In this article, we’ll be outlining some tips to help you comply with the General Data Protection Regulation (GDPR) privacy law, which takes effect on May 25, 2018. This article is provided as a resource, but is not legal advice.
First things first. Since you install our Mailchimp for WordPress plugin on your own site directly, all data is flowing directly from your site to Mailchimp (and not through us). Therefore, you do not need to sign a data processor agreement with us. You do need this for Mailchimp.
Using Mailchimp for WordPress for GDPR compliance
We recommend reviewing the following usages of the plugin to make sure your GDPR compliance is not negatively affected. Please note that this is not a complete list of what you need to do to be compliant.
Always ask for explicit consent to transfer data to Mailchimp
This means always asking your visitors before sending their data to Mailchimp, while not pre-checking any of the sign-up checkboxes that our plugin provides (under Mailchimp for WordPress > Integrations).
We recommend enabling double opt-in so you have additional evidence of consent.
Inform users that data is being transferred to Mailchimp
Use clear language in your sign-up forms, explaining that personal information is being sent to Mailchimp.
Another example, linking to Mailchimp’s terms of service and privacy policy.
You can add a checkbox like this by going to the page where you edit your form (WP Admin > MC4WP > Forms > Edit) and choosing the “Agree to terms” form field.
Update your cookie policy
If you are only using our sign-up forms then the plugin does not set any cookies. However, if you are using our e-commerce integration then some cookies are set. You can get an overview of the cookies used here.