Press releases

Almost a quarter of consumers have opted-out of direct marketing since GDPR

23 November 2018

Six months on from the General Data Protection Regulation (GDPR) becoming effective, 23% of consumers have already exercised their right to opt-out of direct marketing from service providers and retailers, according to new global research by Deloitte.

The views of 1,650 individuals found that the majority (84%) are aware of opting-out rights, whilst 12% have requested complete erasure. One in ten have also submitted access requests to those organisations that hold their personal data since May.

Despite a significant opt-out rate, the good news for businesses is that many consumers (60%) are still willing to share information on themselves in exchange for personalised benefits or discounts, according to Deloitte’s findings.

Peter Gooch, cyber risk partner at Deloitte, said:

“Undoubtedly, this all speaks to greater consumer awareness of what organisations can and cannot do with individuals’ data. Interestingly, our research found that a fifth of consumers do not ever intend to opt-out of direct marketing despite it requiring simple self-service to enact in most instances.

“Until now, GDPR preparations appear to have focussed on internal governance and controls rather than more thoughtful, consumer-centric data management. This is demonstrated by the fact that 49% of customers do not feel more in control of their personal data since GDPR was introduced, and 32% still do not read lengthy privacy notices. Despite this, 67% say that they would share more data and trust organisations more if there was greater transparency and control.

“Trust in business is, evidently, still paramount. We know that a breach of data can seriously impact consumer trust in a brand, and 17% of respondents said they would stop using a service or buying from an organisation entirely in the event of a breach. For existing customers, 25% would lose trust in the organisation and, for potential customers, engaging with a brand with a history of a data compromise would be a ‘concern’ for 70%. These concerns are vitally important for businesses to consider, with many still embedding their GDPR processes and systems six months on.”


About the survey
Deloitte’s General Data Protection Regulation (GDPR) survey is based on 1,650 responses from consumers in 11 countries, including: UK, US, Canada, Spain, Italy, Netherlands, France, India, Sweden and Australia.

About Deloitte
In this press release references to Deloitte are references to Deloitte LLP, which is among the country's leading professional services firms.

Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see for a detailed description of the legal structure of DTTL and its member firms.

The information contained in this press release is correct at the time of going to press.

For more information, please visit

Member of Deloitte Touche Tohmatsu Limited

Did you find this useful?