The GDPR is Coming – Are We Ready?

GDPR or General Data Protection Regulation

Introduction to the GDPR

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data.

Although the GDPR is an EU Regulation, its rules apply to any business that a) market their products to people in the EU or that b) monitors the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.

For more detail on the GDPR’s impact on the changes to data privacy legislation, including individual’s rights,, its scope, and penalties, please visit HubSpot’s GDPR page.

Consumers agree the GDPR is a good thing

HubSpot surveyed consumers in the UK, Ireland, Germany, Austria, and Switzerland about their general opinion on data privacy laws. In total, 81% agree these laws are a good thing. After being given a description of the GDPR specifically, 90% agreed the principles set out under the GDPR were good for consumers.

Artboard 1.png



We also found that, if given the option, a majority of people would opt out of receiving phone calls and email from companies. A full 59% would take advantage of the ‘right to be forgotten’, and request that company completely delete their details and history from their databases. 55% would also opt out of having their personal data stored and would request to see all the information a company holds about them.

Artboard 2.png



In general, consumers are feeling the strain of too many communications from businesses. 84% agree that companies should not contact them without their permission and 73% would opt out of all communications if they were given the option. Since the GPDR states that companies that market their products to, or monitor the behaviour of EU citizens need to be clear about how they use personal data and give consumers the option to opt out of marketing activities, businesses may need to brace themselves for an influx of consumer unsubscribes next year.

Artboard 8.png


Consumers expect transparency

Many high profile breaches have occurred over the years, and consumers in Europe expect, above all, to be promptly notified when a breach occurs. The onus is on companies to be as transparent as possible about what has happened and what they will do to help their affected customers. In that vein, 91% of consumers expect companies they work with to be completely transparent about how their data is being used. This transparency is also a key principle under the GDPR. 

 Artboard 10.png



If your business is clear and transparent about how you use your customers’ data, consumers will give your brand the benefit of the doubt and trust you. It’s then up to businesses to ensure that trust isn’t broken by deceptive tactics, endless spamming, or interruptive communications. 

 Artboard 12.png

What are businesses doing about the GDPR?

So we know what consumers think of the GPPR, and what they may do if given the option to remove themselves from company databases. What are businesses, and marketers especially, doing about it?

Our data shows a pretty bleak picture. Of the 363 business leaders and marketers we surveyed, just 36% of them stated that they had heard of the GDPR.

Artboard 4.png



A full 12% admitted they first found out about the GDPR from our survey. Just a third knew when the GDPR will come in force (the date is 25 May, 2018). Lastly, less than half of companies surveyed are prepared for the GDPR in 2018.

Artboard 5.png



Overall, most companies are addressing the GDPR by updating their contracts and data protection policies, and pressing their vendors to do the same. Worryingly, 22% admit that they haven’t done anything just yet to prepare for the GDPR.Artboard 3.png



33% of business leaders and marketers who correctly identified the GDPR in our survey expect their lead conversion rates to go down. Half expect their email lists to shrink as a result of consumers taking action to unsubscribe from company emails. 41% expect to shift to external platforms to process lead data as a consequence of the GDPR’s new data storage rules.Artboard 6.png



Tactically, business leaders anticipate they’ll have to change how they collect customer data, security protocols, and the length of time they’ll store customer data.

Artboard 8.png



And many plan to focus more on social media marketing, content marketing, and SEO. 26% will use less retargeting ads, and 25% will require a log in for people to use their services.

Artboard 9.png

What's next?

Our data shows consumers in Europe view the GDPR very positively. The impact of the GDPR will strongly depend on how organizations communicate with their audience. Companies who lead with transparency have the best chance of continuing to engage with online consumers based in Europe. But as our data shows, getting prepared for the GDPR’s many rules can be daunting. Luckily, HubSpot has put together a checklist to help businesses on the road to GDPR compliance.  

Research Methodology

HubSpot Research ran two online surveys leveraging a general population and B2B panel via ResearchNow. For the general population study, we surveyed 3,017 respondents from the UK, Ireland, Germany, Austria, and Switzerland on their thoughts about data privacy and the GDPR. For the B2B survey, we screened for C-level business owners and marketers in the UK, Ireland, Germany, Austria,and Switzerland. We asked about their knowledge of the GDPR and how they were preparing for the legislation. Both surveys were available in English and German and fielded in September 2017.