There is a lot of fear surrounding GDPR, mostly fuelled by clickbait statistics such as only ‘2% of EU IT professionals believe their companies are fully prepared for GDPR’[1] or ‘70% of brand owners don’t feel marketers are fully aware of the extent of GDPR.’[2] The biggest driver of fear is the fact companies failing to comply may be fined €20 million or 4% of global annual turnover.

However, GDPR is a watershed moment for businesses globally. It’s an opportunity for them to be smarter, more creative and more respectful to their customers and prospects. Before exploring this in more detail, here’s a quick intro to the regulation that’s scaring everyone in B2B and B2C. If you know the basics already – look out for part 2 of this blog where I’ll discuss why we should see GDPR as an opportunity rather than an inconvenience.


What is GDPR?

The General Data Protection Regulation (GDPR) is a new EU regulation that introduces rules for the processing of personal information of individuals within the EU. It comes into effect on 25th May 2018.


What does it change?

It puts customers in control as they have genuine choice over how their data is used.

GDPR changes four key things:

  1. Individuals have control over their personal data
  2. Implicit consent changes to explicit consent
  3. Current data is likely to be unusable
  4. Introduces a right to erasure (to be forgotten)

“There’s a lot in the GDPR you’ll recognise from the current law, but make no mistake, this one’s a game changer for everyone.” Elizabeth Denham, UK Information Commissioner


Who does it affect?

  • Any organisation that stores, processes, or handles the personal data of EU citizens
  • Firms outside the EU still need to comply if they handle personal data of any EU customers
  • UK firms still need to comply – Brexit is not a get out of jail free card.

“What must be recognised is that GDPR is an evolution in data protection, not a total revolution. It demands more of organisations in terms of accountability for their use of personal data and enhances the existing rights of individuals.” Steve Wood, Deputy Commissioner (Policy ICO)


Realistically, what’s the impact?

  • New data storage and processing capabilities are required, primarily to deal with the new ‘right to be forgotten’
  • Companies are required to notify regulators and individuals whose personal data is compromised
  • Failure to comply could lead to fines of up to €20 million or 4% of global annual turnover.

In part 2 I’ll look at why businesses should see GDPR as a positive opportunity rather than a negative inconvenience.


[1] Spiceworks. 2017. New Spiceworks Research Reveals Most IT Departments Are Unprepared for GDPR and Unconcerned About Potential Fines

[2] World Federation of Advertisers. 2017.