Mailchimp and LGPD compliance

Mailchimp makes it easy to connect with your customers and market smarter—all while protecting your customers’ personal data.

What is the LGPD?

The LGPD, or the Brazilian Data Protection Act, is a Brazilian privacy law that went into effect in August 2020. It regulates how personal data of individuals located in Brazil can be collected, used, and processed. The law impacts Brazilian companies and any business that targets Brazilian individuals or that collects, uses, or processes the personal data of Brazilian individuals regardless of where the business is located. Essentially, this means the LGPD will apply to most organizations that process personal data of Brazilian individuals—regardless of where they are established, and regardless of where their processing activities take place.


How does Mailchimp make LGPD compliance easier?

Easily get consent and build loyalty. Our tools make it easy to comply with the LGPD’s requirements as you grow your audience.

LGPD friendly forms

You can design LGPD friendly forms that are consistent with your brand by leveraging our GDPR (the European "General Data Protection Regulation") - friendly forms and fields (our privacy tools help you comply with both the GDPR and the LGPD). Edit built-in language so that you sound like yourself and collect the marketing permission you need. LGPD friendly fields are available for hosted, embedded, pop-up, or landinge page signup forms, and they can be enabled via our API.

Double opt-in settings

You can enable our double opt-in settings for your audience where needed or to provide additional evidence of consent.

Contact profiles

Our contact profiles show when someone opted in to receive marketing from you, so you can prove consent and modify or remove personal information any time you need to.

Quickly respond to data requests from your contacts

  • Right of access

    You can export data about individual contacts from your Mailchimp account, which can help you fulfill access requests.

    Export Data
  • Right to be forgotten

    You can delete contacts from your Mailchimp account at any time. And when someone is removed from your list, we anonymize their data in your reports so that you don’t lose any audience insights but stay in compliance.

    Delete Contacts
  • Right to object

    If a contact objects to you processing their personal data you can remove them from your Mailchimp account any time.

    Delete Contacts
  • Right to rectification

    You can access and update your contact lists to correct or complete contact information at any time. You can also create a preferences center where your Contacts can update their information and preferences on their own.

    Create a Preferences Center
  • Right of portability

    You can export any of your audiences, or selected information within any audience, at any time by accessing your Mailchimp account.

    View or Export Contacts
“Mailchimp's data protection resources helped us and our clients understand and prepare for the biggest shake-up in data law in over 20 years. Plus, the privacy-friendly signup forms were an absolute breeze to use.”

Alastair Thompson, Teapot Creative

What does Mailchimp do to comply with the LGPD?

  • Appointed a Data Protection Officer (DPO) to oversee our compliance program.
  • Continuously review our security measures to ensure any personal data we collect and process on our systems is adequately protected.
  • Ensure our Privacy Policy clearly explains Mailchimp's commitment to global privacy laws, including the LGPD, is transparent about how we use personal data, and gives individuals information about how they can exercise their data subject rights.
  • Ensure any transfers of personal data outside Brazil are subject to appropriate safeguards.
  • Provide our customers with LGPD-ready terms in our Data Processing Addendum and update our contracts with third party vendors to ensure they are LGPD-compliant.
  • Maintain formal processes around data subject rights to ensure we can help customers fulfil requests they receive.
  • Respond to and fulfill data subject rights requests in our role as a controller.
  • Complete Data Protection Impact Assessments to identify and minimize any risks from our processing activities.
  • Maintain accurate records of our processing activities, both as a processor and controller of personal data.
  • Pay close attention to regulatory guidance around LGPD compliance and make changes to our product features and contracts when they're needed.

It’s easy to make your marketing LGPD-friendly

Grow your audience and protect their data.