Blog / Guide

WhatsApp opt-in: how to collect it compliantly and stay GDPR-compliant

Redazione SendApp7 min read
WhatsApp opt-in: how to collect it compliantly and stay GDPR-compliant

In short

WhatsApp opt-in is the contact's explicit consent to receive messages from your business. You can collect it in four compliant ways (widget, checkout, click-to-chat, and QR code), always keeping proof to stay compliant with GDPR.

WhatsApp opt-in is the legal basis of any messaging strategy: without the contact's explicit consent you can't send them promotional messages, and you risk reports, number bans, and GDPR penalties. The good news is that collecting opt-in is simple if you integrate it into the touchpoints you already have. Let's look at the four most effective and compliant ways.

What opt-in is and why it's mandatory

Opt-in is the action by which a person freely, specifically, and knowingly consents to receiving WhatsApp messages from your business. Both Meta's rules and GDPR require it. Valid consent must be clear (the person understands what they'll receive), traceable (you keep the proof), and revocable (they can say stop whenever they want).

The 4 ways to collect opt-in

1. Widget or form on your site

Add a widget or a field to your site where the visitor leaves their number and ticks a dedicated consent box. The box must not be pre-ticked and the text must clearly state the purpose of the messages.

2. E-commerce checkout

During purchase, offer an optional checkbox: "I want to receive order updates and offers via WhatsApp". It's one of the best moments because the customer is already engaged with you.

3. Click-to-chat

When a person messages you first (from a wa.me link, a button, or a click-to-WhatsApp ad), they're expressing interest. You can use the first automatic message to confirm what they'll receive and obtain explicit consent for future communications.

4. QR code

A QR code on a storefront, packaging, receipt, or printed material brings the customer into the chat with a single tap. Great for the offline-to-online transition, with the same principle as click-to-chat for confirming consent.

  • Widget or form on your site with a consent box that isn't pre-ticked
  • Checkout with an explicit option for WhatsApp updates
  • Click-to-chat from a link, button, or ad, with confirmation in the first message
  • QR code on storefront, receipt, and packaging to bring offline into the chat

What you need to be GDPR-compliant

Besides collecting consent, you must link it to a privacy notice explaining who processes the data, for what purposes, and for how long. Keep the date and source of the opt-in, handle revocations easily, and don't use the numbers for purposes other than those stated. A simple "checkout opt-in" or "QR opt-in" tag in the CRM helps you demonstrate the origin of the consent.

With SendApp you can automatically tag each contact with the source of their opt-in (widget, checkout, click-to-chat, QR) and handle stop requests centrally, so you always have a record of who consented and when.

How to do it with SendApp

SendApp offers a web widget for your site, contact management with tags for the consent source, and an inbox that captures click-to-chat interactions. You connect your number via official Meta API or via WhatsApp Web with a QR code, and every contact enters the CRM with its origin. Plans start at 19 euros per month; it's a platform used by over 30,000 businesses.

Put it into practice with SendApp

Campaigns, AI and a multichannel inbox with no markup on message costs. Try it free, no credit card.

Redazione SendApp

The SendApp team — WhatsApp marketing and AI platform for businesses.

Frequently asked questions