As we enter the final week before the implementation of the EU General Data Protection Regulation, we will have all seen a substantial increase in requests from companies to opt in to continue receiving their marketing messages. This approach is making many marketing departments uneasy as they fear a dramatic reduction in the size of their mailing lists - but is that necessarily a bad thing?

GDPR does not expressly require every organisation to obtain new consents - only if the original data collection did not match the same standards. However, in many ways it makes very good sense from a data governance perspective to take this opportunity to clean a marketing database. 

Holding large volumes of data without a specific purpose creates a risk for the data controller and a higher “surface area” for cyber attack. It is also contrary to the principles of ensuring that data is held for a specified purpose and no longer than necessary. 

The strengthening of individual rights under GDPR means that it is more important than ever that companies move away from holding data “just in case” and towards more selective data processing.