GDPR – what’s it all about?

Since the Data Protection Directive of 1995, the world has changed. The amount of data that we now willingly (or perhaps unknowingly) give to organisations about our contact details, date of birth,  interests and location every day is significant, and provides the potential for organisations to understand our habits and preferences perhaps in more detail than we recognise ourselves.

The 00s was all about ‘big data’: how to use the huge amount of data that can be harvested about an individual to a company’s advantage. Since then, this has been refined and made to sound less threatening, so we now talk about ‘personalisation’: how can we deliver consumers the most relevant and interesting content, often with a view to creating a preference or persuading a purchase decision. However, with the awareness of ‘fake news’ and the ‘social media bubble’ on the rise, the darker side of personalisation is becoming better understood, and we are beginning to trust the ‘reality’ of our online experiences less and less.

It is in this context of society that the General Data Protection Regulation has come about. In 1995, the Data Protection Directive was appropriate for the level of data collected. 20 years later, the world of data looks very different, and an update that aligns regulation with today’s (and future) technology is very important. Although the principles of data protection remain the same, the GDPR, as a regulation rather than a directive, will become law.

A few of the main points for businesses to know about the GDPR are as follows:


No longer is a pre-filled tick box with tiny text next to it going to wash. Consent to use personal data must be given in an easy to understand and accessible format, and it must be distinguishable from any other matters. Consent is also only relevant for the particular purpose on which the data has been collected, and you must be able to prove that someone has consented (or opted in) to you using data for this purpose.

Increased territorial scope

This is particularly relevant for the UK in light of the triggering of Article 50: the GDPR applies to all companies who use the personal data of individuals that live within the European Union, no matter where the company is located. This means that companies using data of anyone within the EU will have to comply with the GDPR – Brexit isn’t an excuse to ignore this!


If a company is in breach of GDPR, they could be fined up to 4% of the company’s annual turnover, or €20 million – whichever is greater! Although there is a tiered approach to fines depending of the severity of the breach, the level of the fine would be particularly crippling for small businesses, and should be a strong incentive to get data handling and use procedures in place.

The GDPR comes into force in May 2018, so it is important for businesses to familiarise themselves with the legislation and get processes and procedures in place.

Back to all news & views here

Graphic demonstrating news content
PR - more than just winning words

PR - more than just winning words

How do you persuade sceptical colleagues of the benefits of PR? Clear's PR and Content team offer advice to help convince doubters that PR can be one of the most powerful tools in your marketing communications armoury.

Want to know more about Account-Based Marketing?

Want to know more about Account-Based Marketing?

Account-Based Marketing – or ABM – has become a real talking point across the B2B world. Have a look at our Clear guide to get a better understanding of what it is, why you should consider it, and how it's done.