Many organisations will have felt the pressure to become compliant. In some cases, there are a few left wondering what will be left in the aftermath of the launch of GDPR?

In this piece we’ll be examining why the new world should be considered an opportunity for business leaders, rather than a threat.


GDPR has the potential to disrupt industries. Whether this change is for their own good or not is something that has been debated in the months leading up to now. These conversations will continue past May 25th, far beyond the dreaded D-day (the D being ‘data’, of course).

From this point onwards, the new law will enforce tighter control on the way businesses collect and store data, forcing a reassessment of their current methods and the way they handle personal information – but surely, we all know that by now!

For some the new law will create a refreshing rethink on the way many businesses have worked for years. A recent report from IBM showed that nearly 60% of business leaders surveyed across 1,500 industries saw the revised regulations as an opportunity for data-led transformation. 

To quote Episerver’s VP & CMO, James Norwood, at Ascend London 2018, “[the new] GDPR highlights the need to deliver value to those who actually have intent.”

We are not alone in our belief that the arrival of GDPR shouldn’t be a cause of concern for business leaders. Instead, it should be viewed as an opportunity get smart, to communicate your ongoing trust with your customers and then behave in a way that warrants reciprocal trust. If you’re hoping to capitalise on it, here’s what you need to consider.

Building your experiences with users in mind

Privacy is a concern of consumers. It is an integral part of the buying process, influencing the decisions of consumers. The incoming regulations offer organisations the opportunity to build privacy into their service, not just meeting regulations, but exceeding them to gain a powerful USP to build customer trust. There is a great clip of Steve Jobs talking on just this subject if you want to explore more.

Privacy front and centre
It is one thing to tell customers that their privacy is respected yet hide behind lengthy privacy policies. A policy never constructed for users to read and - more importantly – understand, forcing them to become a background component when signing up to a service. Giving consideration to where privacy is important and flagging it going through any interaction is a stronger way to build trust.

Remember the old adage, never trust anybody who says, ‘trust me!’


In building positive user experiences for the projects we’re involved with, we consider how a customer will feel when using a product or service. The new GDPR regulations are an opportunity to bring user privacy to the centre of the products and services on offer, making it a core consideration when designing user journeys.

A user’s information is their own and we should respect this

An important fact being brought to light by the new GDPR is how user information is handled and processed, but also how it is valued.

Organisations do not own a user’s information and must seek permission to use it. Before this has been granted, the user must be informed of how their data is used and assisted in maintaining control of it. Businesses should put effort into making sure there are sufficient communication methods at all stages of their process.


Previously marketing teams could get caught up in maximising the size of their email database, the important measurement of quality was minimising the volume of unsubscribes not the volume of quality engagements. A focus on the quality of interested, up to date and engaged contacts, will be refreshing. 

The spirit is secure by design as default, with a perception that contacts will now be the names of individuals who are of high value to the organisation. Not a collection of old event attendee lists, a few contacts ported from business cards collected in a fish bowl and a list that was purchased once of spurious provenance.

You shouldn’t collect more data than you need to and you shouldn’t hold on to data for longer than necessary.

There is a disconnect between how user information is used and how most people think it is used. When a user visits a website it is not just that site which they deal with, but also the many services that site uses to operate including social plugins, analytics and tracking. Many users will remain unaware that this tracking occurs which could no longer be the case following the new requirements.

Minimising impact

To explain this fully, let’s examine how two news sites use third-party services on their sites.

Passing CNN though a tool called Disconnect well over 100 third-party sites are informed in some way when you visit, from tracking sites, to a myriad of social media and advertising services.

Conversely, the BBC takes a much more reserved approach, using the minimum of outside services, with only two third-parties informed: 1 analytics provider and a survey service.

We can be found is that BBC are putting their visitors’ privacy and their customers trust more at the core of their service, using a few services and collecting only the information which helps them provide a quality service to their customers.

Few users expect hundreds of third-party sites to be aware of their online actions, by staying in-line with this expectation, the BBC is helping its users to understand how their information is used.

Capture the opportunities presented by GDPR

Your customer groups may be engaged today, but this might not be the case in a month’s time.

Many inboxes are filled with out of date communications from companies you may have purchased a particular item from a long time ago, and those which you may never purchase from again.

A short shopping trip at a mall in the US can sign you up to any number of soft copy receipts that persist forever as constant reminders in your inbox of the one-off purchase you made.

Marketers must do all they can to keep your email content relevant based on their preferences, past purchase history, email and online behaviour. Take pride in knowing your email marketing campaigns are of relevance to your intended audience. Even more in knowing they are being distributed to a mass of subscribers who actually want to buy from you.

In return, what you can expect is a more accurate depiction of how effective your current processes are, or even how much activity your users are showing on that channel.

Familiarise yourself with best practice

Until now, marketers with access to big email databases could easily become complacent. The habit of regular A/B or multivariate testing is something that may have also been forgotten about, however the return on investment has historically been high.

With the arrival of the new law, some businesses had the worry that databases were going to be radically reduced. Many wanted to make sure that they got the best performances from their re-opt-in campaigns. Already, the work we carry out on behalf of clients has shown the significance of abiding by best practice protocol.

Here’s some examples of areas to be conscious of it you’re not currently using them in your activities:

Email Best Practices

  • Mobile Responsiveness
  • Engaging subject line
  • Noticeable From, Name and Email Address
  • Clean and engaging template with eye-catching hero content and CTAs
  • Putting in place a Double Opt-in Process
  • Having a Preference Centre

Testing everything

  • Subject Line
  • From name and Email Address
  • Template layout
  • Call to Actions
  • Landing Pages
  • Tone of Voice

And above all make it useful and interesting. The people you are talking to should be some of your most valued customers.



Offering transparency in their use of data

Stating clearly how you intend to use data will be an area where businesses will need to adjust. It is no longer good enough to hoard email addresses for a rainy day.

It’s about giving users the power to choose what and how their personal data is used for personalisation. Throughout the customer journey, being a new customer or a subscriber, you have the potential to offer re-opt-in. At every touchpoint you should be transparent about how you will use their data.

Along with this, your communications should detail where they can access the data you have stored as well as informing how to change what you may have access to. This is important at all stages of the buying cycle;

  • The registration/checkout process
  • My account section
  • FAQ and Help sections
  • Within every email sent

Whether organisations can turn a compliance challenge into a chance to advance their digital efforts will depend heavily on the ability to come up with a direct plan of action, relevant to their business goals. Although it is difficult to predict where the residing effects will begin to show, something we can be sure of is change. What can be taken for now is that it is essential businesses play their part the revival of data transparency and consumer trust.

As a starting point, we recommend checking out this GDPR survival kit from Econsultancy.

If you would like some guidance along your GDPR journey, drop us a message and one of our digital specialists will get back to you.