Mailchimp Integration

Retrieve and delete Mailchimp subscriber records as part of DSAR workflows and include Mailchimp in your data map.

5 min read

Mailchimp Integration

DPOKit connects to Mailchimp via the Mailchimp Marketing API to include subscriber records in DSAR data exports and to action deletion requests by unsubscribing or permanently deleting contacts.

Mailchimp integration settings screen showing API key status, connected audiences, and data categories

Requirements

  • A Mailchimp account with API access
  • DPOKit Pro or Agency licence

Connecting Mailchimp

  1. Go to DPOKit → Integrations → Mailchimp.
  2. Enter your Mailchimp API key (create one at Mailchimp → Account → Extras → API keys).
  3. Click Test Connection — DPOKit will verify the key and list your audiences.
  4. Select the audiences to include in DSAR searches.
  5. Click Save.

Mailchimp connection screen with API key field and audience selector showing available lists

What data is collected for DSARs

When a DSAR access or portability request is processed, DPOKit queries each selected Mailchimp audience for records matching the requestor's email address. The export includes:

FieldDescription
Email addressSubscriber email
Statussubscribed / unsubscribed / pending / cleaned
Subscription dateWhen the contact subscribed
Merge fieldsFirst name, last name, and any custom merge fields
TagsAll tags applied to the contact
GroupsAny group memberships
Activity historyRecent email activity (opens, clicks) — if permitted by your Mailchimp plan

Deletion handling

When a DSAR deletion request is fulfilled, DPOKit can:

  1. Unsubscribe — sets the contact status to unsubscribed (contact record is retained in Mailchimp for suppression purposes)
  2. Permanently delete — calls the Mailchimp API to permanently delete the contact record (cannot be undone)

Choose the deletion behaviour at DPOKit → Integrations → Mailchimp → Deletion action.

Note: Permanently deleting a contact removes them from your suppression list. If they re-subscribe in the future, they will not be automatically excluded. Consider unsubscribing rather than deleting if you want to retain suppression protection.

Overriding the deletion action via code

// Force permanent deletion for all Mailchimp contacts on DSAR deletion
add_filter( 'pv_mailchimp_deletion_action', function( $action, $email ) {
    return 'delete'; // 'unsubscribe' | 'delete'
}, 10, 2 );

Data map entries

When Mailchimp is connected, DPOKit adds the following entry to your data map:

VendorPurposeData categoriesLegal basis
MailchimpEmail marketingEmail address, name, engagement dataConsent

You can edit the legal basis and data categories at Data Map → Mailchimp.

Hooking into Mailchimp DSAR events

// Fired after Mailchimp data is collected for a DSAR
add_action( 'pv_mailchimp_data_collected', function( $case_id, $email, $data ) {
    // $data: [ 'audience_name' => [ 'status' => 'subscribed', ... ], ... ]
    error_log( "Collected Mailchimp data for DSAR #{$case_id}: " . count( $data ) . ' audiences' );
}, 10, 3 );
 
// Fired after a Mailchimp contact is deleted/unsubscribed for a DSAR
add_action( 'pv_mailchimp_contact_deleted', function( $case_id, $email, $action, $audience_id ) {
    // $action: 'unsubscribe' | 'delete'
    error_log( "Mailchimp {$action} completed for {$email} in audience {$audience_id}" );
}, 10, 4 );

Connecting additional Mailchimp accounts

If you operate multiple Mailchimp accounts (e.g. for different brands), you can register additional API keys programmatically:

add_filter( 'pv_mailchimp_api_keys', function( $keys ) {
    $keys[] = [
        'label'   => 'Brand B Mailchimp',
        'api_key' => defined( 'BRAND_B_MC_KEY' ) ? BRAND_B_MC_KEY : '',
    ];
    return $keys;
} );

Store API keys in wp-config.php as PHP constants rather than in the database for security.

Consent integration

If you use DPOKit's consent banner and collect email marketing consent, you can wire up Mailchimp subscription actions to the consent event:

// Subscribe or unsubscribe from Mailchimp when a visitor updates their marketing consent
add_action( 'pv_consent_recorded', function( $consent_id, $categories, $ip_hash ) {
    // Only act if we have a logged-in user's email
    $user = wp_get_current_user();
    if ( ! $user->exists() ) return;
 
    $email      = $user->user_email;
    $mc_granted = ! empty( $categories['marketing'] );
    $audience   = get_option( 'pv_mailchimp_default_audience_id' );
 
    if ( $mc_granted ) {
        // Subscribe (or re-activate) the contact
        DPOKit\Integrations\Mailchimp::subscribe( $email, $audience );
    } else {
        // Unsubscribe the contact
        DPOKit\Integrations\Mailchimp::unsubscribe( $email, $audience );
    }
}, 10, 3 );

Troubleshooting

API key test fails with "Invalid API key"

Ensure you have copied the full API key from Mailchimp, including the datacenter suffix (e.g. abc123xyz-us21). The datacenter suffix is required.

Subscriber records are not appearing in DSAR exports

  • Confirm the requestor's email matches exactly what is stored in Mailchimp (case-insensitive).
  • Confirm the audience containing that subscriber is selected in DPOKit → Integrations → Mailchimp.
  • If the contact was permanently deleted from Mailchimp previously, no record will be found.

Deletion action fails with "Member not found"

The contact may have already been permanently deleted from Mailchimp. DPOKit logs this as not_found in the deletion confirmation record, which is treated as a successful deletion for DSAR purposes.