Data privacy: from a 'one size fits all’, policy based approach to a risk and process based modelUnless you’ve been living under a rock for the last few months, you’ve almost certainly heard about the General Data Protection Regulation (GDPR).

Despite the decision being taken to implement the regulation in 2012, it has taken 4000 amendments; a feisty parliamentary debate and strong pressure from lobbies and internet companies, for the new regulation to come into force on 25th May 2018, almost six years later. The GDPR marks a drastic change in the way we will have to handle privacy, no longer is it simply a compliance exercise, data privacy will instead become a matter of (good) corporate governance.

For organisations that have already taken the decision to integrate GDPR into corporate governance, the roadmap to compliance may not be as complicated – but the key point is that the GDPR will introduce a new approach to privacy and data governance, making it process and risk based rather than purely policy focused.

It’s a cultural shift – and a very positive one. Whilst data is seen as the most important asset businesses have, citizens do not seem to trust organisations handling their information and it’s hard to blame them after the recent news about data breaches in the NHS or Halifax.

Taking individuals rights seriously will almost certainly provide businesses with a competitive advantage. Empowering your client base by asking them to decide how they want to receive information, making privacy part of the customer journey and being very clear with customers about what happens with their data will help businesses thrive and leverage their main assets, data and customers

These days, there is a lot of buzz around GDPR with new products popping up every day – be it a new tool around consent or a new system to analyse the data you hold. These solutions are leading the way and it is good to see so many organisations coming to terms with the importance of good data governance.

However, there are also a lot of myths and fear mongering announcements, from huge fines about to hit companies to claims that all data must now be encrypted.

GDPR is first and foremost a transformation programme and good programme management is therefore a key part of it. Second, GDPR is about a cultural shift within organisations and needs the whole business to pull together in order for it to be successful. Finally, the GDPR is about risk assessment and creative solutions focused on the nature of each individual business – and this is where legal and technology pull together, as technology is there to leverage privacy and make it work.

Ultimately, this is a great chance for organisations to become more competitive, improve customer care and improve global reach, as GDPR may become the international standard for the protection of personal data not only the EU, but globally. Good strategic advice is crucial to success and provides the ability to make the most of the opportunities ahead.

If you would like to find out more about GDPR you can visit our dedicated pager or you can download a number of our thought leadership pieces:

Alternatively if you would like to contact us please do so on +44 (0)20 7090 1091 or at



Article Author.

Ivana Bartoletti

Head of Privacy and Data Protection
Ivana Bartoletti is the Head of Privacy and Data Protection at Gemserv. Her years of experience in the field span... Read More From Ivana Bartoletti

Our Latest Insights.

Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.


View All Insights

Say Hi.

Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.

Gemserv will use your details to get in touch with you and to send you information about our products and services that you have requested, in accordance with our privacy policy. You can, of course, opt out of these communications at any time!

Get In Touch

Want to find out more?

Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.
Sectors Capabilities Our Insights Careers