What I’m Doing with MailChimp and GDPR Compliance
You’re probably receiving lots of privacy notifications from social media, apps, websites, the charities you follow, and others. This activity is due to a deadline of March 25, 2018, set by the GDPR.
The General Data Protection Regulation (GDPR) is an 88-page European Union (EU) regulation on data protection and privacy for all people within the European Union and the European Economic Area (EEA). Additionally, it covers the export of personal data outside the EU and EEA. U.S. entities are responding to the GDPR because it’s very possible this may become international law in the future. If you and your subscribers are not citizens of any of the member countries (see EU and EEA lists in the NOTES), I still recommend you read further (pay attention to all the details) and decide what steps you’d like to take now.
For this post, I’m looking into the GDPR for those who use MailChimp. As a disclaimer, I’m just sending you what MailChimp has on their site.
Your MailChimp Emails
MailChimp has a lot of useful links and information about GDPR that I’m looking through. I found a checklist of theirs that could help you get started if you’d like to work on your MailChimp account now. I started working through the following checklist for JudyDouglass.com and for myself:
MailChimp features to help comply with the GDPR:
- Use MailChimp’s GDPR signup forms and double opt-in to collect your contacts.
- Ensure the language in your signup form accurately describes your marketing activities.
- Sign their Data Processing Agreement.
- Turn on two-factor authentication for added protection.
- Update your website’s privacy statement or policy to state you use MailChimp to store information.
- Make sure your Cookie Statement describes any cookies or tracking technologies you might use. If you’re not sure, MailChimp’s Cookie Statement includes a section called Cookies served through the Services that describes technology you (or your website) might use, depending on the features you use through MailChimp.
(Taken from MailChimp source: General Data Protection Regulation FAQs)
- Here’s very thorough help from MailChimp in this 9-page document: The General Data Protection Regulation (GDPR)
- Sample Terms and Conditions Template (just skimmed this… not mandatory and End-User License Agreement, EULA, is an option as well)
- EU and EEA countries covered with the new GDPR might be with the EU and / or the EEA). I found these two lists from an Internet search. Most European countries are members of both. The ones in bold are unique to either the EU or the EEA.
- The EU countries are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
- The EEA countries are: Austria, Belgium, Bulgaria, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
- PikWizard. on