☰ Menu

Will the GDPR make me a millionaire?

18th May 2018

The implementation date for the GDPR is only a week away. If you have been following this series of weekly ‘Just One Thing This Week’ blogs then we hope you’re fairly well prepared – or at least know what you still need to work on.

Anyway, give yourself a minor diversion and read about my Cunning Plan…

I’ve been doing some sums.

The Office for National Statistics (www.ons.gov.uk) reckons there are c.47,000 UK enterprises that employ 50 or more people. Let’s use that as a very rough proxy for the number of UK firms engaging in some sort of formal marketing and customer management/experience activities.

The ICO tell us (www.ico.org.uk/media/about-the-ico/documents/2014518/annual_operations_report_201617__pecr_concerns.png) that in 2016/17 they imposed financial penalties totalling £1.9m on just 23 organisations for Privacy & Electronic Communications Regulations (PECR) infringements. The scope, volume and size of penalties imposed on errant businesses by the ICO are all likely to increase in the future (but don’t hold your breath for a 4% of global turnover fine). So, let’s imagine that next year the ICO’s fines total £5m.

In which case if each of those companies paid somebody – me, for instance – a £1000 “GDPR insurance premium” annually I could guarantee to pay any fines. And pocket c.£45m for my trouble. Wouldn’t that be a lot less hassle all-round for everybody?

Money

The odds of the ICO coming knocking and going on to fine an organisation are infinitesimally small (Ok, less than 0.05% according to my crude calculations) so why don’t we all just insure against the risk?

Well, I suppose

  • I’d need someone to underwrite the risk
  • not every company would be willing to pay
  • and no doubt some so-called expert will point out that you can’t insure against the risks of illegal activity

In fact that last point may be the crucial flaw in my genius plan. Shame.

But if it would work, wouldn’t that be a great solution to the GDPR problem?

No, not really.

  • Even without the GDPR, consumers are becoming aware of the treatment of their personal data and their rights like never before
  • Your customer-facing colleagues need to be equipped with the knowledge and tools to navigate this new world
  • Data-driven marketing is changing radically – established techniques may not work in the future
  • The ICO doesn’t just impose fines. Their enforcement actions bring potentially considerable reputation damage – and in future they are more likely to demand organisations stop certain types of data processing
  • Data transparency will entail a cultural shift for most organisations – that’s never just a quick fix

So, I won’t be a millionaire by 2019 and we all still have plenty to do

We use essential cookies to provide necessary website functionality, we would also like to use additional cookies for additional functionality and third party cookies to track your visit, please accept or reject to inform us of your preference.