GDPR (General Data Protection Regulation) – It’s not all bad news for business

So much has been written in the media over the last six to eight months about GDPR (General Data Protection Regulation) becoming law in May 2018.  Much of which has been very confusing so by reading an article about it in The Catalyst magazine, published by the Chartered Institute of Marketing, I was hoping for some clarity in terms of what UK businesses have to do to comply.

Whilst there has been a huge amount of negative comment about this pending new regulation, in actual fact there are some real opportunities for marketers to build trust and they “ can be creative in how the new regulations are communicated to customers and wider audiences”.  We should all view this as a positive move forward to a more transparent world from a business perspective. The massive advantage for a UK business is that it “ streamlines the entire process of collecting personal data within the EU, doing away with the need to understand the regulation framework in all 27 states”.  This of course takes a huge pressure off businesses to keep up to speed with EU (data collection) regulation changes which saves time and money.

Based on a survey of 600 IT decision-makers by Sophos, an IT security firm, it’s safe to say that many British companies are unsure about their responsibilities and as such un-prepared.  The results of this survey did not surprise me and are certainly in line with my own findings.

However,  there are some simple guidelines that all companies, regardless of their size, can easily incorporate in to their data security policy. Companies should ensure their operating systems and software are up to date, implement encryption for sensitive data and educate employees about the risk of phishing and other social engineering attacks.

It’s vital that all companies change how they manage the data that comes in to their business so that they comply with the new regulation.  As this can take a long time to implement it’s wise to start the process as early as possible. The Information Commissioner’s Office ( has put together a very useful infographic outlining 12 steps to take to prepare for GDPR. If you would like to see it click this link.