Grab a pint and have a seat. I have a story to share about the monster of all data hangovers.
J D Wetherspoon, which runs nearly 1,000 pubs across the UK and Ireland, sent an email on June 23 to its entire customer database to say that they wouldn’t be sending any more emails to customers. Indeed, Wetherspoon’s said it would delete its entire database of customer email addresses!
“Many companies use e-mail to promote themselves, but we don’t want to take this approach – which many consider intrusive,” said John Huston, chief executive of Wetherspoon’s, in his email. “Our database of customers’ e-mail addresses, including yours, will be securely deleted.”
This dramatic announcement, first reported in Wired, cries out for deeper explanation.
We could take Wetherspoon’s at its word; the pub chain noted it would continue to reach out to patrons through Facebook and Twitter.
But there could be another explanation. The European Union’s upcoming General Data Protection Regulation (GDPR), taking effect in May 2018, requires brands to maintain clear and specific proof of consent to retain and use customer data such as email address. (Despite Brexit, GDPR will still take full effect in the UK in 10 months time.)
My colleague Jason Rose recently blogged on how GDPR could be the death of third-party data, because consumers are unlike to give specific consent for brands to sell their personal information. What’s more, GDPR has no “grandfather” provision, so data collected before May 2018 without the proper consent would no longer be legally usable.
Wetherspoon’s announcement raises the possibility that GDPR will aso have a massive impact on first-party data.
Wired noted that two companies – Honda and Flybe – have recently been fined by the UK’s Information Commissioner’s Office (ICO) for sending email to customers who hadn’t explicitly given consent.
What if Wetherspoon’s didn’t have proof of consent and simply decided it was easier to delete its email database and (perhaps) start fresh with a GDPR-compliant system?
Security blogger Graham Cluley said as much in a post last week: “So, maybe J D Wetherspoon is worried that it has a huge number of email addresses – which it sends newsletters to on a monthly basis – but has never asked (or simply lost) explicit permission. In such a scenario, maybe it makes sense to wipe the email database.”
If this is indeed what happened, the GDPR tsunami could be even bigger than already anticipated. Perhaps hundreds or even thousands of brands will be forced to delete some or all of their customer data for lack of GDPR-compliant consent.
Last call, marketers, to get ready for GDPR. Last call.
By Adrian Nash