GDPR: where are we now?

There are many references to ‘post-GDPR’ – but there is still a need to improve transparency and accountability.

Since well before 25th May this year, when new data laws were introduced, organisations have been working hard to understand and ensure compliance with General Data Protection Regulations (GDPR).

The Information Commissioner’s Office (ICO), the independent body formed to protect the data rights of individuals, reports in a recent benchmarking survey that overall awareness about how personal data can, and is being used, has improved. However, organisations must continue to improve transparency and accountability, as their results suggest the public still doesn’t trust organisations with their data.

The fundamental aim of GDPR is to improve transparency and empower individuals to have more say in how and why their data is stored and used. With this in mind, the most prominent theme of the current conversation is that GDPR isn’t over – instead, it’s only just begun. Organisations need to make a conscious and considered effort to process data lawfully and in a way that enables the consumer to exercise their data rights.

Who did it right from the start?

Numerous high profile fines for non-compliance have been reported in the media. But who tackled GDPR effectively from the start?


A great example of a success story is the BBC. Embedding GDPR as part of a wider aim to personalise, increase participation and engage, the BBC had a real direction to its strategy and campaign plans. They segmented their communications, offering different ways to access information about their policies depending on the user’s level of engagement with the BBC and its services. They put a premise on using simple, accessible language and allowing users to easily access information in bite-sized sections, depending on what they needed or wanted to know more about. Their dedication to their future audience stretched even further – to developing a standalone privacy policy just for children – to educate and inform them using examples they would understand.

Manchester United FC

Another example of an organisation rising to the challenge and using GDPR as an opportunity was Manchester United FC. The football club launched its ‘Stay United’ repermissioning campaign ahead of GDPR, getting the message across to their loyal fanbase in an accessible and enticing way – with a few nice incentives like the chance to win a signed shirt. They used their engaged and dedicated followers to make their consent campaign work for them, which resulted in a very high opt-in rate and a perfect database for them to concentrate on for future campaigns.

What’s next?

GDPR, and all of its intricacies, is far from over.

There are likely to be further changes and clarifications to follow, which businesses will need to adapt to. For those that get it right, it’s an opportunity to build trust with their customers and improve their experience – as well as deliver a much more concentrated and efficient marketing process. So although there are still some unknowns, brands need to embrace the change in order to maximise on the opportunities, or they may get left behind.

Why not get in touch to find out how Linney can make the most of your data.