If your business is based in the European Union (EU), or you process the personal data of EU citizens, the General Data Protection Regulation (GDPR) affects you.
The GDPR says you must obtain freely given, specific, informed, and unambiguous consent from your contacts. You also must clearly explain how you plan to use their personal data. So we’ve updated MailChimp signup forms to help you stay compliant with this law. Our optional, GDPR-friendly forms include checkboxes for opt-in consent and editable sections that explain how and why you are using data.
In this article, you’ll learn how signup forms can help you comply with the GDPR.
Here are some things to know before you begin this process.
Here are some things to know before you begin this process.
GDPR form fields include checkboxes that your contacts will use to opt-in to your marketing, and space for you to add the necessary information. MailChimp provides suggested language that you can edit to fit your marketing plan. Make sure each section accurately describes your marketing activities.
This table explains what you need to include in each field.
|Description||This field describes why you are collecting the information on your form, such as providing marketing and product updates.|
|Options||This field uses checkboxes to get consent for each marketing activity you conduct. MailChimp will provide a few common marketing activities to choose from, and you can add your own. Remember that each marketing activity must be clearly communicated and requires separate consent.|
|Legal Text||This field explains how you’ll use contacts’ data. Statements you make in this section must be consistent with your practices, so be sure to edit this field to meet the needs of your business. Include your contact details on the signup form – the GDPR requires the organization collecting the personal data (that’s you) to identify themselves. Let your customers know they can change their mind at any time with the Unsubscribe link.If you plan to use data you collect from your contacts to advertise online, clearly explain your advertising activities and make sure your Cookie Statement describes any cookies or tracking technologies you might use. If you’re not sure, MailChimp’s Cookie Statement includes a section called Cookies served through the Services that describes technology you (or your website) might use, depending on the features you use through MailChimp.|
If you plan to use data you collect from your contacts to advertise online, clearly explain your advertising activities and make sure your Cookie Statement describes any cookies or tracking technologies you might use. If you’re not sure, MailChimp’s Cookie Statement includes a section called Cookies served through the Services that describes technology you (or your website) might use, depending on the features you use through MailChimp.
Which forms are compatible with GDPR fields?
After you enable GDPR form fields for your list, these fields will be included in the hosted signup forms for your list, update profile forms, and signup landing pages.
The fields will also be included on pop-up forms that use the Modal design format, and either None or Top image alignment.
GDPR fields are not compatible with embedded forms, form integrations, or MailChimp Subscribe.
To use GDPR fields on your signup forms, enable them for each list that collects or contains personal data from EU citizens, then edit them to reflect your marketing practices.
Enable GDPR fields
After you enable GDPR fields for a list, they will be available to view and edit in the form builder. These fields will be included on most signup forms associated with that list, including pop-up forms, the hosted signup form, and signup landing pages.
You’re all set. GDPR fields will appear in the form builder for you to view and manage. On the Lists page, you’ll see a GDPR icon next to the name of the list.
Edit GDPR fields
GDPR fields are only editable from the form builder. The changes you make in the form builder will apply to most MailChimp signup forms, including compatible pop-up forms and landing pages.
After your forms are in use, be careful about any further edits you make. If you change a checkbox option, the consent you received before making the change will no longer be valid and you’ll need to reconfirm opt-in. If you want to change your form, we suggest that you add a new checkbox or remove an old one.
After you’ve set up your marketing permission checkboxes, segment your list to make sure you send your campaign only to the people who have given consent through your signup form.
To create and save a segment in your list, follow these steps.
To learn more about managing segments, check out Save and Manage Segments.
Now that you’ve updated your forms and your segments are set up, you’ll be able to collect consent from new contacts and market accordingly. But, you still need your existing contacts to opt-in to your marketing permissions. The best way to do this is to send a consent campaign to each list affected by the GDPR.
We’ve created an email template to help you, or you can build the campaign from scratch. Send your consent campaign to everyone on your list, and make sure it includes an Update Profile link. Click tracking does not work with the Update Profile link or other merge tags, so you’ll need to use the GDPR form fields and segments to see who has updated their settings.
When a new contact signs up for your GDPR-enabled list through a hosted, embedded, pop-up, or landing page signup form, we’ll record the field information in a plain-text version of your form. This captures the GDPR fields your contact saw when they subscribed, so you can show that you accurately described your marketing activities. You can view this information at any time on the contact’s profile page.
You can edit the opt-in preferences for your contact here, but we don’t recommend it. If you choose to edit your contact’s preferences, make sure you have their express and verifiable consent.
If you are a MailChimp user and are looking for support, please feel free to get in touch.