GDPR – still hitting the headlines and still selling content

There’s a bit of a tendency with technology vendors to roadmap a trend, put a deadline on it and then move on to the next hot topic.

I’m not sure if any specific kind of ongoing or agile approach is applied in some tech marketing departments to monitor trend topics more often than every quarter (or longer). However back when I was a journalist, I got used to checking the pulse of a trend not every three months when there’s budget to spend, but every hour or so as I posted a new story and absorbed the subsequent traffic and reader comments.

With that in mind, I’m here to tell you about GDPR, which despite its popularity as a topic vendors could easily get behind throughout 2017 – when there was a year or more until it all kicked off in May 2018 – seems to be a little on the wane now from a marketer’s point of view.

After all, a 2018 quarter budget will take you up to March, and that seems awfully close to the wind in terms of deriving visible ROIs from your campaign before May, right?

Well, maybe, but it’s not that simple – on several levels.

The first point is simple: GDPR hasn’t happened yet, and thus is still very important to Computing’s readership. It’s a basic fact.

“GDPR is still hugely relevant to the audience. Any time I start a headline with GDPR – boom – traffic is through the roof within two days,” Computing Editorial Director Stuart Sumner tells me.

“As a case in point – we did three GDPR stories last week, and they were the top three most read stories of that week,” he confirms.

From my own research in building the Computing Enterprise Security Review 2017, I found that a vaguely terrifying 42 per cent of the UK enterprise count themselves as having only “started to prepare”, while seven per cent “don’t know” and six per cent have GDPR “not on the radar so far”. Not good enough, so say the least, and telling of widespread under-preparation.

But further, the deadline itself is only the start of the bigger picture. Come (what) May, the realities of the situation will start to appear, as fines are meted out to those many organisations who were slow to mobilise until – inevitably – retribution rears its head. There’s also a school of thought that says the ICO (Information Commissioners Office) may start to want to make examples of people to motivate others. The fallout when everyone is subject to the rules, but they’ve only just become fully clear, could be immense.

The rules haven’t even finished being prepared.

“The thing is, half the guidance around how to comply with the GDPR hasn’t even been written yet,” says Stuart.

“So it’s technically impossible to be fully compliant yet. So it’s a long way from being a done deal, or a solve problem. The ICO itself has said as much.”

It’s something I’ll always hammer home when writing research or whitepapers – GDPR is here to stay. It’s the dawn of a new process that’s not suddenly going to have disappeared and automatically, instantly assimilated in May 2018. It’ll simply have arrived, and be sitting on every CIO’s doorstep ready to trip them up.

Making it work will be an ongoing process that will most certainly last many years.

As such, the more understanding we gather as a community, the more we’re going to have to discuss with each other. And the urgency with which those conversations will need to be had is only going to escalate after May 2018.