Words by Gary Ingram, TheDiamondStore.co.uk

We all remember the hype running up to May 2018, when the GDPR came to force. But what has been the reality since? How has the widest-reaching data protection legislation ever affected online jewellery retail, where business models depend on data capture, processing and storage?

Last year, the prevailing feeling for business owners was that there definitely was no escaping the GDPR. The public awareness campaign was simply unprecedented. From bus advertising to television, everybody was talking about it. What the EU and the UK governments wanted was, of course, great for the consumer: a strong commitment from businesses to use personal data in a responsible way.


However, as a result of all the hype, we found that the hardest part of the implementation process was actually sifting through the overwhelming amount of advice out there and working out what we needed to do in practice.

What we ended up putting in place included things like a better privacy policy, improved opt-ins, re-subscription messages sent to our mailing lists and internal tech protocols to ensure we were equipped to deal with requests for total data deletion. Then, like everybody else, we waited nervously for the 1st May and the avalanche of data protection requests to come.

In a whopping (and almost disappointing) anti-climax, that avalanche never arrived.

Our first GDPR-related request came on 5th May 2018. Since then, we have had 21 more. Certainly, no strain on our resources, and we don’t currently expect the volume to increase.

Having said that, not every single request has been easy to deal with. Some of the data protection rights are not absolute. We do have, for example, a legal duty to store data on customer transactions and VAT information for a number of years. Data protection requests cannot be ignored and we have had to address some cases individually – brainstorming to respect the rights of the consumer while making sure we’ve thought of the human, tech and legal practicalities for our business.

One very positive and unexpected result, however, is that our marketing subscription and engagement rates have almost doubled since last May. Additionally, our usual low unsubscribe rate has remained the same. Because we expected the GDPR to have the opposite effect, this has been a pleasant surprise.

Thinking about it in hindsight, it does make sense.

Last spring, the pre-GDPR craze forced us to analyse and hone the quality of our marketing output. We examined what were we doing well and not so well. We looked at why our potential and existing customers engaged with certain types of marketing communications more than others. Finally, we worked hard to make our newsletters and social media promotions more customer-centric, varied and entertaining.

Only pressure can produce a diamond, and so it seems too in the case of data protection. As much of a headache as implementing the GDPR systems seemed last year, for us, it has actually resulted in better marketing practices and happier customers. A win-win situation all around.

We’d love to hear your thoughts and experiences on GDPR in the comments below.