General Data Protection Regulation

Wetherspoon’s Deletes All Customer Email Addresses

With less than a year to go until the General Data Protection Regulation comes into force, UK pub chain JD Wetherspoon have done what some email marketers would say is unthinkable: deleted their entire email database. The pub group (known locally as “Wetherspoon’s” or simply “Spoon’s”) sent an email to all customers on their mailing list, to let them know of the radical move:

 

The email doesn’t spell out exactly the reasoning for the deletion, but specifies that the data will be ‘securely deleted’, and that ‘many [customers] consider [email] intrusive’.

Speculation is that the deletion is related to upcoming changes in the law, notably the introduction of the GDPR. NCC Group recently ran an analysis & found that ICO penalty payments from companies in 2016 would have been Seventy Nine times higher had GDPR already been in place (jumping from£880k to £69m).

There’s lots of talk of email risk within companies, and therefore not surprising that some companies with a low perception of the value of their email lists would simply delete them instead of face the risk of fines, breaches, and other negative possible side-effects of holding large amounts of customer data.

Wired had a chat with Wetherspoon’s, who did not mention GDPR specifically, but confirmed the deletion is indeed related to data risk:

“We felt, on balance, that we would rather not hold even email addresses for customers. The less customer information we have, which now is almost none, then the less risk associated with data.”

It’s the first high profile example of this in the run up to the GDPR deadline, but we suspect not the last.

Add comment