One year on – how has GDPR impacted upon the tech sector?


Diana Rowatt, client services director at marketing automation platform Force24, uncovers how much the introduction of GDPR hit organisations last year, and what effect it did – or didn’t have – particularly on the communications industry.

For a marketer whose role in the technology sector relied heavily on direct communication with customers, their working practices were overhauled dramatically in May 2018.

The introduction of the General Data Protection Regulation (GDPR) came into force across Europe this time last year, and the magnitude of imminent changes created such a wave of uncertainty – especially for those who relied on databases of key information to market their messaging.

Many didn’t know how they would be able to communicate effectively – if at all – with customers, or drive leads anymore. Others decided to bury their heads in the sand, rather than tackle what they had to do next, because it was nothing short of a monstrous task to complete.

The impending launch of GDPR resulted in hundreds of man-hours for teams to ensure compliant procedures were in place throughout their organisations. And, for technology-based firms and its marketers without the luxury of resources, they would’ve ultimately struggled to cope with the mass of detail needed to implement such change.

However, for many – including Force24 – who enforced the right level of preparation early doors, they found themselves at a distinct advantage over those that didn’t fall in-line with the legislation, or who took more time to get their processes in place.

The key to success was making sure companies didn’t panic, and instead acted.

Before May 2018, tech-based firms had to know – and understand – the basics of GDPR to get everything correctly in place. Teams were required to delve into the detail so they could work on better ways to be clear and consistent in their customer communications.

It wasn’t an overnight job by any means. Marketers had to work tirelessly to create multi-level permissions, an administrative nightmare for many, and ensure data was kept safe and secure. They needed to ensure ‘the right to be forgotten’ could truly be exercised, for instance, and ideally as efficiently – and robustly – as possible.

Those that prepared well saw any initial shock to the system ebb away when May came and went without any real change in how they effectively conversed with prospects and leads.

However, for the departments that couldn’t quite get over their initial worries, they’ve now realised just how much they’ve been hit following panicked decision-making – or lack thereof.

Why? Because, in the run-up to last May we witnessed businesses killing off thousands of records which – now they’re in recovery mode – didn’t really have to happen. They decimated their databases and a year on they’re still trying to recoup that precious time lost.

As marketers begin to understand their communicative roles more in a post-GDPR era with technology at their fingertips, they’re acknowledging there’s a real need to constantly stay compliant, and in-line with the legislation. It has to be taken seriously, which isn’t a bad thing really is it?

It doesn’t end here either. Marketing professionals and their technology firms shouldn’t let practices waver even though it is now 12 months down the line. They just have to work on ways to be savvier – and secure – with communications.

Businesses initially nervous about what operational changes GDPR would bring might’ve spread their resources even more thinly to cope with getting things into place. However, what that level of preparation has achieved now is a more targeted approach to understanding what customers want to receive.

Admin headaches aside, GDPR has actually been a good thing for marketing because these organisations should never be sending ‘batch and blast’ invasive comms anyway. Doing it that way is too lazy, and not what individuals want to receive, that’s why tech exists – so businesses can be savvier than that.

It’s also helped departments to remove non-engaged people, make them more agile and streamline databases to speak to true supporters of the brand. In other words, it has made some brands sit up and finally alter their practices, as they should have a long time ago.

The hunt for compliance has actually seen the UX go out the window for some businesses because they’re so desperate to capture the perceived, necessary opt-ins and notify website visitors of every policy under the sun, that some homepages are now becoming almost impossible – which is surely a consumer turn-off?

Now is the time for companies to keep compliance running throughout the veins of the technology sector – and to think clearer about what their customers want to receive. They must continue to ensure those they speak directly to, enjoy a personalised experience that is safe and secure – without a spam email in sight!

Di RowattAbout the author

Diana Rowatt is a Client Services Director at Force24 – and provides advice and support to clients, marketing automation demos, and making sure targets are hit each month. She’s been part of Force24 since the very beginning and so has seen how it’s grown, and adapted – as well as provided – technological options to business to help them reach customers easier.

GDPR featured

GDPR and WeAreTheCity


GDPR is a hot topic for everyone at the moment, with us all receiving emails from companies requesting for your consent or updating your preferences. At this stage we wanted to take a moment to reach out to you all, not only to let you know what how we are tackling GDPR and what it means to you.

The team have taken alot of time to understand the full policies in their written form and speaking to industry experts and data experts, below is our brief summary of what GDPR means to WeAreTheCity and you. Although this article is not exciting to some, we urge you to read if you have 5 minutes.

What is GDPR?

“The General Data Protection Regulation (GDPR) is a regulation (binding legislation, not just a directive) by which the EU intends to strengthen and unify data protection for all individuals from the European Union (EU). It also addresses the export of personal data outside the EU.

It aims primarily to give control back to EU citizens and residents over their personal data and to simplify the regulatory environment for international business (any company that is gathering, processing or storing the personal data of EU citizens).”

GDPR also includes steep sanctions for any company that is not compliant with the GDPR regulation after May 25th, 2018, when the GDPR goes into effect.

Key Principles of GDPR

Here are the key principles you need to be aware of:

  1. Personal data collected needs to be processed in a fair, legal, and transparent way. It should not be used in any way that a person would not reasonably expect.
  2. Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need the personal data when they collect it.
  3. Personal data held needs to be kept up to date and accurate. It should be held no longer than necessary to fulfill its purpose.
  4. EU citizens have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization without hindrance.
  5. All personal data needs to be kept safe and secure, and companies undertaking certain types of activities are now required to appoint a data protection officer.Data privacy policy and GDPR

What is WeAreTheCity doing about GDPR?

We know that personal information, privacy and GDPR are big deals. Which is why we are focusing specifically on getting us ready for the GDPR. We strongly believe this a step in the right direction for our users.

Here’s how we’ve divided our time and resources:

  • Identifying Personal Data: We are currently in the process of mapping the different levels of personal data that is collected, stored, used, and disposed of.
  • Data Privacy Impact Assessment: Analyzing the risk to data that a system might pose. Systems that collect, transmit, process, or store personal data are validated to ensure processing is consistent with our privacy notices.
  • Data Portability, Update & Erasure: While the ability to change or delete your data was already in place through our support teams, we are a looking at a more streamlined version that will allow for the automation of these tasks.
  • Consent: We are drawing up data processing agreements that will clearly define what data we need, for what purposes, and will require your explicit consent in order to process your data after May 25th.
  • EU-US data storage and Swiss-US Privacy Shield Certification: EU customer’s data may be transferred to and processed by our US entities as well (for example, we mainly house WeAreTheCity in the US). In accordance with the GDPR, we need to ensure that our US entity offers the same level of protection of the EU data, as guaranteed in the GDPR, even though it is subject to US jurisdiction. This has been confirmed and our server farm is held under the Privacy Shield Certification.
  • Enhancing Data Security: Data security has always been a critical issue for us. We are reviewing our policies to further enhance data privacy and data security measures.
  • Changes in the services and websites: If you are a returning and loyal member of WeAreTheCity, you will have noticed that we have changed the look and feel of the site, this echoes some of the hardened security and policies we have put in place to protect you, your data and security.
  • Being Visible & Achieving Transparency: Providing visibility and transparency on how collected personal data is used is of utmost importance. We identified different levels at which we are using personal data and are in the process of mapping and clarifying this information in order to achieve transparency and provide visibility to our users.

What does this mean for me?

Here’s what you need to be aware of:

Your Rights

  • Transparency: We are making it even easier to understand what is happening to your personal data.
  • Consent: Choose what data is collected about you (with the ability to change that choice).
  • Update and Erasure: Update or request deletion of your data.
  • Portability: Take your data elsewhere in a portable format.

Our Obligations

  • Due Care: Safeguard your data.
  • Minimization: Minimize the risk of your data being exposed.
  • Privacy By Design: Analyze the risk a system might pose to your data.
  • Notification: Communicate data breaches quickly.

What’s coming next?

What else can you expect to change in the coming months? Here’s what we have on our plan:

  • New Privacy Policy
  • Revised Terms of conditions
  • Introduction of GDPR forms and requests
  • Email verification for existing subscribers
  • Changes to our data collection policy and online forms
  • Revised website policies for the entire WeAreTheCity Network
  • Changes to our premium membership program and data security


If you have any specific questions around our plans, intentions and policies, please do get in contact with us.


The WeAreTheCity Team