GDPR. Those four letters that cause confusion. It may seem like it’s over and done with but, sorry folks, it’s not. It has changed the way data is and will be collected for good, and it’s staying. You should know, too, that even if you aren’t based in Europe, if you do any business with Europe at all, you need to comply. 

Doing what we do (capturing and enriching consumer data) it’s a big part of our lives. So, we get it. Here’s a quick break down in case it’s still giving you a headache. Let’s strip it right back and do contact us if you need any more information – we’re always happy to chat!

What is GDPR?


Well, it stands for General Data Protection Regulation. It’s a regulation implemented last year (2018), put in place to strengthen and unify data protection for individuals within the European Union. It’s important to note, though, that this applies to anyone who is doing any business with the EU. So, pretty much everyone!

Why is GDPR now in place?


The reasons are twofold:

  1. The previous data protection act (Data Protection Directive) was no longer fit for purposes as it was drafted pre-widespread internet use (1998). I know…life before internet…it’s a crazy thought
  2. To give consumers more control over how their personal data is used


Ok, what classes as personal data then?


  • Name
  • Email
  • Home address
  • Gender
  • IP address
  • Income
  • ID numbers
  • Photos

Why should I care?


  • You could get fined up to 4% of annual turnover for breaches. Remember that huge case with Equifax where the personal information of 143 million consumers was compromised, and an additional 209,000 had their credit card data exposed? Well, they also failed to meet the 72-hour notification requirement of the GDPR when they made the breach public, which resulted in the fine being upgraded to the maximum penalty.  
  • Potential reputation damage for your brand. Remember, a reputation takes a life time to build and a moment to lose. 

So, are there any key points of the previous Data Protection Act that still stand?


Yes. There are. Everything still needs to be:

  • Fairly obtained
  • Captured for a specific purpose
  • Relevant to the purpose and not excessive
  • Accurate
  • Not kept longer than necessary
  • Appropriate measures taken against hacks (unauthorised or unlawful processing, accidental loss, destruction or damage)

OK, so, what’s changed?


GDPR has made many of these points more specific (particularly when it comes to data captured online) but the main new point to consider when it comes to marketing is CONSENT. Clear, active consent.

If you don’t have the right consent, your email marketing could breach GDPR.

Right. Consent. What exactly does that mean though?


Here’s a definition that might help:

“Consent must be an active, affirmative action by the data subject, rather than the passive acceptance.”

Or, more simply put – don’t make people feel like they’ve been tricked or misled.

What are some ways that I may have captured emails which doesn’t automatically mean I have consent to contact?


  • They’ve bought something from you in the past
  • They’re a member
  • You’ve bought an email list
  • They’ve previously entered a promotion or competition
  • Entered their email to sign up to wifi

What’s the best thing to do if I’m not sure my database has given me consent to contact?


  1. You may need to delete your database if you’re unsure about the permissions captured to date
  2. Re-seek permission – in a way that is absolutely GDPR compliant. You can just ask
  3. Talk to us about our data health check solutions 


Important to note: You must keep a record of how and when an individual gave consent, and that individual may withdraw their consent whenever they want.

But, I still want to build my database. What’s a good way to get people to give me their data going forward?


Value exchange, value exchange, value exchange! If you offer something your audience deems as great value, then consumers are often willing to opt-in to receive future information.

In fact; we’ve found they’re even willing to recruit in friends who also opt- into future communication. Just like a campaign we ran for Le Tan using our Buddy Builder mechanic. We captured:

  • 1,800 highly qualified new leads 
  • 50% of entrants recruited a friend
  • 54% conversion rate on the microsite 
  • Zero media spend to acquire the new leads    

How else can I convince people?


Well, be honest and relevant. Tell them why you want their information, and what you’ll be using it for. For example, if you want their birthday, tell them you’d like to send them a gift at that time each year.

When you’re trying to get someone to give their data, it’s going to be a hell of a lot easier to do if you convince them what you are going to send them is relevant so, make sure you’re strategic with your communications – think a carefully planned EDM campaign to welcome them onboard. Give them the information they will find useful.

So, as a data capture company, you must have it down pat! What have you done to make sure the campaigns you run are compliant?


Well, there are a few things we have put in place to make sure we are adhering to the new legislation:

  • We capture the data with explicit consent so it adheres to the GDPR rules
  • It is fairly obtained
  • It is fit for purpose
  • We updated our privacy policy so it’s fully compliant
  • All data captured by our platform are hosted locally, with the highest level of recognised security measures in place


We data, differently by capturing and enriching consumer data via exciting digital campaigns. Get in touch today to find out how we can help you.


Read more

See all case studies