What is a contract?

Useful Advice: Were you misled about GDPR?

What is GDPR?

GDPR (General Data Protection Regulation) is an EU regulation in law which replaces the Data Protection Directive 95/46/EC. It came into effect on 25th May 2018 and was designed to harmonize data privacy laws across Europe.

Was it necessary to ask to opt in?

In the lead up to May 25th, many organisations were told by "experts" that they needed to contact everyone on their marketing database and seek explicit "opt in" to be able to remain in contact with these people. Whilst in some cases, this was true, in most cases it wasn't. If you were holding personal information gathered for a specific purpose (eg sending a monthly newsletter) then, providing you allowed people to unsubscribe and were not varying the purpose for holding this information, then there was no need to seek specific "opt in". Furthermore, there were some situations in which it is required to keep personal data, even if the subject does not want you to. This would include customers and staff whose data may be required by HMRC and needs to be kept for at least six years.

The problem is that IF you did contact your clients saying they would be removed from your database if they didn't opt in, then that's what you need to do!

Note that the bigger corporates, by and large, did not send out "opt in" emails. If anything, they sent emails or letters explaining their terms and conditions along with revised privacy policy details. These did not "require" people to opt in, they merely gave the option to opt out. That's the benefit of having corporate lawyers at your disposal.


So, what happened to those that sent "opt in" emails? I've done a lot of research and the situation is pretty depressing for their marketing departments. In the best case I came across, a Classic Car Parts supplier "only" lost 50% of their marketing database. Before the 25th May, they had 7,000 people who received their monthly bulletin. Now they only have 3,500. Next best was a Hampshire based tourist attraction whose database shrank from 11,680 to 4,802 (a drop of nearly 60%). Typically, companies lost 70% of their contacts overnight. For a company helping exhibitors display their business effectively at exhibitions all over the world, this meant that their marketing database shrank from 250,000 contacts, gathered over many years, to only 75,000.

Even tiny businesses were affected, a local health professional saw her database shrink from 234 to 46, a mere 20% of her original contacts list.

The consequences of this "advice" are that many companies are now placing themselves in greater danger of fines by ignoring the results of their mailshot and continuing to market to everyone that didn't specifically opt out. Ironically, the exact opposite of what they were trying to achieve.

Surely it was good to weed out databases?

One of the problems with an "Opt in" email that any competent IT professional could have foreseen was that a huge percentage of email gets caught by Spam filters (up to 90%) - that's because a lot of email IS Spam of course. However, Spam filters are by no means perfect and they filter out a lot of genuine email as well. This situation varies month by month and one month you'll get your favourite newsletter, the next you might not. This can happen for all sorts of reasons such as a company getting listed on a mail black list (possibly through no fault of their own) or changing mail servers.

There was also the GDPR overload effect, where we all got so many opt in emails that we started to ignore them unless we were really interested in remaining on a mailing list. You might argue that, as a business, you only want to be sending out emails or other marketing material to people who REALLY do want your products or services. That, in my opinion, is rubbish. Most marketing is directed at people who've expressed a vague interest in what you're providing. Take, for example, my local business networking group. At a recent meeting, one of the attendees thanked the organisers for continuing to send invitations by email for the last ten years. It had taken that long for her to see something persuasive enough to get her to attend. She might well come again now that she's seen how interesting the meetings are. She is exactly the type of person who probably wouldn't have opted in and would therefore have ceased to be invited.

Other traps and misdemeanours

Even the act of sending the opt in email put some companies in jeopardy. A local garage, ironically owned by a lawyer, sent their opt in email on 26th May (thereby contacting people after the deadline). To make matters worse, they CC'd (carbon copied) dozens of recipients, thereby sharing all their personal names and email addresses! Fortunately, their clients are unlikely to complain to the commissioner. Unlike Honda, who were fined £13,000 for asking people whether they wanted to be contacted in future (and that was before 25th May).

What now?

So what can you do if you did send an "opt in" email or letter. Well, firstly, DO NOT contact people who didn't opt in unless they specifically ask you to in the future. You risk large fines (up to 20 million Euros or 4% of turnover). Unfortunately, you will have to rebuild your marketing database the hard way. Make sure you note where your new contacts come from and make sure you get their consent for all the forms of marketing that you intend to send them. There's lots of information on the ICO Web site!

Having a Web site that works for you is a great start and being found in Google is a great way to get new enquiries. I am of course, biased, having offered this service for over twenty years. However, many of my clients will agree that it has been the best marketing investment they've made.

The future?

Sadly, I predict that the poor information given to many companies regarding opt in emails will drive some of them out of business over the next few years.

More Useful Advice from the IT Expert Witness