Companies Are Using GDPR As A Retargeting Campaign

This morning I have awoken to 13 GDPR more emails from more retailers wanting me to positively subscribe to their marketing lists. Lists that I unsubscribed years ago. Today was the 6th from BlueO2 for fuck sake, that I have received this past fortnight asking me to check my spam filters once again. Ah well! Only two more days to go.

Last week I questioned similar, that I found it quite ironic that I have already unsubscribed from many a mailing and distribution list, but only to receive a continual flood of GDPR emails from retailers, asking if I still want to receive an email newsletter. I asked if anyone could please explain whether retailers are seeing this as some kind of retargeting campaign?

The First Response

“They shouldn’t be doing that they would be in breach of PECR the Privacy and Electronic Communications Regulations which sit alongside the Data Protection Act and from the 25 May the GDPR. If you have unsubscribed they will be in breach of GDPR after 25 May.”

That maybe so, but I unsubscribed yonks ago. So, how do I report a breach and what is the remedy? Or is GDPR just a scam for ‘so called’ consultants to make a few Shillings while the iron is hot?

“You can do a subject access request under the DPA to the companies to see what they hold on you or just write to them (ICO have a template letter). More details here.”

More Questions

The question to myself is, how much time am I going to want to invest writing to these people? Whether I do nor not, how is the GDPR going to be enforced? Who does the recipient complain to? Does the recipient get financial compensation? There’s a lot of scaremongering about the fines, but who issues the fines and how does anyone report a company of breach?


Someone told me that as I unsubscribed from a specific mailing list, they still have your details on file so have to ask. I was told that it was “good news for the consumer” as it gives me greater control over your data.

A Retargeting Campaign For Sure

So, I buy a one off product from an online retailer three years ago and as part of the checkout process I have to give an email address. I implicitly state that I do not want to receive marketing emails, but nonetheless they do. On receipt of the first UCE, I unsubscribe from the list so not to hear from them again. However, having never heard from them again, I now get a so called GDPR email, asking whether I want to hear from them again? Hence, is this some sort of retargeting campaign opportunity? Below, Scilly Parking sends a second opt-in email even though I ignored the first and did not opt-in in the first place.

Scilly Parking Sends Another Email After I Ignored Their First

The Scammers Are At It

Even the spammers have picked up on this type of opt in/out email targeting. One respondent commented:

“I had my electric company call today to update my contact preferences. They started asking for my personal data. I replied that they should already know that. They said they wanted to check. I asked for them to tell me my postcode and they couldn’t answer the question. I slammed the phone down!”

In Response To BlueO2

As one professional emarketing fried told me:

“If they’re using a mailing system similar to ours and they’re not deduping already unsubscribed data, then it’s likely you’ll be receiving the invite to reconfirm. Another useful thing to note is if you just ignore the emails asking for reconfirmation, it’s as good as unsubscribing as GDPR stipulates that a subscriber needs to have acceptance proved by positive opt in along with a date stamp. So save time and not go through unsubscribing. However, I do wonder what goes through their minds when they mass mail on this level? It’s not going to be good for any metric, unless they’re looking at increasing their unsubscribe and spam rates.”

And As One Friend Put It

“If they are having to get you to positively subscribe, it implies they did not have explicit permission in the first place. There is no need to get new permission unless it wasn’t obtained to GDPR standards in the first place, so anyone asking me again is getting a default ‘opt-out’.”

“Most companies are simply notifying me that they now conform to GDPR standards and I need do nothing unless I choose to opt out.”

That maybe why different retailers are implementing different tactics. One close friend showed me an email from Costa Coffee. There’s was a more assertive one. In essence, advising of an update but stating there was no action needed, simply hyperlinking to their updates privacy policies.