time on those who wouldn’t have considered your product anyway.

Surfe (ex-Leadjet) is fully GDPR compliant, as we don’t do mass messaging and we believe in respecting the data of our prospects and clients. That’s why we make it easy to save your GDPR-compliant templates on LinkedIn for quick and hassle-free access.

To ramp up your LinkedIn outreach in a GDPR compliant manner, sign up for your free, 14-day trial or book a demo with Surfe (ex-Leadjet).