Hopefully, you have heard about the General Data Protection Regulation by now, the new EU privacy law going into effect on May 25, 2018.
Let me start out with the usual legal mumbo jumbo that I am not a lawyer and that this is not legal advice. I do believe I can share a few things that might be helpful if you’re looking at complying with the new GDPR rules though.
Mailchimp as a data processor
Mailchimp for WordPress is a plugin that you install directly on your site. All data is flowing directly from your website to Mailchimp. This means that it doesn’t really matter whether you are using our plugin or the embedded form widget that Mailchimp provides.
You do not have to list us as a data processor and you do not need to sign a data processing agreement with us.
You do need this for Mailchimp. Luckily, Mailchimp prepared a nice guide to help us prepare for the GDPR.
Plugin specific tips
With that out of the way, here are a few tips on utilising the tools that Mailchimp for WordPress provides to help you comply with the GDPR.
Explicit & verifiable consent
Verifiable consent requires a written record of when and how someone agreed to let you transfer their personal data to Mailchimp. The important thing to note here is that you can not use a pre-checked opt-in checkbox here.
Mailchimp for WordPress sends the email address, IP address and timestamp of the sign-up request to Mailchimp which then stores it.
We recommend adding clear language to your forms stating all the way you could use the personal data that is collected.
If you’re integrating with third-party forms, make sure to not pre-check the opt-in checkbox and do not make it implicit.