How the GDPR stole Christmas


Since the GDPR came into force in May this year, there has been a lot of confusion and misconceptions surrounding the new regulations and how they apply to both businesses and individuals.

However, some accusations circulating around social media channels may just be taking it one step too far…

  • He’s making a list,
  • He’s checking it twice,
  • He’s gonna find out who’s naughty or nice,
  • Santa Claus is in contravention of Article 4 of the General Data Protection Regulation (EU) 2016/679.

This is just one of the myths currently doing the rounds concerning Christmas and the GDPR. We’re here to try and sort out the GDPR facts from the fiction.

Myth No 1: Children’s public letters to Santa are banned

The town of Roth in Germany had a tradition where the children of the town would post letters to Santa on a tree. As these wish-lists included contact details (so that the children’s wishes could be granted), and the children were minors, their parents must provide consent for this data to be processed.

Luckily, after the town council had initially announced the end of this practice, they decided to produce new forms which allowed room for both the child’s letter and a parent’s signature, so the tradition will be continuing this year.

Interestingly, the European Commission pointed out that these have been the rules for the last 20 years, and remain unchanged by the GDPR.

Myth No 2: If you don’t get consent from the recipient, you shouldn’t send Christmas cards

The ICO states quite clearly that Christmas cards are not banned, for either individuals or businesses. You’re perfectly fine sending cards to colleagues, neighbours, friends and family.

However, you may need to be a bit more careful if you’re a business, especially if you’re sending cards that contain marketing messages via email. The Privacy and Electronic Communication Regulation (PECR) rules on electronic marketing continue to apply. However, if you’re just sending a Christmas Card to an established client that doesn’t contain any direct marketing, then GDPR does not apply!

Myth No 3: If you buy something online as a guest rather than a registered user you can’t return the items if they’re faulty

A recent news article suggested that as a consumer had checked out as a guest when purchasing online, they weren’t able to return the item when it turned out to be faulty. This turned out not to be anything to do with the GDPR, more a limitation with the website in question.

The ICO state “GDPR has no detrimental effect whatsoever on your rights under consumer protection legislation”. So, there’s no need to be worried about sending Christmas cards, or returning unwanted gifts – you’re unlikely to be contravening GDPR legislation. As the ICO state “if it sounds too far-fetched to be true, then it probably is”.

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Maxine Green

  • Company:

    Digital Marketing Manager

  • Bio:

    Maxine has worked for QMS since 2018, and is focused on providing informational content that will help businesses to grow and develop.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only