As long as it is being disclosed, then there is not a massive problem. They have a Data Processing Addendum [1] that covers GDPR stuff, and the whole Privacy Shield stuff from last year doesn't matter too much because Standard Contractual Clauses are still valid (which that DPA is a part of [2]) so nobody is doing anything illegal if they are following the rules that were set out.
Obviously there are still plenty of companies that /don't/ follow it, but that doesn't rely on Mailchimp being involved.
Standard Contractual Clauses need to be validated by the EU on individual bases, those companies have with companies in the EU are most probably not enough - but this is not tested yet.
At least for Germany it's clear that Standard Contractual Clauses in the way they are now, are not enough. Because they don't solve the problem of the NSA grabbing data without EU citiziens having any rights.
German data protection agencies have started a project for 2021 where they have compiled lists. I would assume everyone using MailChimp will get a mail from an agency this year.
Obviously there are still plenty of companies that /don't/ follow it, but that doesn't rely on Mailchimp being involved.
1. https://mailchimp.com/legal/data-processing-addendum/ 2. https://mailchimp.com/help/mailchimp-european-data-transfers...
Edit: That's my understanding from reading their docs last year, anyway