GDPR – the land of opportunity

GDPR – the land of opportunity

By Steven Orpwood, Senior Consultant and DPO

My colleagues and I recently attended the GDPR Summit in London as a sponsor. As with all such events there’s a mix of excitement, at presenting your services to potential new clients and seeing the potential benefits, and bewilderment, at finding out something that you had only suspected previously. In this case it was the general level of understanding of what GDPR is, and what it means for businesses.  In particular, twenty one months since GDPR was adopted and only four months until the regulation is enforceable, there is a distinct lack of focus on small and medium enterprise businesses, and much misinformation about the actions required. Please note, in case anyone was under any illusions to the contrary, a data breach is a data breach and someone loses out; business size is not the best way to judge the impact.

As discussed in my last Blog, there are some key operational elements that will set you on your way to compliance with the regulation, but there is still a feeling that this is a bureaucratic tool with all the positives of a lead weight at a swimming gala. However, imagine we think of it as a plus, something to elevate you above your competitors?  I propose that aside from legal compliance, businesses should focus on their ethical responsibility to their employees and customers. Yes, there are reporting obligations but ultimately, the regulation is a framework designed to protect a data subject’s personal data in an ever more complex world. Gone are the days when all data was stored in filing cabinets and card index files. Now it’s stored in multiple formats and in many places, copies proliferate, and since space isn’t an issue, why should old data be removed. But here’s the rub, such freedom with data makes us sloppy and exposes us, and others, to unscrupulous third parties who don’t care about the damage created, financial and emotional, by their misuse of data for personal profit.

So if you are an SME and you know that GDPR is looming but you’re wondering what all the fuss is about, it’s worth equating this to having a great marketing idea posted in your ‘suggestions’ box, and although it will require some effort, the possibilities far outweigh the costs. Perhaps I’m being glass half full, but then every risk has an associated opportunity.


For more information about how we can help you through the GDPR journey, read here.

If you would like to receive a complimentary copy of our GDPR Compliance Checklist to help you understand the key areas of GDPR, please email us here.