Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

EU GDPR: a year to go and a blessing in disguise?

One year from today your organisation needs to be compliant with this new regulation. Failure to do that could bring fines of up to €20 million or 4% of company turnover, whichever’s greater. That means you’ve no choice but to get in the right shape. And we think getting in shape for GDPR brings fantastic opportunities – not just more bureaucracy.

GDPR’s a game-changer

We’ve been working with clients to help them work out the impact of GDPR, mobilise and deliver programmes to ensure compliance – and to deliver business benefits. We think you have a choice. You can treat GDPR simply as another compliance issue, but in doing so you risk limiting your business.

The new requirements around unambiguous consent and the right to erasure means that organisations need to rethink how they manage consent with clients and customers. You’ll need to put the power of consent in the hands of your clients and customers. The organisations that do that well will find they build a greater level of trust.

So GDPR offers a great opportunity to demonstrate to your clients and customers just how important their personal information is. Those that build a greater level of trust will be able to better make use of their clients’ or customers’ information (while still being compliant with GDPR) for everyone’s benefit.


The GDPR is a game-changer. Learn how PA is helping clients make the most of this opportunity.

Find out more

Leaving the EU doesn’t make a difference

The UK Government will follow the regulation after we leave and it applies to any organisation which holds personal data on individuals – we’re talking to clients in the USA and Middle East who have to follow the rules. Compliance with the GDPR requirements is mandatory for all organisations that handle the personal data of EU citizens.

It’s important to act now

So, if you haven’t done them already, there are three things you should do now:

  • carry out a detailed gap assessment against GDPR requirements

  • define and shape an appropriate remediation programme in the light of what the gap assessment reveals

  • identify opportunities to use data to improve decision-making and customer experience.

With that done, a year from now you’ll be confident you’re on the right side of the law. You may be offering an innovative product or service you didn’t realise your customers wanted – and brought in new customers to boot. You may even have disrupted your market. All that from what others will see as a straightforward box-ticking exercise. It's time to take customers seriously. Embrace the opportunity.

Contact the author

Contact the digital trust and cyber security team

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.