Design Method

Are you sick of hearing about GDPR?

Mark Cuban famously declared that data is the new gold and possibly the most valuable asset that your business holds. However, in recent months there has been a noticeable shift from consumers who are increasingly wary of how companies are using and sharing their personal information. If their data is not secured and not being used to make their lives easier, they will quickly abandon their online shopping carts.


Last year Uber was caught red-handed attempting to cover up a data breach that exposed the details of over 57 million of its customers and drivers. Although these headlines are now old news, they are a great example of why businesses should already be taking the General Data Protection Regulation (GDPR) very seriously.

GDPR is the most significant overhaul in data protection in over 20-years. But, rather than fearing the change, businesses should understand its primary objective to strengthen and unify data protection for all individuals. Those that embrace the culture shift and adopt a new mindset could quickly obtain an edge over their competitors.

The GDPR legislation does not come into force until May 25, 2018. But to put the new ruling into perspective, Uber could have been fined 4% of its global annual revenue, or 20m (£17.75m) if it was in place at the time of their infamous breach. Equally, TalkTalk’s security failings in 2016 cost the company £400,000, but this fine could have been £59m under GDPR.


Fines of this magnitude will severely impact the profits of small to medium-sized business too. The government is taking GDPR very seriously and have considerably invested in making it easier to understand how to manage the general processing of personal data. However, those that ignore the compliance could be made an example off to ensure everyone plays by a new set of rules.

Securing and managing customer data should now be top of the agenda for business leaders in 2018. Companies of all sizes will need to get serious about the secure collection and storing of any personal information to be successful in reaching GDPR compliance. The new tools of the trade are trust and transparency. Easing the fears of customers who are questioning how their data is gathered and used could be seen as the secret sauce of success. But how will it affect your business?

Although the UK has voted to leave the EU, business will still have to comply with the new legislation if they are handling information about EU citizens. But it’s also worth highlighting that post-Brexit, Digital Minister Matt Hancock has already confirmed plans to replace the 1988 Data Protection Act with something that closely mirrors GDPR.

“GDPR should be seen as a business enabler that enables all departments to work as one and leverage the opportunities hidden in their stored information to explore innovations with data.”


In a nutshell, you need to think beyond how you handle customer data. All of your suppliers, present, and past employees all fall under the regulation too. Fundamentally, GDPR will affect all aspects of personally identifiable information for EU citizens. The questions you will be expected to answer are:

  • Why are you storing personally identifiable data?
  • How did you gain permission to hold it?
  • Who are you sharing this personal information with?


It’s also worth highlighting that digital data also includes paper records, a photograph, CCTV footage or any information that could be used to identify a person. Business CRM systems are also of particular interest under GDPR and you ask yourself the following questions.

  • Who information is on your CRM?
  • What duplicate records are you storing?
  • What is the consent level? Is it stated in your CRM and their contracts?
  • Who in your company has access?

On the surface, many will instantly feel that GDPR represents an unwanted hindrance to their everyday operations. But, it’s actually a perfect opportunity for your company to lead the way in a new era of greater transparency and trust.


GDPR is not just about compliance; it represents a fantastic opportunity to innovate and transform cross-team business operations. Most companies will admit to having substantial data silos that desperately need to be broken down. GDPR should be seen as a business enabler that enables all departments to work as one and leverage the opportunities hidden in their stored information to explore innovations with data.

In a digital age of instant gratification, improving the customer journey and experience is something leaders from every industry are chasing. Amazon Prime next day deliveries, on-demand entertainment and having the world at our fingertips is forcing all businesses to up their game and stay relevant in their eyes of their increasingly impatient customers.

GDPR should be seen as an ideal opportunity for businesses to rethink their data strategy and use it to enhance both customer relationships and experiences. Burying your head in the sand or treating the compliance as just another box ticking exercise will be counter-productive and will cost you much more in the long term.


The education of all staff around why the culture change is required and documenting the training is as essential in the same way that Data Protection has been for a number of years. Don’t be fooled into thinking it’s an IT or technology issue, GDPR affects every aspect of what you do, so getting buy-in from senior managers and all business functions is crucial to its success.

On the one hand, data leaks from a company that is unable demonstrate adequate data protection will suffer irreparable and costly damage to their reputation. However, on the other, those that actively promote robust and transparent data handling processes will quickly build trust and a positive relationship with their customers.

If you are brave enough to look beyond the scary headlines of large fines, bad publicity, and even legal processes will find an opportunity. GDPR should be embraced with open arms, rather than feared and those that get on board early will secure an early advantage over their competitors. Which path will you choose to take?