GDPR: From Ambiguity to Innovation | AppsFlyer
2 Min. Read

GDPR: From Ambiguity to Innovation

Karen Cohen Jun 05, 2018

On May 25th, the GDPR grace period ended, marking the culmination of over two years of prepping for the new European regulation. Companies have celebrated with cakes, and our email inboxes and social media feeds were awashed with dozens of updated privacy policies and hilarious memes. By now, no one has remained indifferent — the GDPR is real (and enforced), and the web will never be the same again.

Samuel L Jackson GDPR


The ambiguous design of the GDPR left a great deal open to interpretation. Legal, privacy, security and marketing teams from companies across every industry have had to pin down the right approaches for compliance ever since the regulation has been ratified two years ago. This is the impetus for the variations of privacy policy messages you’ve been receiving lately, along with emails from companies requesting consent to continue sending you newsletters and promotional materials.
To illustrate the different ways organizations have addressed the GDPR, we’ve assembled a selection of some of the marketing approaches taken by large companies.

Opt-in or Opt-out: That is the Question

Email preferences and data storage comic

Under the scope of the GDPR, data controllers (brands collecting data) shall:

  1. ”…be able to demonstrate that the data subject has consented to processing of his or her personal data.” (Article 7)
  2. “Provide the data subject the right to object to processing of personal data concerning that person. Including the right to object to direct marketing and profiling.” (Article 21)

Considering the two GDPR clauses above, what’s the right approach marketing teams could have taken to comply with the regulation? Provide an opt-in option (get consent), or opt-out option (address the right to object) to their newsletters and emails? Or maybe both?

Have a look at the below email sent by a major retail brand, first urging users to opt in, and then providing both opt-in and opt-out options. Whether the user is confused or not, this brand certainly wanted to leave nothing to chance.

Brands alerting customers to GDPR

While most of the companies have sent emails with opt-out options, some others, like this famous media company, have decided to take a hard line and provide an opt-in option only. This makes us wonder: what if most recipients have never acted on those emails? Were they all opted-out automatically?

Opt in email prompts pre-GDPR

A Catalyst for Innovation

That being said, GDPR compliance does not begin or end with newsletter opt-in/opt-out options and privacy policies. The complex nature of the GDPR led companies to take various paths to all aspects related to the regulation and, in doing so, fueled innovation and became a real catalyst for digital transformation.

We’ve seen companies going above and beyond, rolling out new and innovative solutions to comply with the GDPR — and some (disclaimer: like AppsFlyer) decided to band together to form a consortium to streamline the compliance process.

The public was, and still is thirsty for knowledge. Savvy companies quickly understood that the GDPR is a subject that should be leveraged and presented new opportunities. Those that have done so, have quickly reaped the fruits of their work and gained traction in their respective industries.

I Love GDPR playlist in Spotify

The most important thing to remember about the GDPR is that it’s not just another box to check. It’s a continuous journey that will certainly evolve over time, changing the nature of how companies and individuals interact with each other in the digital sphere. The bottom line is that the GDPR is here to stay, so companies should embrace the change and learn how to innovate, grow and adapt amid a new regulatory landscape.