GDPR Compliance with Mailchimp

Mailchimp makes it easy to connect with your customers and market smarter—all while protecting your customers' personal data.

What is the GDPR?

The GDPR, or General Data Protection Regulation, is a European privacy law that went into effect in May 2018. It regulates how personal data of individuals in the EU can be collected, used, and processed. The law impacts European companies and any business that targets European individuals or collects, uses, or processes the personal data of European individuals regardless of where the business is located. Essentially, this means the GDPR will apply to most organizations that process personal data of EU individuals—regardless of where they are established and regardless of where their processing activities take place.

How does Mailchimp make GDPR compliance easier?

Easily get consent and build loyalty. Our tools make it easy to comply with the GDPR's requirements as you grow your audience.

Customize GDPR-friendly forms

You can design GDPR-friendly forms that are consistent with your brand. Edit built-in GDPR language so you still sound like yourself, and collect the marketing permission you need. GDPR fields are available for hosted, embedded, pop-up, or landing page signup forms, and they can be enabled via our API.

Set up double opt-in settings

You can enable our double opt-in settings for your audience where needed, or to provide additional evidence of consent.

Manage contact profiles

Our contact profiles show when someone opted in to receive marketing from you, so you can prove consent and modify or remove personal information any time you need to.

Quickly respond to data requests from your contacts.

Individuals in the EU have certain rights under the GDPR. Our audience management tools allow you to easily respond to data requests from your contacts—without a cumbersome process or waiting for someone to handle the request for you.

  • Right of access

    You can export data about individual contacts from your Mailchimp account, which can help you fulfill access requests.

    Export Data
  • Right to be forgotten

    You can delete contacts from your Mailchimp account at any time. And when someone is removed from your contacts, we anonymize their data in your reports so you stay compliant without losing any audience insights.

    Delete Contacts
  • Right to object

    If a contact objects to you processing their personal data you can remove them from your Mailchimp account at any time.

    Delete Contacts
  • Right to rectification

    You can access and update your contact lists to correct or complete contact information at any time. You can also create a preferences center where your Contacts can update their information and preferences on their own.

    Create a Preferences Center
  • Right of portability

    You can export any of your audiences, or selected information within any audience, at any time in your Mailchimp account.

    View or Export Contacts
“Mailchimp's GDPR resources helped us and our clients understand and prepare for the biggest shake-up in data law in over 20 years. Plus, the GDPR-friendly signup forms were an absolute breeze to use.”

Alastair Thompson, Teapot Creative

What does Mailchimp do to comply with the GDPR?

  • Appointed a Data Protection Officer (DPO) to oversee our compliance program.
  • Continuously review our security measures to ensure any personal data we collect and process on our systems is adequately protected.
  • Ensure our Privacy Policy clearly explains Mailchimp's commitment to the GDPR, is transparent about how we use personal data, and gives individuals information about how they can exercise their data subject rights.
  • Incorporate the EU's Standard Contractual Clauses in our Data Processing Addendum which automatically forms part of our Standard Terms of Use (our contract with you) and applies to customer data protected by EU laws.
  • Provide our customers with GDPR-ready terms in our Data Processing Addendum and update our contracts with third party vendors to ensure they are GDPR-compliant.
  • Maintain formal processes around data subject rights to ensure we can help customers fulfill requests they receive.
  • Respond to and fulfill data subject rights requests in our role as a controller.
  • Complete Data Protection Impact Assessments to identify and minimize any risks from our processing activities.
  • Maintain accurate records of our processing activities, both as a processor and controller of personal data.
  • Pay close attention to regulatory guidance around GDPR compliance and making changes to our product features and contracts when they're needed.
  • Certify annually with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks and continue to protect EEA, UK, and Swiss data in compliance with the Privacy Shield Principles. You can view our Privacy Shield certification here.

More about Mailchimp and GDPR compliance.

It’s easy to make your marketing GDPR-friendly

Grow your audience and protect their data.