ChecklistEU

EU ePrivacy Directive Direct Marketing Consent Checklist

A checklist you can hand to marketing ops, product, and legal and actually implement.

Focus: proof, opt-out, suppression governance, and vendor enforcement.

Back to main artifact Review sources

Author

Sorena AI

Published

Feb 21, 2026

Updated

Feb 21, 2026

Sections

Structured answer sets in this page tree.

Primary sources

Cited legal and guidance references.

Publication metadata

Sorena AI

Published Feb 21, 2026

Updated Feb 21, 2026

Overview

Marketing compliance is evidence compliance. This checklist is designed to make Article 13 operational: you can prove consent (or a documented soft opt-in model where applicable), you can prove withdrawals, and your suppression list is enforced across all vendors and tools.

Section 1

1) Define your marketing model per channel and market

Do not use one global policy statement. Different channels and markets require explicit decisions and controls.

Document the model and store it in your evidence index.

Channels: email, SMS, IM/push, automated calling (as applicable).
Model: consent vs soft opt-in (where applicable) + constraints and fallback path.
Owner: marketing ops owner + legal reviewer + system owner (CRM/ESP).

Section 2

2) Consent capture: make it provable and versioned

Consent without proof is a liability. Capture enough to reproduce what the user saw and agreed to.

Version the wording like code.

Log fields: identifier, timestamp, channel(s), locale, capture source, and wording/version ID.
If using double opt-in: record confirmation timestamp and method.
Store the consent UI/screenshots/spec and link them to the wording version.

Section 3

3) Opt-out: design for speed and propagation

Opt-out must work in practice across tools. The failure mode is partial suppression (one tool honors, another doesn't).

Build opt-out propagation as a measurable pipeline.

One-click unsubscribe for email; clear STOP flows for SMS where applicable.
Withdrawal event log: timestamp, channel, and tool propagation evidence.
Time-to-suppress KPI: how quickly withdrawal is enforced across vendors.

Section 4

4) Suppression list governance (treat as safety-critical)

Suppression lists prevent repeated violations and complaints.

They need access controls, audit logs, and vendor propagation guarantees.

Single source of truth suppression list; no ad-hoc overrides.
Access controls + audit logs + approval workflow for exceptional cases.
Vendors: contract clauses + technical enforcement + periodic tests.

Section 5

5) Export pack (what to produce during an inquiry)

Build and rehearse an export pack so you can respond coherently within days.

Your export pack should be consistent and defensible.

Consent logs (schema + sample exports) tied to wording versions.
Withdrawal logs + suppression list governance evidence.
Campaign approval records and compliance checks.
Vendor list + suppression propagation tests.

Recommended next step

Use EU ePrivacy Directive Direct Marketing Consent Checklist as a cited research workflow

Research Copilot can take EU ePrivacy Directive Direct Marketing Consent Checklist from turning this checklist into an operational workflow to a reusable workflow inside Sorena. Teams working on EU ePrivacy Directive can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow

Open Research Copilot for EU ePrivacy Directive Direct Marketing Consent Checklist

Start from EU ePrivacy Directive Direct Marketing Consent Checklist and answer scope, timing, and interpretation questions with cited outputs.

Explore next step

Talk to Sorena

Talk through EU ePrivacy Directive

Review your current process, evidence gaps, and next steps for EU ePrivacy Directive Direct Marketing Consent Checklist.

Explore next step

Primary sources