No matter what type of business you have or where in the world you’re located, chances are that you’ve heard a lot lately about the EU’s new data privacy law, the GDPR. As General Counsel at MailChimp, a lot of my time over the last year has been spent preparing our business for this new law. We even released a guide last year highlighting MailChimp’s compliance efforts.
But MailChimp’s GDPR efforts go well beyond making sure we’re ready for this new law—we’ve also been focused on what the GDPR means for you, our customers.
If you’re new to the GDPR, here’s a bit of background: the General Data Protection Regulation is a new law that regulates how the personal data of EU citizens can be collected, used, and processed by businesses. It takes effect on May 25, 2018, and while it’s being implemented by the European Union, it applies not only to organizations based in the EU but also to those that have customers and contacts in the EU. So it’s going to have an impact on businesses all around the world.
While the GDPR requires some effort, it can also lead to some big benefits for you and your business.
We want to make it as easy as possible for you to get ready for the GDPR. Our team is hard at work building easy-to-use tools (to be released in early April) that will help you comply with the GDPR’s new requirements. Let’s take a look at the updates that are coming soon to your MailChimp account.
If you’re going to rely on consent to process your subscribers’ data, the GDPR says that you must obtain explicit, opt-in consent, and be clear about how your subscribers’ data will be used when you obtain that consent.
Under the GDPR, your EU subscribers have expanded rights regarding the use of their personal data, and can request, for example, that their data be deleted, moved, or corrected at any time.
As of right now, all MailChimp users can access their MailChimp lists to correct or update information upon the request of their subscribers. If a subscriber signed up for a list through a MailChimp hosted form, you can export that list and see the date stamp, timestamp, IP address, and more for the signup and confirmation time for contacts on the list.
In the coming weeks, we’ll be releasing updates that are going to make it even easier for you to access and manage your subscribers’ data.
As always, your subscribers can continue to update their own data, too, by contacting us or choosing to update their preferences in any email they receive from you.
Wondering about whether you’ll still be able to store your subscribers’ personal information in your MailChimp account? Good news: we’ve already implemented strong privacy protections that mean we’re handling your subscribers’ data appropriately and in line with EU legal requirements.
MailChimp has certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, so you can transfer your subscribers’ personal data outside of the EU to MailChimp in the U.S., so long as you:
The GDPR goes into effect on May 25, but there’s still time to make your preparations. Review our GDPR guide to see what you can do, right now, to get ready.
We’re working hard to get ready, too. Our goal is to have all of the updates outlined in this article ready for you in early April, so be sure to visit the What’s New page to stay in the loop. I’ll be turning things over to our data protection officer in the coming weeks, so please be sure to look out for any updates from her, too.