A year before the GDPR came into force we started training marketers and others on how to ensure compliance with the new regulation.

A year on, we thought it would be a good time to discover where some of the companies that we trained are now. We asked five simple questions:

  1. How comfortable are you that your business is now fully GDPR compliant?

Not all were certain that they were fully compliant. All saw complying with the GDPR as a ‘journey’ with the need to constantly update and review their approach. There was a fear factor or lack of confidence for some.  Issues had been experienced by some with data transfers outside the EU.

  1. What are the good things that have happened as a result of the GDPR coming into force?

All saw some positives in the GDPR coming into force a year ago. Generally, it has meant that those spoken to have become more organised with data (when and where it is held) and more stringent in tracking consent – where appropriate.  Specific comments included:

“GDPR makes us think twice – for example whether to use mailing lists. It has stopped us doing things that we shouldn’t have done in the past”


“Customers are clear about what we are doing with their data”


“Clearing out large quantities of data that we didn’t need to hold”

  1. What are the bad things that have happened?

The work, time and money spent in getting ready for the regulation was the comment from most people. Having to keep it in mind at all times and the ongoing level of administrative work was another. There were also some concerns voiced over the amount of conflicting information that still appears to be out there regarding exactly what is needed to get it right.

One person commented that, on a wider issue, the GDPR has made marketing relationships between organisations and consumers harder to develop. This echoes comments from others in recent articles.

  1. What data protection and privacy areas would you still like to improve?

All thought that there were areas where their organisations could improve. Particular mentions include: more exploration of which data could be linked to a natural person; improving physical data protection going forward; the slightly draconian wording of some of the statements being used and the need to review privacy policies.

  1. Final comments?

Last words included:

“It’s been a lot more work that we thought it would be. We started with the big picture. The detail keeps going and going.”


“..be good if the ico did let us know how we were doing. Not black and white.”


“…GDPR hasn’t had the impact I thought it would.”


“…found the sales team has struggled with it especially with relationship building.”

Are there many happy returns for the GDPR?

A selection of marketers that we have trained largely think so. Overall, there does seem to be benefits to both organisations and individuals although the amount of time and effort it continues to need is a concern for many.