8.2 Data protection impact assessment. To the extent necessary by applicable data protection legislation, Mailchimp (taking into account the type of processing and information available to mailchimp) provides all reasonably requested information about the service so that the customer can carry out data protection impact assessments or prior consultations with data protection authorities in accordance with data protection legislation. Mailchimp must comply with the above by adhering to: (i) Section 5 (security reports and audits); (ii) provide the information contained in the Agreement, including this DPA; and (iii) if the preceding subsections (i) and (ii) are not sufficient to enable the Customer to perform these obligations, upon request, additional appropriate assistance (at customer`s expense). For potential customers, it`s likely that your existing consents aren`t specific enough. But I`d start by looking at people who don`t open your emails (if you`re a mailchimp user, you can pretty easily create a segment based on people who didn`t open in the last x period). The appropriate period depends on how often you send your list by email. I look at people who haven`t opened for 3 or 6 newsletters. If your company has its headquarters in the European Union (EU) or if you process personal data of EU citizens, the General Data Protection Regulation (GDPR) applies to you. It`s important that Mailchimp doesn`t sell, rent, or trade user data. You should also be able to communicate to someone, among other things, how their personal data is used.

If they request it, you are obliged to transmit the personal data you have stored about a person or to offer them the opportunity to access it. 12.3 If MailChimp is necessary under EU data protection legislation, MailChimp provides information about the services (at the customer`s expense) so that the customer can carry out data protection impact assessments or prior consultations with data protection authorities, in accordance with the law. 5.3 Safety Duty of Care. In addition to the report, Mailchimp responds to all appropriate customer requests for information in order to confirm Mailchimp`s compliance with this DPA, including responses to information security, due diligence, and audit questionnaires, by providing additional information about its information security program to privacy@mailchimp.com at Customer`s written request, provided that the customer does not provide this right more than once per calendar year exercises. Hello Vicki, you are on the right track, but for some reason that may be unclear. While Mailchimp is headquartered in the UNITED States, you are subject to UK Data Protection Act, which will soon be updated by the General Data Protection Rules (GDPR) . . .