By now, you will no doubt have received a number of emails or a pop-up notice when you log-in to a website or open a mobile app from different brands, showing how they’re preparing to meet the requirements of the GDPR and/or asking you to review and agree to their terms and conditions and privacy notice.

Here we provide a quick overview of what different brands in different sectors have done.

Aon GDPR email example 
Aon GDPR email example

Aon – ‘a B2B example’

Aon is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. They empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.

Aon has taken the approach of asking their customers to provide consent to continue to receive communications from them by opting in.

They have clearly mentioned the GDPR legislation as the reason for doing this, and have noted what a customer will miss out on receiving from them if they don’t opt in.

Interestingly, they have also included a statement on how they could help customers with their own GDPR governance and cyber security.

Metro Bank GDPR email example 
Metro Bank B2B GDPR email example

Metro Bank – ‘a B2B example’

Metro Bank first opened its doors in the summer of 2010, the first high street bank to open in the UK in over 100 years. In their own words, they're “a bank with stores that are open when it suits you, 7 days a week. A bank where you can walk in without an appointment and walk out with a working account, debit card and all. A bank that tells you exactly what you’re getting, in language that actually makes sense. A bank that puts you first.”

Metro Bank has opted to notify business customers that they are changing their T&Cs (Terms and Conditions) to comply with the GDPR.

It then outlines some of the changes to the T&Cs, and prompts customers to call should they have any questions.

Google Analytics GDPR email example 
Google Analytics GDPR email example

Google Analytics – ‘a marketing tool example’

Google Analytics users will have recently received an email with the words “Action Required” in the subject line.

Google’s email goes on to explain about the changes they have made to the tool and their Ts&Cs and what users need to review and agree to, namely, data retention controls that allows brands to manage how long their user and event data is held on Google’s servers.

They have also notified users that they will be introducing a new user deletion tool before 25 May 2018 – the actual data when the GDPR comes into force – which will allow brands to manage the deletion of all data associated with an individual website visitor from Google Analytics or Analytics 360 properties.

Users also need to review and accept new contractual terms to using Google Analytics, and an EU User Consent Policy, and there are clear links to allow email recipients to do this.


Each company is doing something different in what they communicate to their customers in order to ensure compliance with the GDPR – based on their own circumstances and how they process and store personal data.

 There is no ‘one size fits all’ approach when it comes to GDPR compliance.

How can we help?

We’re currently helping our customers become compliant with the GDPR. As a Sitecore Partner we have been helping identify the data sources and tune the relevant data retention policies to ensure compliance.

If you have data in different places in different systems (possibly in Sitecore xDB and the Sitecore WebForms database), or if you’re having trouble making your website compliant or being able to record consent for direct marketing purposes, and you’d like some help, then just get in touch today.