Posted on
by

Last week I received an e-mail from Mailchimp saying

Starting October 31, single opt-in will become the default setting for all MailChimp hosted, embedded, and pop-up signup forms. This change will impact all MailChimp users

When I read it, I thought it odd, as in the EU the double opt-in is needed, especially with the new General Data Protection Regulation coming next year.

Today I received another e-mail from Mailchimp that they were rolling their plans back for EU customers.

…because your primary contact address is in the EU, your existing forms will remain double opt-in. We made this decision after receiving a lot of feedback from EU customers who told us that single opt-in does not align with their business needs in light of the upcoming GDPR and other local requirements. We heard you, and we’re sorry that we caused confusion.

Now I am curious to see if they will send out another e-mail in the coming week also reinstating double opt-in for everyone else. Because as they already say in their own e-mail:

Double opt-in provides additional proof of consent, and we suggest you continue using double opt-in if your business will be subject to the GDPR.

That includes any non-EU business that has clients or indeed mailing list subscribers in the EU, as the rules follow the personal data of EU citizens. All those companies are subject to the GDPR as well.

One reaction on “Mailchimp Meets GDPR

  1. […] One of the exciting novel concepts in the GDPR is that the legal obligations follow the data. The GDPR applies to any organisation holding data about EU citizens, regardless where they reside themselves. Another is that EU citizens must be able to clearly understand how data about them is collected and used. Terms of service where the snake hides on page 312 of a document full of legalese is no longer acceptable. This means that your data usage must be out in the open, as every individual has the right to verify how their own data is being collected, stored and used, as well as to export that data and withdraw consent. Compliance is recast from being a disadvantage to being a precondition and source of competition. To me it seems the GDPR is bringing the law much closer to our digital times. It paves the way for ‘ethics by design’ concerning data, and use it as a distinguishing factor. It also sets a de-facto global standard (although not everyone seems to realize yet). […]

Comments are closed.