The GDPR aftermath

Well it’s here.  After months and months of build-up, panic and speculation GDPR (General Data Protection Regulations) has finally landed.  For some businesses, preparation was years in the making. We know of a law firm that took two years to put their new GDPR compliant systems in place.  For others, a mad panic in May was sufficient to scrape through to compliance. But, now nearly six months after the Regulation having come in to force, what impact has it made?  In this blog, we take a look.

The purpose of GDPR is to give EU citizens more rights over how their information is used. Companies must now show that they have a lawful basis for processing personal data or face hefty fines.

The first thing we have noticed is that businesses do genuinely seem to be taking GDPR seriously.  Up until as late as February we were speaking with businesses that shockingly knew very little about GDPR, let alone how their business was going to be compliant.  However, by May our inboxes were full of e-mails along the lines of ‘Please don’t go…’ ‘Don’t end our relationship’ and ‘Time is running out, stay in touch!’ asking for consent to hold our data.  There was however, a certain irony that some of these e-mails were themselves either in breach of GDPR or completely unnecessary as aptly summed up by Toni Vitale of law firm Winckworth Sherwood in this Guardian article.

Six months on and it is apparent that anywhere we are required to provide our personal data, we are presented with a form to sign, assisting with the company’s GDPR compliance.

Claims & website access

Already some claims have been issued against Google and Facebook for GDPR breaches.   Although they are tech giants, they were always going to be the easy targets for claims where data is concerned.

On 25th May – when GDPR came into effect – some high-profile US sites became temporarily unavailable to EU users because they could not confirm compliance with the Regulations. This included such big names as the LA Times and Chicago Tribune. Today, we are still seeing many sites – mainly in the US – insisting that you accept their cookie and privacy policies to access articles. It remains to be seen whether or not this ‘take it or leave it’ approach will be challenged in due course. However, the vast majority of sites are now making it much easier to opt in and opt out of different forms of data processing when using their sites.

The future for a GDPR-compliant UK

Fewer e-mails? Well maybe if you failed to sign up to all those newsletters and mailing lists again.   As an individual you may feel this is a good thing. After all, who doesn’t have too many e-mails in their inbox.  From a business perspective, this can be a somewhat scary prospect but marketeers are already becoming more creative in the ways they reach out to potential customers with Royal Mail even cheekily using GDPR to run its own marketing campaign encouraging greater use of ‘snail mail’ to ensure campaigns are compliant.

Crucially, with individuals becoming savvier than ever before about use of their personal data, failing to meet an individual’s expectations represents a real reputational and financial risk to business. As a result, companies have definitely become more cautious (dare we say over cautious?) in their approach. We’ve heard many stories of companies dumping historic photo libraries or contact databases due to lack of clarity over what permissions are required retrospectively, while others have changed their approach to whole swathes of marketing activity, from journalist outreach to website analytics and networking.

The BBC has even reported concerns about cyber criminals finding it easier to hide behind websites, knowing the providers of tools utilised by the police and other law enforcers can no longer hold their name, e-mail address and telephone number.    To read the full report take a look here


As with any new piece of legislation there will undoubtedly be further claims made to enforce individual rights under GDPR.  With such a wide-ranging scope, it will be interesting to see the nature of these claims, the ICO’s (Information Commissioner’s Office) capacity to deal with them and the stance it takes on various claims.

It’s fair to say that with GDPR comes the dawn of a new era, welcomed by some, feared by others.  For our part, we are excited to see what impact it will have on businesses’ marketing strategies and are looking forward to exploring this with our clients.

If you need any assistance with an aspect of PR or marketing, including how to ensure your marketing is GDPR compliant, please e-mail us at to find out more.


Back to Posts