According to business research firm TrustArc, 80% of surveyed businesses in the U.S. and UK, are still not compliant with GDPR. 93% of companies surveyed expect to be compliant with new EU general data protection regulations by the end of 2019. However, the grace period for GDPR non-compliance ended on May 25th, 2018.

Media Agencies Still Aren’t Taking GDPR regulation Seriously

The European Union has given EU member states authority to enforce GDPR. As with all new regulations there is sometimes a delay as member states come to terms with the new rules. You needed to be compliant by 25th May 2018, yet still some companies are not adhering to GDPR which could result in fines if not adopted.

GDPR Fines for Non-Compliance are Here

Everything DM LTD is a digital marketing agency based in Stevenage in the UK. According to Everything DM, “If your marketing isn’t producing the results you want, we need to talk!” However, Everything DM just became one of the first notable digital marketing agencies to be cut down to size by the EU.

In September, Everything DM was fined £60,000 by the EU Information Commissioner’s Office (ICO). Specifically, due to sending 1.42 million unsolicited marketing emails.

  • Everything DM did not acquire the informed consent of recipients before sending marketing emails
  • Emails sent by Everything DM gave the impression that they were sent out directly by Everything DM’s clients
  • The marketing agency attempted to argue that they had acquired consent from third-party sources. However, this couldn’t be proven and would still be in breach of GDPR
The lesson learned? Non-compliance with GDPR is not an option. Moreover, GDPR fines aren’t just being levied against UK and EU based companies.

Piles of coins

Notable GDPR investigations so far

  • AggregateIQ (AIQ) a Canadian data analytics company was recently issued with the first ever GDPR breach notice for £17 million for non-compliance.
  • Credit rating agency Equifax was issued with a £500,000 fine concerning failure to adequately protect user data pre GDPR in 2017, narrowly avoiding much larger fines under GDPR.
  • Social Media giant Facebook could face fines of up to $1.63 billion under a current GDPR investigation.

Why Digital Marketing & Media Companies are at Risk

Under GDPR, explicit informed consent needs to be given by EU citizens, before receipt of marketing emails, targeted ads, and other communications. Proof of consent and any personally identifiable information also needs to be stored in a way which ensures that it can not be stolen, leaked, or shared without explicit authorisation.

Sadly, many media agencies see GDPR compliance as complicated and possibly detrimental. Acquiring informed consent from marketing respondents threatens to impact profits. Moreover, many media agencies lack the IT infrastructure required to store vast amounts of user data securely.

The LeadLabs Solution

Ideas Light Bulb

In the case of Everything DM LTD, £60,000 GDPR fines could have been completely avoided. Tick box options by subscription areas, unambiguous terms of service, and secure storage of consent information would have been enough to ensure GDPR compliance.

To help similar media agencies avoid fines in future, Lead Labs offers a suite of tools, designed using Privacy by design, specifically what the EU expects of ad agencies and businesses serving EU citizens under GDPR.
  • LeadLabs helps businesses store data on EU servers which are fully compliant with GDPR
  • Ready to launch sales funnel websites offered by LeadLabs feature version controlled terms and conditions and GDPR compliant privacy policies
  • All LeadLabs websites feature GDPR compliant tick box options, complete with ready to deploy lead generation tools


Is your media agency lagging behind when it comes to compliance with new EU general data protection regulations? If so, be aware that non-compliance is not an option. To safeguard your business, reach out to LeadLabs today for a free GDPR site audit.


We promise. No spam.