GDPR compliance is easy with Mailchimp

Connect with your customers and market smarter—all while protecting your customers’ personal data.

What is the GDPR?

The GDPR, or General Data Protection Regulation, is a European privacy law that went into effect in May 2018. It regulates how personal data of individuals in the EU can be collected, used, and processed. The law impacts European companies, businesses that target European individuals, and those that collect, use, or process the personal data of European individuals. This means the GDPR will apply to most organizations that process personal data of EU individuals—regardless of where the business is established and where their processing activities take place.

How does Mailchimp make GDPR compliance easier?

You can get consent and build loyalty with our tools, designed to help you comply with the GDPR’s requirements as you grow your audience.

Customize GDPR-friendly forms

You can design GDPR-friendly forms that are consistent with your brand. Edit built-in GDPR language so you still sound like yourself, and collect the marketing permission you need. GDPR fields are available for hosted, embedded, pop-up, or landing page signup forms, and they can be enabled via our API.

Set up double opt-in settings

You can enable our double opt-in settings for your audience where needed, or to provide additional evidence of consent.

Manage contact profiles

Our contact profiles show when someone opted in to receive marketing from you, so you can prove consent and modify or remove personal information any time you need to.

Quickly respond to data requests from your contacts.

  • Right of access

    You can export data about individual contacts from your Mailchimp account, which can help you prove consent and fulfill access requests.

    Export Data
  • Right to be forgotten

    You can delete contacts from your Mailchimp account at any time. And when someone is removed from your contacts, we anonymize their data in your reports so you stay compliant without losing any audience insights.

    Delete Contacts
  • Right to object

    If a contact objects to you processing their personal data, you can remove them from your Mailchimp account at any time. You can also opt out of including your contacts’ data in our data analytics project by changing the Privacy Settings on your account.

  • Right to rectification

    You can correct or complete contact information at any time. Your contacts can even edit their own permissions.

  • Right of portability

    You can export any of your contacts, or selected information within any list, at any time in your Mailchimp account.

“Mailchimp's GDPR resources helped us and our clients understand and prepare for the biggest shake-up in data law in over 20 years. Plus, the GDPR-friendly signup forms were an absolute breeze to use.”

Alastair Thompson, Teapot Creative

What does Mailchimp do to comply with the GDPR?

  • Appointed a Data Protection Officer (DPO) to oversee our compliance program.
  • Continuously review our security measures to ensure any personal data we collect and process on our systems is adequately protected.
  • Ensure our Privacy Policy clearly explains Mailchimp's commitment to the GDPR, is transparent about how we use personal data, and gives individuals information about how they can exercise their data subject rights.
  • Provide our customers with GDPR-ready terms in our Data Processing Addendum and update our contracts with third party vendors to ensure they are GDPR-compliant.
  • Maintain formal processes around data subject rights to ensure we can help customers fulfil requests they receive.
  • Complete Data Protection Impact Assessments to identify and minimize any risks from our processing activities.
  • Maintain accurate records of our processing activities, both as a processor and controller of personal data.
  • Pay close attention to regulatory guidance around GDPR compliance and making changes to our product features and contracts when they're needed.

It’s easy to make your marketing GDPR-friendly

Grow your audience and protect their data.