GDPR a good news story

Darren Wray, CEO, 5th StepBy Darren Wray, CEO, 5th Step

I’m sure you read that headline a couple of times and no it wasn’t there just to catch your attention, I truly do believe that the new European Data Protection regulation that comes into force on May 25th, 2018 is good news for members of European chambers and here are some of my reasons.


Privacy by Design

Privacy by design is part of the requirements for GDPR, it requires organisations who are collecting and processing personal data to not only implement data privacy, but to design it into their business processes and computer systems from the outset.

How is this good news? Well, privacy by design is what all of your clients and customer are expecting you to be doing already. When firms have a data breach, the reputational damage that they suffer is the measure of the gulf between the client’s expectation and the reality.

European businesses by adhering to a higher standard are going to be less likely to suffer a breach and are already being seen as companies that can be trusted because of their use and approach to the processing of personal data.


Efficiency Improvement Opportunity

We all know that there are some business processes within our organisation that were implemented some time ago and are perhaps less efficient than they could be. But the work to track these processes down and make the changes doesn't make a good business case.

With the implementation of GDPR, many business processes that haven’t been optimized for many years now have the opportunity to be brought up to date and to deliver the improvements and increases in efficiency that a modern approach and a fresh review can bring.


Optimized Data Storage

Many organisations have become lazy in their approach to managing the retention of their data. The cost of hard drives versus their capacity is measured in pennies and cents, this has led companies to expand their capacity, with some suggesting that they have a "keep everything forever" approach to data retention. The trouble is that the raw cost of storage is a poor indication of the total cost of ownership (TCO), which has to include the cost of keeping the data available (electricity, maintenance contracts/people, backup media, replacement drives, etc.).

The GDPR is going to force firms to be able to justify their need (aligned with the data collection purpose) to keep the data for an extended period of time. When most companies come to look at the data that they have and the rationale for keeping and maintaining it, they are likely to conclude that they need to keep (certainly the personal data) for a far shorter period of time than they previously intended.

Yes some organisations will choose to anonymize the data so that it no longer identifies a person or includes personal data, but I predict that companies have the opportunity to reduce their data storage costs over the next few years, as old data is removed from online storage, data archives and backup media in response to firms complying with GDPR.


New Business Opportunities

Whilst most people don’t recognize it, their data is valuable, in fact far more valuable than they think. Don’t believe me? Take a look at almost any business case for a Silicon Valley-type start-up and you will see phrases such as data monetization, data excavation and data mining appearing quite commonly.

Don’t misunderstand me, I along with probably many of you, have and do benefit from services that are free to the end user, on the understanding that I will provide some information about me, my preferences etc., so I am certainly not anti-data monetization. I do, however, feel that the pendulum may have swung too far in favour of the company, whilst forgetting about the person to whom the data belongs or is about.

As there are more data breaches that capture the public's attention I believe there are more opportunities to form new businesses that are perhaps monetized differently or demonstrate their respect for the individual whose data they are using. European businesses, with their background and established reputation in this area, are ideally placed to take advantage of these opportunities. Wouldn't it be great if the next Facebook was a European company, that made data and data privacy a core differentiator?


Procrastinate No Longer

If the members of your chambers are not making the right levels of progress on their GDPR implementation projects yet, then now is the time to be encouraging them to get started or to pick up the pace; not because of the potential for large fines or the other reasons that the fearmongers talk about, but because there are opportunities to improve their organisation, the way that it runs and even the opportunities that it has that may not be recognized or achievable without it.

 Darren Wray is the CEO of Fifth Step Limited, a company that is helping organisations to become GDPR compliant and to realize additional benefits whilst doing so.

You can find out more about Fifth Step at and you can find Darren on LinkedIn. Darren is also the author of The Little Book of GDPR which is available in paperback and ebook formats from Amazon.


5th Step is a COBCOE Corporate Partner.


Window into Europe