The 5 biggest GDPR fails of 2018

We know GDPR is a tricky beast. The fear and uncertainty around it have been plaguing everyone from Belfast to Belgrade for the past few years. Whether you’re a one-person tech team trying to implement for a start-up, or a sentry of CISOs in a multinational corporation, the journey to GDPR’s been real.

When it actually came to it, the infamous 25 May D-Day was really quite underwhelming. It just sort of happened, didn’t it? But that didn’t stop us from getting a good laugh from some of the falsehoods, failures and downright facepalms we’ve seen floating around the internet in the past month, as organisations of all kinds navigate the post-GDPR world.

One month on, we’ve rounded up some of our favourite GDPR facepalm moments. They say humour is the best way to educate. So, here’s hoping!

1. Stop it with the Opt-In!

GDPR means that the customer has to actively give their consent to the website to contact them — that’s to say they opt-in, rather than opt-out. Simple, right? Wrong! As evidenced by a lot of major brands, including National Express and BT. Lucky for you, most companies understand the GDPR mechanics, but a handful of companies still don’t get it. And while we see the funny side now, these slip-ups won’t cut it for much longer.

2. When BCC loses the B…

We’ve all had that moment when you’re writing to a colleague or friend and you’re ready to hit send, so you type in their name and ALMOST click the wrong person. Well, a similar thing happened to the New York Times, when instead of clicking BCC (Blind Carbon Copy) someone clicked CC (Carbon Copy). That’s right, the NYT sent its new GDPR privacy policy openly to anyone who had written for them. Cue one mammoth thread of confusion and recipients replying “Please stop clicking ‘Reply All’”. So next time you inevitably make a mistake with a sent message, just remember that it even happens with the New York Times, and unfortunately for them that could see them faced with a hefty fine.

3. In the words of Adele…

GDPR is a protection regulation that all companies who have customers within the EU need to comply with. So, even companies outside the EU have to comply with GDPR if they have customers from the EU. Well, despite GDPR day being the most highly anticipated since Y2K, some companies still weren’t prepared. A number of newspapers from our friends across the pond, including the LA Times, were so unprepared that they had no choice but to shut out their European audience. Cut to one month later, and you’ve guessed it, you still can’t access the website from a European VPN. Sort it out, guys. We miss you.

4. So lonely…

Remember when you were younger and you always got so excited about receiving an email? Remember when that feeling stopped when you became inundated with ads and spam? No doubt your inbox bubbled over with emails leading up to the 25 May deadline with organisations reminding you to opt-in. Granted, you may have received a lot of emails, but if you weren’t on top of them you may no longer be receiving emails from those few sacred sites you actually want to hear from. Now if you only have emails from some spammy sites you need to get out there and sign back up to your OG favourites. (Credit to Lucy Nichol for this one)

5. Clear as mud

GDPR is complicated enough without companies making it even worse for themselves and their customers. Take Halifax Bank, for example. It was as if they were trying to create a debate as controversial as ‘The Dress’ debacle of 2015 when they invited customers to guess whether the blue or white tick box was opt-in or opt-out. Come to think of it, is this really a fail or the next big internet sensation? Nope, we’re going to stick with fail.

But what does it mean?

GDPR doesn’t need to be difficult

So if you felt overwhelmed by GDPR information, all we can say is no wonder, when we see the blundering confusion it’s caused. Yes, it’s been hard, but it doesn’t have to be as hard as these websites are making out. Put simply, the General Data Protection Regulation is all about making sure that the customer is in control of the personal information they’re allowing companies to access, and making sure this information is handled safely. And for the more complicated bits, there’s a whole host of support out there to make sure your company is navigating GDPR with finesse not failure.

What was your favourite facepalm moment? Did it fall into our top five? Let us know by dropping us a line!

Get in touch

PUBLISHED BY

Clare Holmes

29 Jun. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Microsoft announces new email requirements for bulk senders

Red Sift

Microsoft has officially announced new authentication requirements for bulk email senders—referred to as ‘high volume senders’ in their documentation—aligning with the policies rolled out in 2024 by Google and Yahoo. These changes aim to improve email security and deliverability for Outlook.com users, covering domains like outlook.com, hotmail.com, and live.com. The update marks a significant…

Read more
DMARC

From concept to market leader: Reflecting on the development of Red Sift…

Rahul Powar

Following Red Sift OnDMARC being featured in 18 reports in G2’s Spring 2025 Report, CEO Rahul Powar shares his thoughts on the innovation behind the product—and what’s driving its continued momentum in the fight against phishing and Business Email Compromise (BEC). When I founded Red Sift, my goal was to make proactive cybersecurity accessible…

Read more
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more