About the General Data Protection Regulation
The GDPR regulates how organizations process the personal data of EU citizens, including organizations located outside of the EU.
Get the job done with a pro
From training to full-service marketing, our community of partners can help you make things happen.
If your business is based in the European Union (EU), or you process the personal data of individuals in the EU, the General Data Protection Regulation (GDPR) affects you.
When relying on consent as your legal basis for processing, the GDPR says the consent you obtain must be freely given, specific, informed, and unambiguous. You also must clearly explain how you plan to use your contacts’ personal data. Mailchimp signup forms can help you stay compliant with this law. Our optional, GDPR-friendly forms include checkboxes for opt-in consent, and editable sections that explain how and why you’re using data.
In this article, you’ll learn how signup forms can help you comply with the GDPR.
Here are some things to know before you begin this process.
Just enabling GDPR fields on your signup forms won’t make you compliant. It’s the first part of a multi-step process. To collect consent from new and existing contacts, you’ll set up your forms, create a segment, and send a consent email. Here’s how it works.
Segment your audience based on the marketing permissions you receive from your signup form. You don’t have to wait to collect your data to create segments. After you create and save your segments, you’ll be able to access them anytime. Give your segments descriptive names so you can find them easily.
Once your segments are created, you can then collect consent to send your marketing to those contacts. New contacts can sign up through the published form, but you’ll also want to reach out to your existing contacts.
After you save your consent segment and contacts have consented through a published form, use it to send your email or ad campaign only to those people.
GDPR form fields include checkboxes that your contacts will use to opt in to your marketing, and space for you to add necessary information. Mailchimp provides suggested language that you can edit to fit your marketing plan. Make sure each section accurately describes your marketing activities.
This table explains what you need to include in each field.
Field | |
---|---|
Description | This field describes why you are collecting the information on your form, such as providing marketing and product updates. |
Options | This field uses checkboxes to get consent for each marketing activity you conduct. Remember that each marketing activity must be clearly communicated and requires separate consent. |
Legal Text | This field explains how you’ll use contacts’ data. Statements you make in this section must be consistent with your practices, so be sure to edit this field to meet the needs of your business. Include your contact details on the signup form—the GDPR requires the organization collecting the personal data (that’s you) to identify themselves. Let your customers know they can change their mind at any time with the Unsubscribe link. If you plan to use data you collect from your contacts to advertise online, clearly explain your advertising activities and make sure your Cookie Statement describes any cookies or tracking technologies you might use. If you’re not sure, Mailchimp’s Cookie Statement includes a section called Cookies served through the Services that describes technology you (or your website) might use, depending on the features you use through Mailchimp. |
Privacy Policy and Terms | This non-editable field lets your contacts know that you’ll be storing their info in your Mailchimp account, so there’s no need for you to describe this storage activity in the legal text field of your form. A link to Mailchimp’s Standard Terms of Use is included. |
After you enable GDPR form fields for your audience, these fields will be included on the hosted signup forms for your audience, embedded forms, update profile forms, and signup landing pages.
The fields will also be included on pop-up forms that use the Modal design format, and either None or Top image alignment pop-up forms.
To find the pop-up form layouts that are compatible with GDPR fields for your audience, follow these steps.
Note
GDPR fields are not compatible with form integrations.
To use GDPR fields on your signup forms, enable them for each audience that collects or contains personal data from EU citizens, then edit them to reflect your marketing practices.
After you enable GDPR fields for an audience, they’ll be available to view and edit. These fields will be included on most signup forms associated with that audience, including pop-up forms, the hosted signup form, embedded forms, and signup landing pages.
To enable and edit GDPR fields for your audience, follow these steps.
You’re all set! After your forms are in use, be careful about any further edits you make. If you change a checkbox option, the consent you received before making the change will no longer be valid and you’ll need to reconfirm opt-in. If you want to change your form, we suggest that you add a new option or remove an old one.
After you enable GDPR fields, you can also edit them from the form builder. The changes you make in the form builder will apply to most Mailchimp signup forms, including compatible pop-up forms and landing pages.
To edit GDPR fields from the form builder, follow these steps.
In the Field settings section, edit your GDPR fields.
If you'd like to require your contacts to choose an option before they subscribe, click any field, then check the Required field checkbox.
When you’re ready, click Save Fields.
After you’ve set up your marketing permission checkboxes, segment your audience to make sure you send your email only to the people who have given consent through your signup form.
To create and save a segment in your audience, follow these steps.
To learn how to manage segments, check out Save and Manage Segments.
Now that you’ve updated your forms and your segments are set up, you’re ready to collect consent from new contacts and market accordingly. But, you still need your existing contacts to opt in to your marketing permissions. Let your contacts know they need to update their profile with a consent email.
We've created an email template to help you, or you can build your email from scratch. Send your consent email to everyone in your audience, and make sure it includes an Update Your Preferences link. Click tracking doesn't work with the Update Profile link or other system-generated merge tags, so you'll need to use the GDPR form fields and segments to see who has updated their settings.
To collect consent from your existing contacts, follow these steps.
Click the drop-down, then click Subscriber Alerts.
Click the GDPR Subscriber Alert template.
The template includes suggested language that you can edit. Preview and test your email as you normally would, and send it to your complete audience.
After you send your consent campaign, use your Marketing Permissions segments to communicate only with contacts who have expressly opted in to your marketing. You may find it helpful to bulk unsubscribe all contacts who haven't opted to receive any marketing from you.
Some EU authorities recommend that businesses periodically refresh consent, suggesting that reconfirmations can still be sent. The important thing is that you need to ensure that you have a legal basis–such as consent or a legitimate interest–to send an email to a contact.
If you don’t feel like you have a proper basis under the GDPR to email a contact, you may want to refrain from sending a reconfirmation email and remove the contact from your audience. As always, we suggest you reach out to legal counsel in your area to discuss the specifics of your situation.
When a new contact signs up to your marketing through a hosted, pop-up, or landing page signup form for your GDPR-enabled audience, we'll record the field information in a plain-text version of your form. This captures the GDPR fields your contact saw when they subscribed, so you can show that you accurately described your marketing activities. You can view this information at any time on the contact's profile page.
You can edit the opt-in preferences for your contact here, but we don't recommend it. If you choose to edit your contact's preferences, make sure you have their express and verifiable consent.
Technical Support
Have a question?
Paid users can log in to access email and chat support.
The GDPR regulates how organizations process the personal data of EU citizens, including organizations located outside of the EU.
Learn more about Mailchimp and European data transfers.