No matter what type of business you have or where in the world you’re located, chances are that you’ve heard a lot lately about the EU’s new data privacy law, the GDPR. As General Counsel at MailChimp, a lot of my time over the last year has been spent preparing our business for this new law. We even released a guide last year highlighting MailChimp’s compliance efforts.
But MailChimp’s GDPR efforts go well beyond making sure we’re ready for this new law—we’ve also been focused on what the GDPR means for you, our customers.
If you’re new to the GDPR, here’s a bit of background: the General Data Protection Regulation is a new law that regulates how the personal data of EU citizens can be collected, used, and processed by businesses. It takes effect on May 25, 2018, and while it’s being implemented by the European Union, it applies not only to organizations based in the EU but also to those that have customers and contacts in the EU. So it’s going to have an impact on businesses all around the world.
While the GDPR requires some effort, it can also lead to some big benefits for you and your business.
- The law will help create a more trusting relationship between you and your subscribers. Knowing exactly what kind of experience subscribers want from you helps you meet—and exceed—their expectations.
- The GDPR empowers your subscribers to understand exactly what data is being collected and how it will be used.
- And since the GDPR provides subscribers with the right to easily specify and update permissions (by, for example, allowing them to quickly to opt into or out of receiving certain content), it should also lead to fewer unsubscribes and spam complaints, which in turn improves deliverability.
We want to make it as easy as possible for you to get ready for the GDPR. Our team is hard at work building easy-to-use tools (to be released in early April) that will help you comply with the GDPR’s new requirements. Let’s take a look at the updates that are coming soon to your MailChimp account.
If you’re going to rely on consent to process your subscribers’ data, the GDPR says that you must obtain explicit, opt-in consent, and be clear about how your subscribers’ data will be used when you obtain that consent.
- We’re building GDPR-friendly forms that you can quickly set up to help you get—and document—subscribers’ consent. In just a few clicks, you’ll be able to enable GDPR-friendly fields for all hosted forms (including landing pages and pop-ups) connected with a list in your MailChimp account.
- These forms will have separate checkboxes so subscribers can choose whether to opt in to each element of your MailChimp marketing (like receiving email or being targeted for online advertising, for example), and you’ll be able to customize the field labels, checkbox options, and legal text.
- MailChimp will also keep a record of what each version of your form says, so you’ll always know exactly which fields were present on a form when it was submitted by a subscriber, and you can prove consent if the need arises.
Under the GDPR, your EU subscribers have expanded rights regarding the use of their personal data, and can request, for example, that their data be deleted, moved, or corrected at any time.
As of right now, all MailChimp users can access their MailChimp lists to correct or update information upon the request of their subscribers. If a subscriber signed up for a list through a MailChimp hosted form, you can export that list and see the date stamp, timestamp, IP address, and more for the signup and confirmation time for contacts on the list.
In the coming weeks, we’ll be releasing updates that are going to make it even easier for you to access and manage your subscribers’ data.
- The process of updating, exporting, and sharing subscribers’ data upon request will be quicker and simpler. If you receive a data request from a subscriber, you’ll be able to send them the data they’ve requested in a single step from within your account.
- When you delete someone from your list, we will remove all traces of that subscriber’s personal information from your reports as well as your list. Anonymous, aggregate reporting data will remain visible in your account, but any use of a deleted subscriber’s name and email address, for example, will be removed.
As always, your subscribers can continue to update their own data, too, by contacting us or choosing to update their preferences in any email they receive from you.
Wondering about whether you’ll still be able to store your subscribers’ personal information in your MailChimp account? Good news: we’ve already implemented strong privacy protections that mean we’re handling your subscribers’ data appropriately and in line with EU legal requirements.
MailChimp has certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, so you can transfer your subscribers’ personal data outside of the EU to MailChimp in the U.S., so long as you:
- Complete our updated data processing agreement and
- Get permission from your subscribers to transfer their data. Permission terms will be built directly into our GDPR-friendly forms, but you should copy that language over to your other list building methods, too.
The GDPR goes into effect on May 25, but there’s still time to make your preparations. Review our GDPR guide to see what you can do, right now, to get ready.
We’re working hard to get ready, too. Our goal is to have all of the updates outlined in this article ready for you in early April, so be sure to visit the What’s New page to stay in the loop. I’ll be turning things over to our data protection officer in the coming weeks, so please be sure to look out for any updates from her, too.