Processing General Data Protection Regulation (GDPR) compliance requests


Occasionally you might recieve a notification like this:

We have received a request from an individual to permanently delete personal data from our systems. The individual’s email address is jsmith@example.com, and our records indicate that the individual is listed as a contact on one or more lists within your MailChimp account, APPC.

To the extent MailChimp is the controller of any personal data about this individual, we will promptly delete it from our systems.

With respect to data within your MailChimp account, you are generally the controller and MailChimp is the processor. As the controller of the personal data within your MailChimp account related to this individual, please delete their personal data. In accordance with data privacy laws, including the General Data Protection Regulation (GDPR), and MailChimp’s Terms of Use and Privacy Policy, we kindly ask that you comply with this request as soon as possible and in any case within 30 days.

Please keep in mind that if you’ve connected an integration that imports data into your MailChimp account, such as an e-commerce store, you may also need to delete this individual’s personal data from that integration to ensure it is not added back into your MailChimp account.

Don’t ignore these emails! There are a few steps you need to take to prevent a litany of litigation.

  1. Search your email and delete all emails from jsmith@example.com, aside from the GDPR compliance request. The request email will serve as our only record of this process.
  2. Search your contacts lists (Outlook, Gmail, phone, misc spread sheets) and delete any entries for jsmith@example.com. If you’re using a Mac this is as simple as typing the email address into Spotlight and seeing if any contacts show up.
  3. Search the Entries section of all public Gravity Forms for jsmith@example.com and delete any matching entries.

That’s it.