:: Updated 8th April 2018 with Additional Images (Bottom) | :: Updated 9th December 2017 ::

I’ve been asked about this a lot lately, so thought I’d put this blog post together with my understanding of the subject on.

There is more covered than just the ethical obtaining of email addresses to use for email marketing and if you have been using the MailChimp sign up forms correctly then you will not have anything to worry about.

There are a few ‘data protection’ bits to check in other areas of your business so I’ve included these too.

Although it is (an EU) law already, General Data Protection Regulation (GDPR) becomes enforceable on May 25th 2018. So you have a little while to get your business into shape.

Bottom line is that all of your contacts, clients, email addresses and the like must consent to being on your database; whether this be in MailChimp, on your computer’s address book / email system (iCloud) or book keeping system.

Your clients, customers, suppliers and contacts own their own data which you are looking after for the above guises.


Only relevant data is to be Stored

So email addresses and first names (plus other merge fields you use in MailChimp) and relevant information (which you have a need for) which is stored in your Contacts etc. e.g. you might not need a landline number if you have a mobile number for a client on file.


Consent must be Clear

As to why you are obtaining and keeping someone’s information. Even if you are giving something away like an eBook. So please state to people that to get your eBook they are in-fact signing up to your mailing list and will receive communication (newsletters) from you. MailChimp and your website design takes care of the technology side, you just need to do the rest.

Again this has been the norm for a while. MailChimp have this month (October 2017) launched an update to their system in asking the account holder to click to double opt in. Look out for the notification.

GDPR MailChimp Update LMOU

GDPR MailChimp Update LMOU


Record of Consent

You will need to keep record of consent. So it may be worth adapting terms and conditions of business and client sign up documents in order to do this. You will also need to be transparent on here how data is processed.


People have their Right to Withdraw their Consent

In MailChimp that can simply unsubscribe from your mailing list at any time. This has always been the case. MailChimp make it easy and an Unsubscribe button is provided on the bottom of every newsletter (campaign) sent.

Obviously if any of your clients or contacts ask to be taken off of your systems then you must do this manually.

Clients can ask you to pass their data back so you need to know where each piece of this is stored. As the business owner (or similar) you are the custodian of the data.


Check on your Supplier Protocol

You must check that suppliers of services follow the same protocol with their data and the use of any data you pass to them. E.g. log in details for client system / website hosting / FTP etc. Ask your suppliers for their processes (terms and conditions) on this and read these.

It might be worth having a data clean up before May 2018 and taking any client / lead information off of your systems which you don’t use anymore. It will protect you.


DPO :: New Business Role?

You’ll need to become a Data Protection Officer (DPO). Or appoint one in your business. To add to the many hats small business owners wear, this is the latest, so be prepared. To cover yourself entirely consider signing up to the ICO. ICO are the compliance authority on data protection. I’ve been a member for a while and they give great advice and run checks to make sure you are following protocol. I pay a yearly subscription and have a number I can display on my website.

The ICO has a direct marketing checklist and many other helpful things that you can use for GDPR for example.

Back in the office… Please note that Apple Mac computers are encrypted with FileVault. They need to be on the latest OS X e.g. High Sierra @ November 2017. Mac started encrypting data by default from OS X Yosemite (The one that came with all those lovely compatibility features!) which came out during late 2014.

iPhone data is encrypted by default.

FileVault Image GDPR 2017


Email Marketing (MailChimp) and GDPR

Everyone on your list ideally needs to have doubly opted into receiving your email newsletters. So if you’ve been a little in the grey area in the past (Have you ever uploaded an email list that you’ve obtained from a business event for example) now is the time to act and send out a campaign from MailChimp to ask people to opt in again, This time properly. Granted the response won’t be great, but you’ll be in the green for GDPR.

Business cards at networking events and similar are still open season for adding to your MailChimp list. Business cards are putting email addresses in the public domain and these can be marketed to, even under the new rules. Email addresses like this also are available still on business owner’s websites. You have given permission in a business setting.

We must now stop the assumption that people will unsubscribe if they are not interested. Instead they have to double opt in which implies consent.

This will actually have a knock on effect which may improve marketing for your business as you will be left with quality data. People who are interested in what you do. So quality over quantity. The extra effort may prove to be a win, win after all.

Segment your data in MailChimp to clear it up for GDPR. If someone hasn’t opened your email newsletter for the last 5 campaigns (5 months??) then you can delete them from your list as chances are they aren’t going to open an email ever.

Please note that MailChimp does not sell data from within it’s system. Please check out the following link.

MailChimp wont sell Data 2017

MailChimp wont sell Data 2017


Tackle GDPR in 6 Steps

  1. Clean up your data.
  2. Map the process you use.
  3. Update policies / Terms and Conditions.
  4. Re-gain consent and email marketing consent to opt in.
  5. Track consent and tweak where necessary.
  6. Check on supplier’s protocol.

If you like what you have read, or are abit confused, or now need some tea and cake – Then get in touch! Use the Contact Me form on this website and I’ll get right back to you!