GDPR and Marketing

GDPR and the Effect on Marketing Communications

“Nothing was your own except the few cubic centimetres inside your skull.” – George Orwell 

Contained in the pages of his famous dystopian novel, “1984”, Orwell warns of a future where privacy is a luxury and independence an anomaly. 

Before the General Data Protection Regulation (GDPR) was introduced on the 25th of May 2018, he may have been onto something. But this regulation brought about the introduction of data rights and perhaps more notably, it brought the tactics that marketers had relied on since the dawn of the Internet into disrepute. 

However, “privacy as we understand it” (1) is 150 years old (1) and The European Data Protection Directive has been around for almost 25 years (2). So, why now, over the past two or three years, has GDPR gathered so much momentum? 

GDPR has become such a topical issue because, as stated in The Economist, “The world’s most valuable resource is no longer oil, but data” (3) 

GDPR’s value is indisputable and its merits non-negotiable, nevertheless, its implementation has caused a great deal of disquiet among marketers and consumers alike. 

And even now, a year on, GDPR is still effecting our brands and businesses. 

Many of you will remember the 25th of May 2018 not as the day your data rights were instated but as the day your mailboxes were inundated. 

In fear of the imposition of astronomical fines, many companies sent out mass emails requesting consent under the new legislation. But it would have saved them a great deal of time and you a great deal of frustration had some-one realised that only a small number of these companies had a legitimate reason for contacting you.

Aside from the fallacy, the GDPR was implemented to limit turnover and lambast marketers, the array of myths that surround this legislation have yet to be dispelled. 

Realistically, the only companies that were required send out re-consent emails for marketing were those that could not clearly demonstrate how this consent was legally obtained. Breitbarth states it clearly: “If I buy something from a store, they can send me their communications based on legitimate interest, with a clear unsubscribe/opt-out. But if there is no existing relationship, and I only want a newsletter to stay informed on promotions, but never buy, consent is indeed required.” (4) 

Ironically, some of those companies that were most determined to abide by the law actually ended up in a grey area of it. “The ICO also points out that in some cases “it may not” (4) have been “appropriate to seek fresh consent.” If companies are unsure of how they collected the contact information in the first place, they may have no grounds for contacting the user at all.” (4) 

In an attempt to comply with regulations, many companies have allowed fear rather than logic to govern the decisions they make surrounding the implementation of GDPR. 

Protecting consumer data is essential but as The Huffington Post points out, “overprotection of consumer data will slow business growth. Since all business is digital, that’s a big deal.” (5) 

A fundamental issue is that the overprotection of consumer data has led to a fear that any form of data collected legitimately by a company or organisation is for ill intent.

And even when consumers rights are being protected, issues such as “check the box” fatigue” (6) come into play. “Opt-in consent language is presented so frequently on websites and apps that consumers don’t read the consents and just check the box, waiving their privacy rights.” (6) and undermining the legislation that sends a wave of panic down most business owners spines. 

Issues of overprotection were exacerbated when news broke that the OPW’s Data Protection Officer Liam Kelly, had ordered the removal of visitors books in places such as Muckross House and Dublin Castle, “citing fears over data protection.” (7) Such a blatant over-interpretation of GDPR is immensely damaging and, as a business owner, it is crucial that you work to remedy this 

As “any modern-day marketer knows, data is crucial for doing business.” (8) “Regardless of the regulations introduced, personal data will remain an essential tool for businesses to conduct marketing activities, especially in the digital environment.” (9) 

Many of today’s consumers expect relevant and personalised experiences and are not be opposed to marketing emails. A study on this topic found “75% of consumers were willing to share their address, name, mobile phone number and date of birth with companies for a product or service they value. The figure jumped to 80% if the consumers received special offers or data-enabled benefits like reward points or product recommendations.” (10) Consumers want a personalised experience and they are open to data collection but they need a guarantee that providing personal information is not going to infringe upon their right to privacy. 

In an attempt to comply with GDPR, many companies have simply instilled fear within their customers. They have bombarded them with emails, con-fused them with jargon that is incomprehensible to most and allowed an environment of scepticism and mistrust to develop.

They have failed to reassure consumers that storing information on their age demographic and country of residence is not akin to a Cambridge Analytica style hack. 

It should be the priority of every business owner and marketer to comply with EU regulation. However, it would be a detrimental and naive mistake to continue scaremongering and unnerving customers in pursuit of this.


1 https://medium.com/the-ferenstein-wire/the-birth-and-death-of-privacy-3-000-years-of-history-in-50-images-614c26059e

2 https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en

3 https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data

4 https://iapp.org/news/a/are-all-these-gdpr-consent-emails-even-necessary/

5 https://www.huffpost.com/entry/why-europes-stance-on-data-privacy-is-bad-for-busi-ness_b_59b98eb5e4b02c642e4a1378?guccounter=1&guce_refer-rer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAAJc-CohVHkrnM2TiUNk5Ayc8o6yNGqDbyqdM2omvNWF8GY-HAKWI7k46aWJ3Tj50Go3UIIBuq2yZvALWqlmKUg1dl0EXnmac-rmiEkEn3NUmYIpa8o6USm_PSWNmdDKRc0bOEfQ1ktlOzrmq6os9GeHAIUaI-yNA6O8vHhRxh2XMZ2

6 https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpected-consequences-of-gdpr/#491f363294ad

7 https://www.thejournal.ie/opw-visitor-books-ban-gdpr-4778906-Aug2019/

8 https://marketingland.com/privacy-a-year-later-how-the-gdpr-has-affected-ai-powered-market-ing-260868

9 https://advisera.com/eugdpracademy/blog/2019/02/20/how-does-gdpr-affect-digital-marketing/

10 https://www.huffpost.com/entry/why-europes-stance-on-data-privacy-is-bad-for-busi-ness_b_59b98eb5e4b02c642e4a1378?guccounter=1&guce_refer-rer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAAJc-CohVHkrnM2TiUNk5Ayc8o6yNGqDbyqdM2omvNWF8GY-HAKWI7k46aWJ3Tj50Go3UIIBuq2yZvALWqlmKUg1dl0EXnmac-rmiEkEn3NUmYIpa8o6USm_PSWNmdDKRc0bOEfQ1ktlOzrmq6os9GeHAIUaI-yNA6O8vHhRxh2XMZ2