Plain & Simple GDPR Updates

The data protection act is being updated. This update is known as GDPR, and impacts the way you treat data in your business. We'd love to send you updates as they come through so that your business is compliant. Add your details here, and we'll send you email updates about GDPR

We won't add your details to any other list or share them. You can unsubscribe at any time. For more information see our Data Privacy Policy  

MailChimp, Marketing & GDPR

mailchimp and GDPR instaThere’s been a lot of talk about Mailchimp’s decision to make single opt-in the default on 31st October. Here are 10 things you need to know about marketing with MailChimp and GDPR.
STOP PRESS
Mailchimp have decided to those of us based in the EU remain on single opt-in so we can more easily be GDPR compliant.  Here’s their announcement.
However even if you are not based in the EU if you are selling to people in the EU, the directive applies to you.
  1. The GDPR does not mention the word double opt-in. What it asks for is an audit trail of ‘granular’ consent. Double opt-in is one easy way to provide this – since it means no-one else could have added the individual to your list. It has a downside and that is that your lists are smaller since many people forget the confirmation bit and don’t get that far.
  2. I have always gone for double opt-in lists for sales and marketing. They are smaller. The upside is my open rates are between 25% and 60% depending on the list.
  3. I sometimes use single opt-in for the automation that onboard customers who have already paid me and give them the service they asked for. I may consider it for webinars as it is important everyone gets the link to join.
  4. MailChimp prioritise whose newsletters go out using an algorithm that includes open rate, so having a low open rate can get your mailings delays (and even categorised as spam).
  5. MailChimp charges by users (in a range) so a low opening list can mean you are paying for subscribers who never see your marketing messages
  6. Consent under GDPR is ‘granular’ so if you are signing up someone to a list you need to be clear at the point of sign up:
    1. What they will get as a result of signing up – ie information, sales and marketing – be specific
    2. Where the data will be held, how long for and for what purpose
    3. You can link to a data privacy policy = but it should be in plain ordinary English and not hide behind jargon.
    4. Negative boxes (opt out if you don’t want) are gone. Whether that is for data sharing, being phoned or anything else.
    5. You may need more than one box if you go for clarity – ie can we email you, can we call you…
7. MailChimp allows you to create forms so that when people sign up for the first time to a list, they can see all of this, and then do the double opt-in. This can make GDPR compliance easier see here for information on how to set this up.
8. MailChimp is neither compliant nor non-compliant for GDPR. It is you who need to be GDPR compliant in terms of how you use the data available.
9. MailChimp data is held in the USA. They have a data privacy shield. As long as your data privacy policy makes it clear data is going to the USA this is OK for ordinary data.  See here for more information . If you collect information about health, politics or sexual orientation or political views – let us know as this may need extra protocols. If you subscribe, you will get more information about this in our webinar trainings and masterclasses.
10. You get an unsubscribe link on each email – make sure it is visible for people to see so they can unsubscribe.
If you want your existing lists to remain double opt-in and to be your default to be you need to get in there by 31st October. If you have lost the notification email, just log into your MailChimp account – it appears as a notification there.

Mailchimp user levels

While you are there – take the opportunity to check user access.  See here for levels of access and how to change them  If you have other users then:
a. delete old users that no longer need access to your account
b. review user access levels. Set them to Manager, or below since those levels cannot export your data.
c. if you need to grant temporary higher level access to someone, make sure you turn it back down again when the job is done AND make sure MailChimp lets you know if any data is downloaded (MailChimp can do that).
d. Set up double authentication logins for all users (you get a discount on your MailChimp subscription for this too!).  See herehttps://kb.mailchimp.com/accounts/login/set-up-a-two-factor-authentication-app-at-login for more information on how to set that up.
Don’t panic. Stay informed. Stay happy.
If you have any more questions, asks me in the comments.
Annabel Kaye
P.S Join the GDPR mailing list for details on GDPR as it becomes available, training and additional GDPR support options for your business.

Annabel Kaye

The perfect business contract protects more than just your boundaries. The perfect business contract protects your clients in relation to things like Copyright, IP, GDPR, scope-creep and all the other things that eat away at your profitability. Book me to speak at your event or ask about becoming an affiliate. Check out our contract shop and GDPR support today and start earning what you should in your business.

Click Here to Leave a Comment Below

Leave a Comment:

contracts for VAs Favicon

Get GDPR Updates as they're announced. 

We won't add your details to any other list or share them. You can unsubscribe at any time. For more information see our Data Privacy Policy

x