You’ve probably heard about the General Data Protection Regulation (GDPR), and you might have a few questions about it. Here’s some information about the law and how it affects Mailchimp and our users.
This article is provided as a resource, but it’s not legal advice. We encourage you to speak to legal counsel to learn how the GDPR may affect your organization.
What and who
The GDPR is a European Union (EU) privacy law that affects businesses around the world. It regulates how any organization that is subject to the Regulation treats or uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.Visit here; Mailchimp GDPR.
The GDPR replaces an older directive on data privacy, Directive 95/46/EC, and it introduces a few important changes that may affect Mailchimp users.
About consent
You need to have a legal basis, like consent, to process an EU resident’s personal data. If you rely on consent, it must be freely given, specific, informed, and unambiguous.
In order to verify that you have obtained adequate consent, you will need a written record of when and how someone agreed to let you process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.
About individual rights
The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the right to ask for details about the way you use their personal data and can ask you to do certain things with that data. You should be prepared to support these requests in a timely manner. Individuals have the right to request their personal data be corrected, provided to them, prohibited for certain uses, or removed completely.
You should also be able to tell someone among other things, how their personal data is being used. If they ask, you’re obligated to share the personal data you hold on an individual, or offer a way for them to access it.
What does Mail chimp do to comply?
- Appointed a Data Protection Officer (DPO) to oversee our compliance program.
- Continuously review our security measures to ensure any personal data we collect and process on our systems is adequately protected.
- Ensure our Privacy Policy clearly explains Mailchimp’s commitment to the GDPR, is transparent about how we use personal data, and gives individuals information about how they can exercise their data subject rights.
- Incorporate the EU’s Standard Contractual Clauses in our Data Processing Addendum which automatically forms part of our Standard Terms of Use (our contract with you) and applies to customer data protected by EU laws.
- Provide our customers with GDPR-ready terms in our Data Processing Addendum and update our contracts with third party vendors to ensure they are GDPR-compliant.
- Maintain formal processes around data subject rights to ensure we can help customers fulfill requests they receive.
- Respond to and fulfill data subject rights requests in our role as a controller.
- Complete Data Protection Impact Assessments to identify and minimize any risks from our processing activities.