Cookie banner

This site uses cookies. Select "Block all non-essential cookies" to only allow cookies necessary to display content and enable core site features. Select "Accept all cookies" to also personalize your experience on the site with ads and partner content tailored to your interests, and to allow us to measure the effectiveness of our service.

To learn more, review our Cookie Policy, Privacy Notice and Terms of Use.

clock menu more-arrow no yes mobile

Filed under:

Did Those GDPR Emails Get You to Buy Something?

Because one brand sold $4,000 worth of merchandise thanks to its privacy policy update.

A woman looks at a computer, holding a credit card.
MM.LaFleur’s GDPR email generated more than $4,000 in sales.
Photo: Paul Bradbury/Getty Images

Racked is no longer publishing. Thank you to everyone who read our work over the years. The archives will remain available here; for new stories, head over to, where our staff is covering consumer culture for The Goods by Vox. You can also see what we’re up to by signing up here.

Reasonably, a lot of people have been complaining on social media about the crush of emails they’ve received from brands regarding updates to their privacy policies. In compliance with the European Union’s General Data Protection Regulation (GDPR), which went into effect on May 25, companies now have to tell European customers what personal information they’re gathering and exactly how they’re using that data.

As it turns out, not all GDPR emails are a source of misery for shoppers. Some brands have turned a legal obligation into an opportunity to woo their customers, like the professional apparel label MM.LaFleur, which saw its privacy policy email bring in sales of more than $4,000. That’s less than most of its marketing emails generate, but it surprised the team nonetheless.

“Our expectation was that it would drive zero dollars,” says Tory Hoen, MM.LaFleur’s creative director of brand.

Hoen’s team wanted to make the GDPR message feel specific to MM.LaFleur’s audience of busy professional women, “even though it’s the most boring email that anyone’s going to get.” The result is an efficient note that’s a little sarcastic (subject line: “The most exhilarating email you’ll get today: an update on our privacy policy”) and that slyly nods to the attorneys on their distribution list.

A screen shot of the brand’s email to customers.
MM.LaFleur’s GDPR email.
Photo: MM.LaFleur

Not to sound melodramatic, but there’s a real risk in sending shoppers a winking, overly cute note about a widely discussed topic like data privacy, the danger being that it could fall flat or come off looking lame. As one Twitter user wrote recently, “I don’t know what’s more infuriating now, the level of #GDPR emails or brands [sic] desperate attempts at a luring subject line!”

MM.LaFleur seems to have avoided that fate. So did Reformation, which gave its privacy policy update a breezy, low-key tone that acknowledged how exhausted its shoppers probably were by the onslaught of GDPR emails.

Turning a GDPR email into a branding moment and a way to connect with shoppers is significant precisely because GDPR emails are a reminder that we have good reason to distrust the companies we buy things from, many of which gather and use our data in ways we’re not informed about.

Indeed, plenty of brands irritated the heck out of their shoppers with overzealous messages ahead of (and after) the GDPR deadline on Friday, May 25. A number of people on Twitter called out Asos for waking them up in the middle of the night with text messages about it. (Asos declined to comment about its GDPR strategy for this story.)

Did you, like those MM.LaFleur shoppers, wind up buying something because of a GDPR email? If so, tell me about it at