GDPR, competitions and compers

You’ve probably heard the letters GDPR mentioned an awful lot lately! It’s General Data Protection Regulation and came into force across Europe on 25th May 2018.

What is GDPR?

GDPR is a regulation on data protection and privacy for all individuals within the European Union. If a business processes personal data, they must have a lawful basis to do so – obtaining consent is just one of these. Another, simpler, lawful basis which many businesses are relying on is legitimate interests where it’s OK to send marketing to existing customers, as long as there is a clear opt-out included.

Businesses should obtain consent from new customers to send them marketing materials (email or post), or have their details stored. In addition, businesses must be able to show how and when they obtained consent. Because it’s a regulation, it is legally binding – meaning a business that fails to comply could get a huge fine of up to €20 million or 4% of global turnover!

Individuals can ask businesses exactly what information they have about them, who it is shared with and what it has been used for. They can also ask for all their information to be deleted (the “right to be forgotten”).

Mailing lists

If you subscribe to a lot of mailing lists you’re probably already receiving emails from quite a few! They want to check that you’re still interested in hearing from them – and you will need to complete an affirmative action in order to continue to receive email updates (ie. you will be asked to click a link to subscribe, rather than to unsubscribe!). In most cases, you will automatically be removed from their records UNLESS you take action by clicking a link, replying to an email, etc. However, as mentioned above, the legitimate interests basis means that businesses do not have to ask you for consent – as long as they provide an option for you to opt out or unsubscribe from future correspondence.

Will GDPR affect prize draws and competitions?

One of the things we commonly see on an entry form (online or printed) is a tick box stating ‘Please tick if you want to hear from us in future’. Confusingly, on many of these forms it might say ‘Please tick if you DON’T want to hear from us in future’. Or the box itself might already be ticked – and you have to untick it if you don’t want to subscribe to their mailing list!

This has always been misleading and confusing, and GDPR aims to simplify things by only allowing an affirmative opt-in action. ie. You MUST tick a box to allow the company to contact you – they cannot assume that by entering a prize draw or competition, that you want to be contacted again in future (unless of course, you’re the winner!)

Most importantly, this will see the end of pre-ticked boxes or small print that states your details will be passed on to third parties – the awful feature on many survey websites (please note the examples below are from two websites I would NEVER recommend you use!)

So, a prize draw entry form with ‘By entering this prize draw, you will be subscribed to our mailing list and can unsubscribe at any time’ in small print below will no longer be permitted (see example below from

Instead, there should be a empty tick box which the entrant must tick to opt in to further communication. Entering a prize draw and joining a mailing list should be treated as different actions, and not combined – the entrant completes a form to enter the prize draw (and accepts the T&Cs), then if there’s an option, they can choose to tick a separate box to receive further information.

So, prize draws where you can’t enter without ticking a box to opt in will no longer be allowed (see the example from TopFox below).

It remains to be seen how GDPR will affect automatic entry prize draws too – Swipe to Win as an example, where you’re entered to win simply by purchasing a product (and might well be unaware that you’re even entered into a prize draw!). All Tesco’s current promotions are now text to win, suggesting that their ‘Buy Scan Win’ promotions have been retired.


Unfortunately, the GDPR regulations won’t be able to do much about the vast amounts of spam email we get – much of which is from outside the UK. You’ll have to rely on junk mail filters, and also flag any dodgy mail as spam when it arrives in your inbox. If you’ve received a spam email from a UK-based company, you can report it to the ICO.

If you have a concern about the way an organisation is handling your personal information, you can contact the ICO to investigate.

I’ll keep this blog post updated as we discover more about the effects of GDPR on running prize promotions. Please leave a comment to let me know your thoughts!

12 Responses

  1. Bec says:

    Hi. If a competition entrant ticks the empty box saying they agree to join our mailing list, do we still need to send them an email asking them to confirm they want to be added to our list? Or can we just add them straight to our list and start sending them our newsletters? Thanks 🙂

    • Di says:

      If they’ve ticked the box, it’s ok to add them directly to the list – although a lot of people still activate a ‘double opt in’ just to be sure – it lessens the risk of that person flagging your emails as spam!

  2. Lydia Frew says:

    The latest COMPERS NEWS competition for British Sandwich Week promoted on Facebook has a single tick box to enter the draw, accept the competition T&cs AND be subscribed to promoter and THIRD PARTY mailing lists! When I queried it, they said it was OK! The last section of the T&cs state “Details of all entries will be kept on a database. By entering these competitions you are agreeing to receive details of future related content from Accolade Publishing Limited and selected third parties. If you do not want to receive any further information from us then please unsubscribe from our mailing list by emailing with Mailing Preference Service in the Subject Line.” This does not seem in line with your article above. The comp is here:

  3. Sarah says:

    I think this might limit the amount of competitions we see in the future.

    It’s clear a lot of companys use competitions to make leads via a mailing list and poor sign up might make them think twice next time.

    Although I agree with the ability to ‘be forgotten’ and request on how/what information is held or shared, I think the current newsletter sign up and unsubscribe link is fine as it is.

    Affirmative action seems like overkill, it will harm a lot of reputable companies that hard fought to get you to sign up by being lost in the noise, while doing absolutely nothing to limit SPAM.

  4. Derek Wilson says:

    It might be psychological, but I already feel like I’ve received fewer emails over the last couple of weeks, even though the regulations don’t come into force until later this month.

  5. John Ettery says:

    I thinks it’s great that they won’t be able to force you into signing to their newsletters to enter a comp. I have heard about GDPR a lot recenlty, and I have been getting lots of emails asking if I wanted to continue with newsletters, and to be honest I couldn’t understand why? Now I know, so Thank You Di, for explaining it all.

    • Gareth says:

      While I get where you are coming from, I also don’t understand why we feel we should be able to get something for nothing. The prizes come with a cost, and that cost is balanced against the revenue it might generate (usually by way of adding new potential customers to a mailing list).

      Why should we be entitled to prizes from companies when we give nothing in return? It’s like people freaking out about how Google or Facebook use our data, but then would never entertain the idea of paying for either of these services. Do they think they cost nothing to run or are charities?

      • Di says:

        I agree Gareth, I have no issue with signing up to receive more information when entering a competition at all – as long as it’s clearly stated what you’re signing up for (and also if they’re passing details onto third parties). You’re absolutely right that companies who offer prizes should expect something in return – whether that’s our email address, postal address, phone number, etc. If people aren’t happy passing on all these details, they can always stick to social media comps!

  6. Nikki Hayes says:

    I signed up to MyOffers many years ago when I was a fresh and naive comper – couldn’t believe the deluge of spam I received! Happily I’m wiser these days and statements like the one you showed above (particular the contact via telephone and SMS) mean I immediately close the page and go no further with the “competition” entry :o)

  7. Lydia Frew says:

    Even the big companies are not on top of this yet. Argos already has a comp running that finishes in June but is making newsletter subscription a condition of entry. It’s ok for now but on 25th May, halfway through the entry period, it will breach GDPR! I notified them but they just offered to remove MY name from their mailing list! I recommended they pass my comments onto their legal department.

  8. Frances Heaton says:

    Another excellent article, thanks Di. Have already received lots of emails asking whether I want to keep receiving various company emails, and like you say, it’s a good chance to lighten the overwhelming email load.
    The research you do and insight into various rules and regulations is invaluable for us compers.
    Thank you, very much appreciated.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.