Hooray! GDPR is almost here! And you might be one of the thousands of businesses wondering how on earth you should reconfirm your MailChimp email list, and how you’ll ever find the time to do it.

MailChimp does have some GDPR tools, but these are basic, and they don’t offer you a super-easy way to refresh your list. (Which they should!)

Here’s the quick trick we used to:

  • Reconfirm subscribers
  • Capture those confirmations permanently
  • Seamlessly create a fresh, new GDPR-friendly list.

Why Reconfirm Mailchimp Lists for GDPR?

You probably know what GDPR is, and why you need to be aware of it as a small business owner.

You’ll probably know that there are huge fines for non-compliance, and potentially expensive and time-consuming processes to follow if someone complains about your use of their data.

With just one week to go, it’s very important that you do something about your email marketing list right now.

From 25th May 2018, it also won’t be OK to send marketing emails to people without explicit consent. But you might have signed them up by:

  • Adding them to your list yourself, because they’re a customer, and you figured it would be OK
  • Having a pre-ticked subscription box on your website
  • Using emails gathered during marketing campaigns without really checking if they wanted to be added to your list
  • Signing up everyone you’ve ever emailed, whether they like it or not.

Under GDPR, none of those things counts as explicit consent. I’ve seen some comments about this being ludicrous, or unenforceable. In my opinion, it’s better not to risk it.

There’s another potential issue. Over time, people tend to forget that they signed up to lists, particularly if you email them infrequently. If you’re seen to be spamming — simply because they’ve forgotten they signed up — you could be in hot water if you don’t have proof of consent. (If you can prove that they signed up, great… but really, you should be reaching out to them to reconfirm that if you aren’t sure).

Our way is a basic (but fast) method. We’re going to collect consent outside of MailChimp, but without sending mass emails outside of MailChimp.

You will need:

  • Your existing MailChimp list
  • Some method of tracking incoming emails (we’re going to use Zendesk)
  • About 10 minutes to get it set up and sent out.

If you have a large list, re-importing the people who confirm may take you longer than 10 minutes. But this is still faster than the other methods we tried (and gave up on).


Step 1: Create a New MailChimp Campaign

Here’s the newsletter that I wrote for our first GDPR reconfirm campaign. (Please don’t subscribe to the list at the top; it was sent from our old GDPR list, which will soon be deleted.)

This email is a different format to the email newsletters that we normally write at Red Robot, because:

  • The only thing that matters is the button
  • Every business in the world is sending GDPR reconfirm emails; you need to try to make it look like fun.

Look; nobody cares about your privacy policy. Everyone loves David Shrigley. So let’s go with a gif instead of lots of GDPR blurb:

Red Robot GDPR Mailchimp Reconfirmation Email

I strongly recommend that you don’t put anything other content in this email. Think of it as a landing page. The desired action needs to be clearly pointed out. If you start piling up links, offers, discount codes, or blog links, you’re going to confuse people.

Also, think about the subject of the email. “We Love You and Don’t Want to Lose Touch” is nice. “Action Required: GDPR Reconfirmation” may go straight in the Trash.

Step 2: Set Up Your Button

Consent is the important thing here, so this button really needs to do something trackable.

I don’t really want to sign people directly up to a new MailChimp list because I have double opt-in switched on. I’m trying to make this easy — and less annoying for my valuable subscribers.

So instead, the button here is linked to an email address, with a pre-filled subject and message.

Mailchimp Campaign Email TemplateThe recipient just clicks and sends. There is no need to edit anything:

Reconfirmation email for GDPR

The resulting email is going to go into our Zendesk account because [email protected] is associated with it already.

You can probably think of other ways to do this, but for us, it achieves three important things:

  • It creates a log in the user’s Sent Items; they might not keep this forever, but they’ve at least got a record that they voluntarily subscribed, which keeps you compliant with GDPR
  • It creates a record in Zendesk for your business, which you could print or save if you wanted to
  • It gives you an easy way to reply without falling into an email K-hole.

You could just collect normal emails, using a dedicated address. I wanted to keep everything categorised in Zendesk because I’m used to using tickets instead.

Step 3: Collect Your New Subscribers

Within seconds, we had our first subscriber. Within 45 minutes, I had the beginnings of a new, super-engaged, GDPR-friendly, and squeaky-clean list:

Zendesk GDPR Reconfirmed EmailsHere’s a tip if you’re using Zendesk. On the most basic accounts, all unassigned tickets get sent out to every agent. That’s going to annoy everyone on your team if lots of people respond. I recommend turning off Zendesk’s emails when a new request comes in, and then turning on alerts in the Zendesk app if you need to.

Once you have your new list members, you can create an upload file to put them into a fresh new MailChimp list via an import. Strictly speaking, you shouldn’t ever do this for a clean GDPR list. But since we have their Zendesk requests as proof of consent, we’re covered.

If you use Zapier, and you have a more advanced paid Zendesk plan, you can create an integration that will automatically put these emails into MailChimp, or a Google Sheet. I don’t spend enough on Zendesk to be able to do that, so I can’t explain exactly how it’s done in this article.

By the way: it’s a good idea to turn on double opt-in for the new MailChimp list, and enable the GDPR fields:

Also, don’t forget to switch over any signup plugins or forms to point to the new list.

Step 4: Send Out the Second Reminder

Check the open rate on the first email you sent. If it’s fairly low, you might want to send out a reminder. You must do this before 25th May, 2018. But everyone and their dog will be sending a similar email at 9am on the 24th, so you might want to avoid leaving it until the last minute.

Before you send this final email to your old list, you should remove people who have already responded. It’s not nice to send a chase email to the people that have already done what you’re asking them to do.

At 9am on the 25th, process your final reconfirms, delete your old list from MailChimp and double-check that all of your sign-up forms point to the new one.

Update: when I sent out the second email, I decided to embed a MailChimp sign-up link, rather than using a click-and-send email button. I think I’d have had more success if I stuck with the original method; skip to the end for the stats.

Reconfirming Your List in MailChimp the Easy Way

MailChimp has an alternative suggestion. It recommends that you reconfirm your list by sending a mass email outside MailChimp. (Yes, this is the best they can offer.)

If you do this, I guess you’ll probably just get your emails marked as spam. And there’s also no way to automatically remove people who haven’t reconfirmed, so it doesn’t achieve anything.

I looked at other methods for reconfirming our list, including setting up another email list on either MailChimp or SendGrid, and signing people up from one list to the other.

Unless you have tons of time, you just won’t be able to use two services before the deadline for GDPR. There’s just no time to learn how to use two different email services properly. And I didn’t really want to make people do a double opt-in for a new MailChimp list, as I explained above.

Final Tip: Make Peace with GDPR

I understand why businesses have an issue with GDPR. But I also understand why people are infuriated when they are signed up for mailing lists they don’t want to be on.

Additionally, if you’re going to spend lots of money paying someone to write your email newsletters, you’ll want to ensure that the people receiving those emails are likely to read them, and act upon them.

GDPR has put a heavy burden on some small businesses, but the MailChimp GDPR reconfirmation actually turned out to be a lot easier and more successful than we expected. The key thing is to do it today. Don’t leave it until the last minute.

Update: One Week On, How Did it Go?

I thought it would be useful to update this post with some figures so you can see how our MailChimp reconfirmation project worked out, and how many people signed up to our new, GDPR-compliant MailChimp mailing list.

  • The first email had a 44.3% open rate
  • The second email had a 36.8% open rate. (Remember: this email only went out to people that hadn’t responded positively to the first one.)

The usual open rate for our monthly newsletter is between 21% and 40%, so these are pretty pleasing numbers — especially when you consider that everyone was sending similar emails about GDPR that week, and most people were sick of the sight of them.

We retained 25.3% of our original list members. It’s difficult to find out whether this is close to average. In this blog post, Greg Cooper speculates that businesses will lose up to 60% of their list.


  • The 80:20 rule suggests that a retention rate of 25.3% feels about right for a super-clean, engaged list
  • I’m not too concerned about losing subscribers who’d rather not hear from us anyway.

Final point: We had some clicks via the second email, but none of them signed up. This may be because they were just curious, and clicked to see what would happen, or it could be that they couldn’t be bothered to complete the MailChimp double opt-in process.

If it’s the latter, I’m pleased that the first email just had an email link, since that probably helped us to get the numbers up.

If you’re still hunting for GDPR help, Paul’s put together a useful guide to writing GDPR privacy policies and data protection documentation, and here’s another article about setting up WordPress GDPR tools and settings.

This blog post was first published on 17th May, 2018 and was updated on 29th May, 2018.

The following two tabs change content below.

Claire Broadley

Technical writer, blogger, and editor at Red Robot Media
Claire Broadley has been a technical author and web content writer at Red Robot since 2010. She contributes to dozens of websites, focusing on consumer technology, online privacy, digital marketing, and small business topics.
Share this:
Show Buttons
Hide Buttons