Fear. Uncertainty.  Doubt.  As data and marketing professionals we are quite used to players in the technology market using these emotions to promote their solutions.  The latest vehicle for this ‘FUD’ is another ‘initialism’ GDPR – the General Data Protection Regulation.  It has even been characterised as the new Millennium Bug.

In this case however, we are forced to admit, that there may be some justification in a little fear. You see, this regulation has teeth – and sharp ones.  However, before you start running to the hills – or indeed running away from your advisors and their protestations of having the panacea – let’s take a rational look at the highlights of GDPR, and what you can start doing today that will put you in a better position tomorrow.

What is it and why should you care?

  • General Data Protection Regulation rules, published this month, will be applicable by May 25th 2018 to all organisations that operate in the EU market
  • The regulations are extra-territorial. Overseas firms doing business in the EU market are subject to it.  Even if there is a Brexit, UK organisations will still be affected
  • The fines are serious; data breaches can generate fines of €10m or 2% of annual revenue. Wider or consequential breaches of its provisions will generate fines of €20m or 4% of revenue.
  • Consumers have enhanced rights: to be forgotten, for transparency, to know what information is stored, to the protection of personal data
  • Consent to use data must be freely given, specific, informed and unambiguous for each purpose for which the data is being processed
  • The regulation applies (with some nuances) to both the data controller and data processor
  • right to data portability will make it easier for individuals to transmit personal data between service providers.


This article sums it up particularly well: Law Gazette – New EU data protection regulation 

No part of the business will be able to hide from the impact of GDPR.  It’s a big and thorny challenge and not just one for the security team.  When your legal counsel, your internal audit or your COO makes the phone call and asks you where the data is, what will be your answer?  This is a challenge for IT and marketing as well.

If it’s your job to wrestle with the organisational impact of this regulation, then please start asking the data questions now.  Better to know the scale and complexity of the challenge sooner rather than later.

If it’s your job to know where the data is and who you’re marketing to – then please start thinking about your data source catalogue and your data governance policies and controls today.

Compliance is one thing.  However, if you do this right then GDPR could be the catalyst for very positive outcomes in your business as well.  The organisations that are at the vanguard of a response to this challenge will, we predict, be seen as innovators, as brands with a social conscience, protecting their customers and embracing the new commercial paradigms more fully.

Plus, there has always been a strong business case for better information management, solid information governance and sensible information lifecycle management – all of which you will need to explore as part of your response to GDPR.

You can start small, but start soon.

Written by Dominic Bridgman


Talk to us if you want to learn more.

Back to Insights

Bench Newsletter

Register here to receive the latest Newsletter