GDPR – How are businesses coping?

Now that GDPR has been in force for a number of months, we thought it was time to take a look at how it’s affecting businesses. Are companies struggling to keep up? What impact have the regulations had on digital services? Are we likely to see organisations punished with large fines in the future? Here, we take a look at how businesses are coping with GDPR and what challenges they face.

Struggling to cope with data requests

With the introduction of GDPR, businesses have found themselves struggling to keep up with a large increase in data requests being filed. Businesses such as Facebook, Netflix, and Marriott are reportedly overwhelmed by the incredible number of requests they’re faced with, and the administrative burden is thought to be huge. This situation is exacerbated by the concerted efforts of online privacy activists, who are creating apps and websites that make it easier to file a request. The Cambridge Analytica scandal has also thrown a serious amount of fuel on the fire and encouraged greater quantities of people to challenge big businesses’ data collection practices.

Searching for that data

Businesses are also struggling to locate and identify all the personal data that they’ve retained over the years. Customers now communicate with businesses over numerous different platforms, in many different ways, with all the data collected stored in a largely unorganised manner. All parts of a business collect customer data, meaning that the information harvested is often siloed and stored throughout the organisation in different places and ways. Retrieving this data is proving extremely expensive, both financially, and in the amount of time being dedicated to data collation.

 Frantic marketing messages

As you’ve probably noticed, marketing departments have been hit hard by GDPR and are frantically attempting to contact their customers in an effort to update their consent agreements. Email inboxes have been flooded with messages requesting users renew their consent to be contacted, and businesses are concerned that their marketing base could be drastically reduced by new GDPR regulations.

 Slim pickings from some companies

Some businesses have decided to reduce their exposure to potential GDPR punishments altogether by temporarily suspending services or cutting back the products they offer. For instance, USA Today are offering European online readers a heavily edited, ad-free version of their content, while the LA Times and Chicago Tribune online experiences are now unavailable to European users.

This approach has been pursued predominately by organisations operating outside of the EU, who may not have been as prepared for the introduction of GDPR as their European counterparts. This ‘not worth the risk’ approach demonstrates just how seriously organisations are taking GDPR and its hefty financial penalties.

Loss of important records

A number of organisations were also forced to delete large swathes of important customer data before and after the GDPR deadline, in order to ensure that they didn’t fall foul of the regulations. The TV and movie review app, Stardust, deleted all EU-based users’ records, as did – an email filter app. However, it is worth noting that the vast majority of organisations taking these drastic steps are smaller businesses that simply don’t have the resources to prepare for GDPR or who are unable to build new systems that comply with the regulations.

The GDPR awareness effect

The introduction of GDPR seems to have had an impact on public awareness of digital privacy issues. This in turn has affected those organisations that have developed a business model orientated towards personal data collection. With the implementation of GDPR, companies like Facebook have experienced drops in membership figures, as users become increasingly aware of potentially troubling privacy policies.

It’s difficult to determine whether lower membership figures are entirely due to GDPR (Facebook were still suffering from the fallout of the Cambridge Analytica scandal at the time of writing), but the policy does seem to be impacting on these types of business.


This is not legal advice; it is intended to provide information of general interest about current legal issues. 


Jane Crosby

Partner, Dispute Resolution

Jane specialises in commercial litigation and employment law acting for both employers and employees in both contentious and non-contentious matters. She has also over recent...

Partner, Dispute Resolution

Jane Crosby

Jane specialises in commercial litigation and employment law acting for both employers and employees in both contentious and non-contentious matters. She has also over recent years carved out something of a niche in the field of mobile homes legislation acting for an owner with a number of sites.

Having studied geography at University College London Jane worked for a number of years in the aviation industry which has given her a real insight into the challenges faced by most businesses. Jane qualified as a Solicitor in 2004 before joining Hart Brown in 2011 and becoming a Partner in July 2018. Not only is Jane our specialist in employment law but she is also a prolific blogger within Hart Brown. You can find many of her articles on the 'News' section of the website.

Jane often receives praise from her clients:

“I appreciated the clarity of advice given at a stressful time”.

“A sensitive and highly professional approach and efficient work in the interests of the client”.

“Your advice, conduct and assistance have been indeed outstanding and very professional but also – and most importantly – very humane”.