Are you GDPR ready?

Conventional wisdom would have us believe that it’s love that makes the world go around.  Or money.  But in the 21st century, digital age, it’s actually data that’s the most valuable currency of all.

Capturing, analysing and utilising data to engage with existing and potential customers has become core to the way most organisations operate.  Data is precious – and yet most of us give away personal data for free on a daily basis. Whether we’re using a loyalty card in the supermarket, posting on social media or buying something online, our data is being collected and we’re not always in control of how it’s used from there on in.

But, in May next year, there will be a seismic shift in the way that businesses, public sector organisations and charities are permitted to utilise data and the way they’re required to store it.

On 25th May 2018, following a two year transition process that has been underway for the past 18 months, the GDPR (General Data Protection Regulation) legislation will become enforceable under EU law, introducing greater accountability for the use and storage of data. And, despite the fact that the UK is leaving the EU, the British Government has made it clear that we will be permanently adopting GDPR and applying the rigorous penalties involved for those that flout it.

And yet, many organisations haven’t even realised that the legislation is coming, let alone invested in preparing for it.

So what do the changes actually mean? The impact of the new legislation varies depending on the size and nature of your organisation, but it will apply all organisation, even to small businesses. And the penalties for non-compliance are considerable: up to four per cent of global annual turnover or €20 million, whichever is greater.

GDPR builds on existing data protection laws but is much broader it is scope and focuses on how securely data is protected by legitimate users, in addition to its misuse. An organisation must not only be able to prove that data has been ‘opted in’ but must also be able to demonstrate that they are keeping all personal data securely.  They also have to be able to ‘forget’ data on request by deleting all traces of it from their systems.

It’s an area of law that will be particularly relevant to marketing companies and marketing functions within business, which is why Clare PR has invested in ensuring we’re up to date with what’s involved.

The good news is that there are lots of seminars and training courses out there and plenty of useful information from the Information Commissioner’s Office at

Picture credit: William Bout

Read Original Post

  1. Really interesting article, Clare – thank you. Some of the issues you covered got a good airing in Committee Room 10 of the House of Commons last week, just as the Data Protection Bill (incorporating the GDPR provisions) was undergoing its first day of Committee Stage in “the other place” –
    We also, of course, are likely to have the Privacy & Electronic Communications Regulation, currently wending its way through the European Institutions, to transpose into UK law soon too (albeit not at the same time as the GDPR, as originally envisaged…), which I imagine is capturing the attention of the CIPR’s marketing communications group, amongst others, right now.

Leave a Reply

Your email address will not be published. Required fields are marked *