Data Protection: GDPR, Brexit and the commercial opportunities in proactive compliance

Written on 22 Mar 2017

Data protection is not just a compliance burden; it’s a business opportunity and increasingly a market differentiator.  For those businesses who lay the right
compliance foundations the rewards stretch from trusted brand status to financial gain from data exploitation. Those who don’t risk press scrutiny and increasingly large fines.

Why does data protection matter?

There are plenty of reasons to take data protection seriously: regulations demand it, customers expect it and competitors will seek to exploit the
opportunities it can present.

Regulations coming down the tracks will place even greater scrutiny on data protection compliance. The current regulatory framework in the
UK is about to undergo a radical overhaul with the European General Data Protection Regulation (GDPR) coming into force on 25 May 2018 (we’ve produced an infographic on steps you can take to get ready for GDPR compliance here and a detailed guide on being ready for the GDPR here).

In a nutshell, the GDPR takes data protection regulation to a new level; introducing higher levels of complexity and stricter requirements, with fines
of up to the higher of €20m or 4% of worldwide turnover.

As a European regulation, the introduction of GDPR will of course be affected by Brexit, which is currently expected to be formally implemented at some
point in 2019
. We look at what Brexit means for data protection laws (including the GDPR) in the UK here.

What’s the upside?

Focussing on data protection compliance does much more than help tick a compliance box – there are many potential commercial benefits, including:

  • reducing cyber attack risk, alongside the bad publicity that comes with it 
  • the use of anonymisation tools helps many business create un-personalised datasets that help identify internal efficiencies, or create data intelligence that can be pooled with other data for greater effect and/or sold to third parties
  • harnessing a company’s data assets can be key to building deeper relationships with customers
  • increasingly data protection compliance is a serious discussion point for buyers, investors and valuers in corporate transactions (particularly at the due diligence stage)

There’s no escaping the administrative burden that comes with data compliance, but those who embrace the challenge have the biggest opportunity to
harness the gains from the power of data.

We’ll follow up this blog with more tips on compliance best practice, how to prepare for cyber attacks and data breaches, and how to commercialise data assets.  In the meantime please do get in touch if you would like to discuss any of the issues mentioned above.