The true cost of GDPR for British businesses

In advertising, there is a general understanding that you need to be exposed to a message multiple times until it is absorbed into your psyche.

Unfortunately, despite the best efforts of the government, law firms, industry press and trade associations, knowledge of the impending General Data Protection Regulation (GDPR) within British businesses is still patchy.

Almost one in three businesses polled by 4D have still not heard of GDPR. To be fair, there have been plenty of other Brexit and Trump related distractions in the past six months, but this isn’t a peripheral piece of legislation that only affects marketing and data processing companies.

>See also: Change is coming: the GDPR storm

In the modern information age, almost every company is becoming ever more reliant on the storage and processing of data. For some, customer data is the core of their business, hence the adage, “if you’re not paying for the product, you are the product” (see Google, Facebook and Twitter).

It’s not surprising therefore that customer data becomes an ever more valuable product and attracts more attention from cyber criminals and hostile government agencies.

Lock up your data

Companies have until March 2018 to ensure their data systems are robust enough to prevent a breach or submission to the Information Commissioner (ICO), whose enlarged powers mean it can impose hefty fines of up to 4% of turnover on businesses who have become victims of data loss.

For some companies this could amount to a serious fine – if Tesco had been subject to the rules of GDPR following the hack on its bank back in November 2016, it would have potentially faced a fine of £1.9 billion.

And yet, of the three quarters of businesses that had heard of GDPR in 4D’s recent survey, 69% would choose to keep it even after we leave Europe.

In addition, nearly half (46%) are fully prepared to absorb additional costs incurred through direct marketing mandated by the regulations – estimated to reach an additional £76,000 a year. This is a sign of maturity. Businesses recognise that data is important and needs to be safeguarded.

>See also: GDPR still stands for UK businesses

Saying that, whether they want GDPR or not is immaterial. GDPR is a European export but Brexit isn’t a get out clause. If British businesses still want to trade with Europe, they’ll need rigorous data laws, equivalent to GDPR – in Euro speak we will need to demonstrate ‘adequate compliance’.

Given that the UK had such a strong hand in drafting the legislation, it stands to reason that we won’t be tossing the baby out with the bath water.

Besides, Brexit won’t happen until well after March 2018, thanks to the Supreme Court ruling, Labour and SNP’s promise to table amendments at every available opportunity and the two-year negotiation period once Article 50 is finally triggered.

Britain first

One of the worrying statistics we found in 4D’s survey was that 52% of businesses who are aware of GDPR believe it will have little to no impact on their business.

That didn’t, however, stop a significant number of businesses looking to mitigate exposure to risk and interruptions, by embracing British hosting providers.

>See also: GDPR: The catalyst for a global digital transformation

One of the effects of GDPR is that more businesses are planning to shift their hosting away from the international cloud.

With the stakes even higher with the introduction of GDPR, non-compliance or data breaches will come at a very heavy price.

Businesses are also seeking greater control of their IT infrastructure, either through the use of private clouds or colocation. As with free (or cheap) social media, SaaS or cloud providers, companies are waking up to the reality you get what you pay for.


Sourced by Jack Bedell-Pearce, managing director, 4D

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...