It looked like every company waited until the very last second to start sending out e-mails about the GDPR and renewing subscriptions to newsletters. I don’t know about you, but I received a lot of those from companies I didn’t even know I was on their list in the first place. Come to think of it, I never was…

The e-mail bomb companies sent out before May 25 was huge. All around me I heard people getting tons of e-mails about the GDPR. Some of them thought it was useful, because at least now they – assume to – know to which newsletters they were subscribed. They also found it a good way to easily unsubscribe. After all, if you don’t give your preferences or renew, you are off the list, right?

To be honest, I would not be so sure about that. Nothing in GDPR says that companies have to do this, if you were already in their system and they only used your personal information for a legitimate reason, for example to remind you that you have an appointment at your family doctor. That’s why some companies sent an opt-out e-mail, instead of an opt-in e-mail. But are they really going to delete your information?

Not on the list

Another thing that struck me, was the fact that I received e-mails from companies I never knew I was on their list in the first place. And I wasn’t alone. Some people received e-mails from companies they never even heard of. In some cases, when you looked at your own profile in the web link they sent, those companies still had a lot of personal information of them, including phone numbers and dates of birth.

Maybe I am a bit too paranoid, but could it be that some companies tried to ‘use’ the last GDPR-free days of chaos, where you’d receive so much e-mails you wouldn’t even notice a new request? That you would go on auto-pilot modus and give consent to them, so that from now on they can send you PR e-mails? As I write this, there are no numbers in yet on how many spam e-mails were sent in the days leading to May 25, but surely there were a lot of warnings.

Using the GDPR deadline in your advantage – to achieve something that the GDPR was intended to avoid – I’m sure was not the goal of the whole operation.