educational

How Strict Data Protection Laws in the U.K. Can Affect Your Business

How Strict Data Protection Laws in the U.K. Can Affect Your Business

When reading the likes of XBIZ and words such as “permission,” “consent,” “controller” “enforcement” and “punishment” bandied about, you’d be forgiven for expecting a feature on BDSM or kink trends of some sort. I’m sad to be the bearer of disappointing news, but in this case, it’s not to be.

If you’re reading this article and you’re somewhere in the European Union, your various email inboxes will already have been bursting at the seams over the past few weeks as all sorts of organizations went into panic mode as GDPR day — May 25 — came closer. In the U.K., one day before the GDPR (General Data Protection Regulation) became enforceable, the Information Commissioner’s Office website actually crashed under the deluge of last minute requests for information and assistance.

And while great focus has been made regarding sex- and body-positivity, isn’t it hypocritical if a manufacturer or retailer espousing such values isn’t also “data-positive?’”

If you’re outside of the E.U. however, don’t automatically assume you’re absolved of any responsibility. If you’re holding any personal data of an E.U. citizen — whether suppliers, customers, employees — then you’re bound to adhere to the GDPR too, regardless of whether you’re based in Tampa, Tokyo, and everywhere in between.

So why is the GDPR important? Put simply, it gives consumers a number of rights regarding their personal data. These are: the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and finally rights in relation to automated decision-making and profiling.

In practical terms, this includes websites now showing the correct cookie notifications with settings allowing visitors to select the cookies they wish installed for particular purposes. There also needs to be a fit-for-purpose privacy policy. You may also have to review any signup processes for mailing lists and the like (hint: double opt-in is good).

There’s also the back-office side of things to consider. Everything needs to be ship-shape vis-à-vis how data is stored, how secure it is, and which lawful basis is used for different types of data. While there are several different lawful bases to process customer data, the most common ones employed will be those of: “contract”; “consent”; and “legitimate interest.”

In practical terms, sales enquiries or customer transaction details will obviously come under “contract.” If you offer a newsletter and your website visitors can sign up to receive it, then this falls under “consent” (Believe me, I wish I could have peppered this month’s column with more enjoyable plays on words, but suffice to say there’s no kinky Christian Grey motifs when it comes to the matter of consent). And while we’re talking about this, ensure there’s a double opt-in subscription and verification process.

If like me, you use popular apps such as MailChimp for your newsletters and other mailings, you probably can’t have missed their numerous notifications about it all. If you’re inputting E.U. citizen data into MailChimp then you’ll need an agreement in place between the two of you. Luckily, MailChimp have been very proactive on the matter of GDPR (they’ve always been big on consent and permission issues, even pre-GDPR) and there’s a whole gamut of relevant content on their website pertaining to this. And when it comes to the matter of the agreement, that’s outrageously simple to obtain as well, taking mere minutes for it to be arranged and emailed to you.

What about business development for B2B players? Some manufacturers and distributors may be feeling that with all this regulation concerning what they can and can’t do with data, prospecting or making connections is verboten. Relax, you can still hold and process this data under the lawful basis of “legitimate interest.” But in a similar vein do ensure you’re sourcing contact details and subsequently contacting them in the appropriate manner.

These words are of course no substitute for legal advice or the fine print of the new legislation. For English speakers, I’d urge you to read the introduction to the GDPR document produced by the Information Commissioner’s Office. Granted, it’s not the most entertaining PDF file you’ll read, but it is straightforward and fairly easy to understand. But read it you should. Furthermore, if you are holding and processing personal data such as sexual orientation, behavior, or relationship status, this requires additional attention.

These are of course merely some of the overt measures that are required of you. And not just required, but expected of you too, from clued up, privacy-conscious carnal consumers. Much as consumers are avoiding sketchy websites devoid of brand personality they may well be now using another key criterion as to whether to spend any more time on your website: your privacy policy (or lack of one) and commitment to robust data storage and proportionate processing.

Of course, if you’ve just become aware of this, and it all seems overwhelming, don’t panic.

Here in the U.K., the message apparently coming from the authorities is that they’d much rather have people make a commitment to compliancy — even if currently lacking in areas just now — and take appropriate steps in the right direction to achieve full compliance, rather than deliberately trying to avoid it all by pretending GDPR doesn’t exist. It does, and it’s here to stay. And while there are some serious fines (we’re talking about millions of Pounds or Euros) for offenders, this isn’t going to come out of the blue. Warnings and reprimands will be the first stages in enforcement.

Of course there will be businesses who will — unfortunately — be inclined to try and stay below the radar. But is this a worthwhile strategy to take? I guess it depends. How much trade comes from within the E.U.? If it’s hardly anything and you think you can recoup this from increased domestic or non-E.U. based transactions, perhaps there’s something to be said for blocking your website to web visitors from those areas and deleting any affected customer data already held.

But, what kind of a signal does such an approach say to the industry in general and to potential customers — wherever they may be? That your back office admin is a mess? That your data policy is non-existent? That customer details lack appropriate protection and security? In the absence of anything more visible or reassuring, this may become the default attitude.

In conclusion, if customers are choosing to purchase products from your company, surely the least you can do is ensure their data is accurate and secure? And while great focus has been made regarding sex- and body-positivity, isn’t it hypocritical if a manufacturer or retailer espousing such values isn’t also “data-positive?”

Furthermore, it’s no over-exaggeration to state that erotic and adult sectors are often targets for various social and political pressure groups and campaigners. Far be it for me to paint a dour and cynical outlook on things, but it’s also not a complete stretch to imagine such groups looking to cause trouble by making complaints about the lack of privacy policies or insufficient cookie notifications on selected websites.

Given the choice of either an erotic retailing company or a local florist falling short on their data protection, which one do you think a newspaper editor will inherently focus on? Yep, you guessed right. So, if you’re sex-positive, get data-positive too. Start now as there’s no time to waste.

Brian Gray is the founder and head consultant at Lascivious Marketing, based in Glasgow, U.K. With two decades of marketing experience in a variety of roles and industry sectors, Gray helps manufacturers, wholesalers and retailers in the erotic industry improve their marketing performance through strong brand creation, better customer understanding and insight, tailored marketing planning and communications through focused effort. He was also the founder of the XBIZ.net London Gathering networking events back in 2010.

Gray can be contacted at lasciviousmarketing.com, found on Twitter @LasciviousMktng and XBIZ.net or phoned on +44 (0)141 255 0769.

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Mitigating Retail Shrink Through Intelligent Video Solutions

Retail shrink isn’t just a cost of doing business — it’s an existential threat. Theft, fraud, operational inefficiencies and employee mismanagement chip away at profits in ways that many business owners don’t even realize.

Sean Quinn ·
opinion

The Power of Authenticity in Selling Pleasure Products

I’ve been working in the pleasure industry for more than two decades. For a significant chunk of that time, I thought that to be successful in sales, I had to fit a mold. I assumed that selling meant following a formula: say the right things, use the right voice and present myself in a way that was guaranteed to convert.

Kimberly Scott Faubel ·
profile

Dennis DeSantis on Building a Blockbuster Career in Adult Retail

The adult industry and the mainstream Hollywood scene often intersect, and few executives are more familiar with that crossover than Dennis DeSantis.

Ariana Rodriguez ·
profile

'Pleasure Professionals Place' Facebook Group Marks 5 Years of Fostering Connections

Where can you find the pleasure industry’s most tantalizing, trending and relevant conversational banter? For once, we’re not talking about a trade show after-party!

Colleen Godin ·
opinion

How Cannabis Culture Is Reshaping Sexual Wellness, Pleasure

April is a month of celebration: Lovers Day, Earth Day… and 4/20. Once a subculture symbol, “420” has evolved into a movement that bridges cannabis advocacy, wellness and an increasingly vital discussion around sexual health and pleasure.

Ian Kulp ·
profile

WIA Profile: Holly Corbella

Even during last year’s retail slump, the adult home party business continued to rock and roll — at least in New Jersey. Just ask Holly Corbella. Based in the Garden State, Corbella is the founder, CEO and lead party planner for Parties by Bellas, an intimate, in-home sex toy event company focusing on creating budget-friendly home parties for women on the East Coast.

Women In Adult ·
profile

Friday Bae Founder Benoit Palix Discusses Brand's Gen Z Focus

French sexual wellness brand Friday Bae is aiming to disrupt the market with its genderfluid, inclusive pleasure products. With bright pops of color for Gen Z and millennials to swoon over, Friday Bae is merging creativity and education for fans, dubbed the “Bae Squad.”

Namma Karp ·
profile

Self Serve's Matie Fricker on Promoting Sex-Positivity in Albuquerque

For 18 years, Self Serve has been providing a sex-positive space for adult toys and resources to folks in Albuquerque, New Mexico. The story behind its success is all about making connections: connecting with your passion, with your business partner, with your customers, with your staff and with your community.

Justin Goodrum ·
opinion

Why Inclusivity in the Pleasure Industry Is More Important Than Ever

2025 has kicked off with a series of unsettling events. Tension and anxiety are high across North America as the unknown impact of tariffs, climate change and attacks on human rights loom ominously. In times of unrest, seeking pleasure is not frivolity but necessity.

Sarah Tomchesson ·
opinion

2025's Top Tech Trends That Adult Retailers Should Know About

I just got back from the National Retail Federation’s Annual Convention & Expo, also known as “Retail’s Big Show,” where I walked the floor, sat in on key panels, talked with industry experts and influencers, and did my best to sift through the b.s. so I could report back to you all on the things you need to care about.

Sean Quinn ·
Show More