Skip to content

Why I’m spring cleaning my Mailchimp account for GDPR

March 9, 2018

Almost everything I do in my business is just-in-time project based.  I agree a short term project, and deliver it, and move on.  So thinking about what data I hold and process, it is virtually all project-related and will vary accordingly.

Other than that, there is one main place where I hold and process data and that is that I maintain a database of ‘interested parties’ on Mailchimp, and I send them an e-newsletter from Ruthless Research about twice per year.

Under the new GDPR, consent must be verifiable and obtained through unambiguous indication with clear affirmative action or statement.  In practice, this means that whenever you collect/process personal data you must keep a record of who consented, when they consented, how they consented and what you told them to acquire this consent.

I do not have this information for all recipients of my e-news.

Full disclosure.  At the start of my self employment I gathered up my contacts and emailed them all together, and somehow it became a more ‘formal’ e-news thing along the way.  I’ve been manually adding in my new clients to the list, ongoing.  I suppose I’ve assumed their consent is implied.  Some people have been receiving this e-news for years and have had every opportunity to unsubscribe, and occasionally people do.  I don’t do anything else with this clump of personal data, other than a couple of emails per year and a scan of the analytics.  It just sits quietly in Mailchimp.

Well that’s not good enough under GDPR and fair enough.

So, clean slate.  If we’re doing this we’re doing it right.

To make absolutely sure that all is above board I made the decision to ask everyone on the mailing list to opt in again, using a customised Mailchimp sign-up form.  This means I have given everyone on the list information about the storage and usage of their data and that Mailchimp has kept a record of the date of their explicit opt-in.

It is a big decision though, because the ethical way to do this is to delete my existing database and start a new one.  I know I’ll lose e-news subscribers this way.  Nevertheless, my business is all about ethics so I need to be sure I’m ethical through-and-through.

In case you’d like to do the same, here is a link helpfully explaining how to ‘reconfirm’ a Mailchimp list and here are the actions that I took to make sure my Mailchimp use is GDPR compliant:

  • I created a new ‘list’ (database) in Mailchimp, for subscribers to opt in to.
  • I created a new GDPR compliant sign-up form to this list using Mailchimp.
  • I downloaded my existing e-news database list from Mailchimp.
  • I sent out a bcc email to everyone on this list using my Ruthless Research email account, explaining the ‘opt in’ process.
  • I deleted this email from my sent items so that I didn’t have record of the email addresses I sent it to.
  • I deleted my existing e-news database list from Mailchimp.
  • I electronically ‘signed’ Mailchimp’s data processing agreement which confirms they have an EU ‘privacy shield’.
  • I made notes on these actions, to keep on file.

And here’s the email that I sent out!  I’m pleased to say I have had a reasonable response.  If you have not done so already, why not sign up?

Dear colleagues

Perhaps you are aware that a new data protection regulation (GDPR) is coming into force in May, so for me this has led to a bit of a ‘spring clean’.

I would love to stay in touch with you, and to keep sending you my occasional e-newsletters.  To enable this, I store your contact details in Mailchimp and use this to email you (usually) two or three times per year.  I don’t use the information in any other way.

To make sure I am abiding by the new GDPR rules I need to make sure that everyone in my database actually wants to be there.  So…. lets do this properly!  I’m going to delete my list and start again to make sure I’m fully complying.

If you would like to continue to receive my e-newsletters on the basis described above, please could you fill in your details via the link below.  If you prefer not to receive my e-news no further action is required and your record will be deleted today.

Confirm your e-news subscription: here

Kind regards,

Ruth.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: