It’s been coming for what feels like an age. GDPR is here and I for one am looking forward to a more data-secure future with less spa…. Another email?!

The build-up to today has been fascinating to watch. Here’s what I’ve learned.

People love to sell with scare tactics. Scaremongering was rife in the early days following the announcement of the legislation, with many looking to cash-in on the change. Warnings around the hefty fines and what needed to be done were touted endlessly, even before the final draft of the regulation was agreed. This led to much confusion and businesses hastily taking incorrect action.

Businesses love to act last-minute. How many opt-in or privacy policy emails have you received in the past week? And how many re-opt-in emails have you actually responded to? The mass of last-minute messages become a running joke across social, with yesterday being branded ‘GDPR Eve’. If you’re anything like me, you will have ignored about 90% of the re-opt-in emails and are looking forward to a ‘spam-free’ inbox (we’ll see…). This suggests a lot of us like to willfully ignore what’s coming up, before facing an “oh shit” moment at the last moment.

We never realised we were on so many email lists. I’ve received tons of emails from companies I’ve never even heard of asking if I want to stay in touch. Who knows when I first interacted with them. This taught me two things: 1. How inconsistent many companies email marketing efforts are, and 2. How many paid-for lists my data must appear in.


We’re glad something significant about data protection is happening. Everyone I’ve spoken to is pleased that laws regarding data security are catching up with the times. This has meant significant change for some companies, but everyone going through the process understands it’s for the better and feel more comfortable knowing others must now take the protection of their data seriously.

We never realised how much our data is being used by social media sites. We knew that the likes of Facebook and Twitter have extensive data on us and use this to make their billions. But with data security brought to the fore, we’re now more aware about how they’re using this data and the impact it’s having on modern society. I imagine this will make many of use more wary of the updates we make to our profiles.

The post-deadline fallout will be interesting to watch. Will the ICO make an example of large businesses who fail to do right by the regulation? Will small businesses keep up with best practice?

I’m hoping that today will be held up as a landmark moment in data protection: the point at which a majority of companies upped their data security game and cyber crime took a landslide. However, we’re also likely to see a lot of media shit-stirring over the next few months – with inevitable, unfortunate casualties.

Don’t forget: we’ll have to do it all again at the end of 2019 (probably) when the ePrivacy Law overrides PECR. At least next time we’ll be better prepared for what’s ahead.

What’s been your experience of the GDPR roll-out? Let us know on social, @ContentsFuture.