If your business is based in the European Union (EU), or you process the personal data of individuals in the EU, the General Data Protection Regulation (GDPR) affects you. In other words, GDPR consent in Mailchimp is not optional — it is a legal requirement for collecting subscriber data from EU residents.
Moreover, Chimpmatic Pro includes built-in GDPR consent settings that let you map consent fields from Contact Form 7 directly to Mailchimp. As a result, new contacts who fill out your signup form give explicit permission before being added to your audience.
What Is GDPR Consent in Mailchimp?
GDPR requires that you collect explicit, verifiable consent before adding someone to your email list. Specifically, this means visitors must actively opt in — pre-checked boxes do not count as valid consent under GDPR.
Mailchimp supports GDPR consent through dedicated consent fields in your audience settings. In particular, these fields let you ask subscribers for permission across different marketing channels:
- Email — Permission to send marketing emails.
- Direct mail — Permission to send physical mail.
- Customized online advertising — Permission to use data for targeted ads.
When GDPR consent in Mailchimp is enabled, each subscriber’s profile records exactly what they consented to and when they gave that consent. This creates an audit trail that satisfies GDPR requirements.
How Chimpmatic Pro Handles GDPR Consent
Chimpmatic Pro adds GDPR consent settings to your Contact Form 7 form editor. Furthermore, these settings allow you to map CF7 checkbox fields directly to Mailchimp’s GDPR consent fields — without writing any code.
The process works like this:
- Step 1: Enable GDPR fields in your Mailchimp audience settings.
- Step 2: Add consent checkboxes to your Contact Form 7 form.
- Step 3: Open the Chimpmatic tab in the CF7 form editor and map each checkbox to its corresponding Mailchimp consent field.
After that, every form submission records the subscriber’s consent choices in Mailchimp automatically. Consequently, you have a clear record of what each subscriber agreed to.
Adding Consent Checkboxes to Your Form
In your Contact Form 7 form editor, add checkbox fields for each type of consent you need to collect. For example, a basic GDPR-compliant form looks like this:
[text* your-name placeholder "Your Name"]
[email* your-email placeholder "Your Email"]
[checkbox gdpr-consent "I agree to receive marketing emails"]
[submit "Subscribe"]Additionally, make sure the checkbox is not pre-checked. GDPR requires that consent is freely given — the subscriber must actively check the box themselves. In fact, pre-checked consent boxes are explicitly invalid under GDPR Article 7.
Mapping Consent Fields in Chimpmatic
Once you have added checkboxes to your form, open the Chimpmatic tab in your CF7 form editor. In the GDPR Consent section, map your CF7 checkbox mail-tag to the corresponding Mailchimp GDPR field.
For instance, if your checkbox tag is [checkbox gdpr-consent], map gdpr-consent to the “Email” consent field in Mailchimp. As a result, when a visitor checks the box and submits the form, Mailchimp records their email marketing consent with a timestamp.
Verifying Consent in Mailchimp
After a subscriber submits your form, open their profile in Mailchimp. Navigate to the subscriber’s contact details and look for the GDPR consent section. Specifically, you should see:
- Which consent fields the subscriber opted into.
- The date and time they gave consent.
- The source of consent (your Contact Form 7 form via Chimpmatic).
This information is essential for compliance audits. In short, if a regulator asks you to prove consent, Mailchimp provides the evidence directly from the subscriber’s profile.
GDPR Consent vs Double Opt-in
GDPR consent and double opt-in are related but serve different purposes. Most importantly, they are not interchangeable:
- GDPR consent records what the subscriber agreed to — specifically, which types of marketing communication they permit.
- Double opt-in verifies that the subscriber owns the email address by sending a confirmation email.
For the strongest compliance, use both together. GDPR consent captures permission, while double opt-in confirms identity. For more details on setting up double opt-in alongside GDPR consent, see Mailchimp Double Opt-in Setup.
Common GDPR Consent Mistakes
However, there are several mistakes that can invalidate your consent collection:
- Pre-checked boxes. GDPR explicitly requires active opt-in. Consequently, any pre-checked consent checkbox is non-compliant.
- Bundled consent. Do not combine multiple consent types into one checkbox. Instead, give subscribers separate checkboxes for email, direct mail, and advertising.
- Missing consent records. If Mailchimp does not show consent data for a subscriber, check that your Chimpmatic field mapping is correct.
- Vague language. Use clear, specific language that explains exactly what the subscriber is consenting to. For example, “I agree to receive weekly marketing emails from [Company]” is better than “I agree to communications.”
Next Steps
- Mailchimp Double Opt-in Setup — combine double opt-in with GDPR consent for maximum compliance.
- Connect Contact Form 7 to Mailchimp — full setup guide if you are starting from scratch.
- Mailchimp Default Audience Fields Explained — understand all audience merge fields.
- Mailchimp GDPR consent documentation — official reference for GDPR-enabled signup forms.