The 5 biggest GDPR fails of 2018

We know GDPR is a tricky beast. The fear and uncertainty around it have been plaguing everyone from Belfast to Belgrade for the past few years. Whether you’re a one-person tech team trying to implement for a start-up, or a sentry of CISOs in a multinational corporation, the journey to GDPR’s been real.

When it actually came to it, the infamous 25 May D-Day was really quite underwhelming. It just sort of happened, didn’t it? But that didn’t stop us from getting a good laugh from some of the falsehoods, failures and downright facepalms we’ve seen floating around the internet in the past month, as organisations of all kinds navigate the post-GDPR world.

One month on, we’ve rounded up some of our favourite GDPR facepalm moments. They say humour is the best way to educate. So, here’s hoping!

1. Stop it with the Opt-In!

GDPR means that the customer has to actively give their consent to the website to contact them — that’s to say they opt-in, rather than opt-out. Simple, right? Wrong! As evidenced by a lot of major brands, including National Express and BT. Lucky for you, most companies understand the GDPR mechanics, but a handful of companies still don’t get it. And while we see the funny side now, these slip-ups won’t cut it for much longer.

2. When BCC loses the B…

We’ve all had that moment when you’re writing to a colleague or friend and you’re ready to hit send, so you type in their name and ALMOST click the wrong person. Well, a similar thing happened to the New York Times, when instead of clicking BCC (Blind Carbon Copy) someone clicked CC (Carbon Copy). That’s right, the NYT sent its new GDPR privacy policy openly to anyone who had written for them. Cue one mammoth thread of confusion and recipients replying “Please stop clicking ‘Reply All’”. So next time you inevitably make a mistake with a sent message, just remember that it even happens with the New York Times, and unfortunately for them that could see them faced with a hefty fine.

3. In the words of Adele…

GDPR is a protection regulation that all companies who have customers within the EU need to comply with. So, even companies outside the EU have to comply with GDPR if they have customers from the EU. Well, despite GDPR day being the most highly anticipated since Y2K, some companies still weren’t prepared. A number of newspapers from our friends across the pond, including the LA Times, were so unprepared that they had no choice but to shut out their European audience. Cut to one month later, and you’ve guessed it, you still can’t access the website from a European VPN. Sort it out, guys. We miss you.

4. So lonely…

Remember when you were younger and you always got so excited about receiving an email? Remember when that feeling stopped when you became inundated with ads and spam? No doubt your inbox bubbled over with emails leading up to the 25 May deadline with organisations reminding you to opt-in. Granted, you may have received a lot of emails, but if you weren’t on top of them you may no longer be receiving emails from those few sacred sites you actually want to hear from. Now if you only have emails from some spammy sites you need to get out there and sign back up to your OG favourites. (Credit to Lucy Nichol for this one)

5. Clear as mud

GDPR is complicated enough without companies making it even worse for themselves and their customers. Take Halifax Bank, for example. It was as if they were trying to create a debate as controversial as ‘The Dress’ debacle of 2015 when they invited customers to guess whether the blue or white tick box was opt-in or opt-out. Come to think of it, is this really a fail or the next big internet sensation? Nope, we’re going to stick with fail.

But what does it mean?

GDPR doesn’t need to be difficult

So if you felt overwhelmed by GDPR information, all we can say is no wonder, when we see the blundering confusion it’s caused. Yes, it’s been hard, but it doesn’t have to be as hard as these websites are making out. Put simply, the General Data Protection Regulation is all about making sure that the customer is in control of the personal information they’re allowing companies to access, and making sure this information is handled safely. And for the more complicated bits, there’s a whole host of support out there to make sure your company is navigating GDPR with finesse not failure.

What was your favourite facepalm moment? Did it fall into our top five? Let us know by dropping us a line!

Get in touch

PUBLISHED BY

Clare Holmes

29 Jun. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more