Guides Tool check
Mailchimp & GDPR: Use US newsletters legally compliant
Mailchimp is powerful, but a US provider with tracking. What you need for legally compliant email marketing.
Where the risk lies
Mailchimp transfers subscriber data to the US and uses tracking (opens, clicks) as well as cookies in embedded forms.
Without a clear legal basis and transparency, this is open to criticism – both in terms of the mailing and the registration form on the website.
Conditions for use
AV contract, double opt-in, transparency regarding data transfers to the US and tracking, and consent for embedded forms.
- Data Processing Agreement (DPA) with Mailchimp (Intuit).
- Double opt-in for newsletter subscriptions.
- US data transfer + tracking in the privacy policy.
- Load embedded forms in a consent-compliant manner.
EU alternatives
Anyone wishing to avoid data being transferred to the US should opt for European email tools.
Brevo, CleverReach and RapidMail host their services within the EU, significantly reducing the effort involved in data transfer.
Conclusion
Mailchimp can be used with an AV contract, double opt-in and transparency – EU tools make it easier.
Not sure whether your registration form is loading properly or whether your privacy policy is up to scratch? A free scan and a quick chat will sort it out.
Let's take a quick look at your sites
In a 15-minute call you’ll see where your client sites stand — and how to secure them effortlessly.
FAQ
Can I use Mailchimp in the EU?
Yes, with an AV contract, double opt-in, and clear disclosure of data transfers to the US and tracking in the privacy policy.
Do I need a double opt-in?
Yes, double opt-in is the standard procedure for legally compliant newsletter subscriptions in the EU, and proof of this is required.
What EU alternatives are there?
Brevo, CleverReach and rapidmail are popular alternatives that are hosted within the EU.