Mailchimp and European Data Transfers
Learn more about Mailchimp and European data transfers.
Get the job done with a pro
From training to full-service marketing, our community of partners can help you make things happen.
You've probably heard about the General Data Protection Regulation (GDPR), and you might have a few questions about it. Here’s some information about the law and how it affects Mailchimp and our users.
This article is provided as a resource, but it’s not legal advice. We encourage you to speak to legal counsel to learn how the GDPR may affect your organization.
The GDPR is a European Union (EU) privacy law that affects businesses around the world. It regulates how any organization that is subject to the Regulation treats or uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you'll need to comply with the GDPR.
The GDPR replaces an older directive on data privacy, Directive 95/46/EC, and it introduces a few important changes that may affect Mailchimp users.
You need to have a legal basis, like consent, to process an EU resident's personal data. If you rely on consent, it must be freely given, specific, informed, and unambiguous.
In order to verify that you have obtained adequate consent, you will need a written record of when and how someone agreed to let you process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.
The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the right to ask for details about the way you use their personal data and can ask you to do certain things with that data. You should be prepared to support these requests in a timely manner. Individuals have the right to request their personal data be corrected, provided to them, prohibited for certain uses, or removed completely.
You should also be able to tell someone among other things, how their personal data is being used. If they ask, you’re obligated to share the personal data you hold on an individual, or offer a way for them to access it.
Mailchimp offers tools related to consent and individual rights to help you comply with the GDPR. We encourage you to consult with legal or other professional counsel about your GDPR compliance.
Transparent data processing is mandatory, and it’s also an opportunity to strengthen your marketing relationships. We’ve updated Mailchimp signup forms to help you stay compliant with the latest laws.
If you’re going to rely on consent to process the personal data of EU citizens, the GDPR says you must obtain specific consent from your contacts and clearly explain how you plan to use their personal data. Our GDPR-friendly fields include checkboxes for opt-in consent, and editable sections that allow you to explain how and why you are using data.
Mailchimp stores your forms and contact data in case you need it in the future. If someone signed up to your audience through a Mailchimp hosted form, you can export that audience and view information related to the signup. For additional evidence of consent, you may choose to turn on double opt-in.
If you rely on consent to process contacts' personal data, double check whether the consent that you obtained meets the GDPR's standards. For example, check third-party integrations to be sure they don't automatically add people to your Mailchimp audience without an opt-in checkbox that clearly states how you'll use that person's data. You should also review the terms associated with any Mailchimp add-ons or third-party integrations you use.
To learn more about permission data, check out Export Proof of Consent
To learn more about using GDPR-friendly forms, check out Collect Consent with GDPR Forms
All Mailchimp users can access their Mailchimp audiences to correct or update information upon the request of their contacts. Your contacts can continue to update their own data, too, by contacting us or updating their preferences in any email they receive from you.
We want to help our users, but it’s important to note that the GDPR's provisions could affect your business outside of how you use Mailchimp. Here are some additional resources.
Technical Support
Have a question?
Paid users can log in to access email and chat support.
Learn more about Mailchimp and European data transfers.
Learn how Mailchimp determines pricing for international and non-U.S. currencies.