data's perfect storm

Almost exactly a year ago I predicted a perfect storm of an issue.


I predicted that GDPR would stay very low down the corporate priority list and at the very last minute there would be a massive rush for compliance with email after email flooding in to my inbox asking me to click or check or do anything to confirm that I want to carry on hearing from them.


Many of these emails come from companies that I don’t even know or didn’t know they had my personal data. And so I don’t act.

Some companies are determined to buy my love with some special offer or free gift (technically that’s not legal but let’s not get worked about that).


What I absolutely did not predict and couldn’t have seen coming was the massive Cambridge Analytica /Facebook issue. I must admit I had seen the flaw in the Facebook model quite a few years ago, it was easy to harvest all sorts of information about individuals on Facebook, you just weren’t supposed to do it. That is the data equivalent of putting a marshmallow in front of a four-year-old and asking them not to eat it until you come back in 10 minutes.


I’m stunned that no one else has been found out eating the marshmallow yet, because Cambridge Analytica are not the only one, let’s not kid ourselves.

All of this has heightened the sensitivity of consumers to data and their rights. Even the more liberal millennial's who have been assumed not to care about their data, are waking up to the “cost” of Facebook.

You give them your data and they give you Donald Trump.

With all of this going on, who on earth would give you permission to keep holding their data?

The answer comes down to two basic reasons for me:

  1. Trust: companies that consumers trust to be honest are more likely to be allowed to hold data by those consumers.
  2. Communication.

The first issue is not easy to fix, but it is a salutary lesson to all. Brand is a key driver of trust, and brands that build trust get to enjoy closer relationships with their customers. The components of this are more than just a pretty logo and/or advertising campaign; brand is something that exists in all the contact points the company has with the consumer.

The second issue is easier to fix. Stop letting the compliance/risk team write your copy.

Here’s some great recent examples lifted from my inbox, see if you recognise who has had a hand in writing them:

You may have heard the new data protection regulations are changing in May. We need to make sure you want to stay connected with us, so you don't miss a thing — such as geospatial news; information on our exciting innovation projects; product news and events.

Just let us know what you'd like to hear about and how you'd like to be contacted by clicking the link below. If we don't hear from you by 25 May 2018, we'll no longer be able to contact you.



You are receiving this email as part of XXXXX’s efforts to comply with the GDPR regulation coming in May of 2018.

During the next month, we request that all of our contacts in the European Union and United Kingdom grant us specific consent to continued use of your contact information. Upon receipt of this message, please click the link below if you would like to continue to receive newsletters, updates and other information about Appian electronically.


Prior to May 25, 2018, if XXXX does not receive your consent to continue to store and use your personal information, Appian will automatically delete it from our systems.



If you would like to continue receiving our regular updates, including the M&A Monthly, deal announcements and other news, then please click on the link below to confirm your name and e-mail address.



The rules about how we communicate with you are changing.

Simply click below to keep receiving the latest intelligence from X&Y’s analysts and consultants to help you navigate the current era of innovation and disruption.

Click "In" to consent to receiving X&Y’s marketing communication and be the first to receive updates on disruptive technologies, Mega Trends and new business models to help create a continuous flow of growth opportunities to ensure future success.



Hi ianchughes,

We've updated our Terms and our Data Policy. Please take a moment to let us know that you agree to our updated Terms to continue using XXXXXX.

Your XXXXX experience isn't changing, and you still own your photos and videos. We are giving you better ways to access your data and understand how it's used.



That’s just a few from the last week.

I haven’t clicked on any of them. I am lost.

And here’s the thing, because I haven’t clicked the link there is no coming back to me and asking “are you sure?” I am gone.

It’s going to be really interesting how this affect the models of companies. It is also interesting to note that in a lot of cases these companies didn’t need to ask me to consent. They might have been able to rely on legitimate interest.

As the information commissioner says: “You can rely on legitimate interests for marketing activities if you can show the way you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object to what you are doing — but only if you don’t need consent under PECR.” And please note “there are different rules for marketing to companies and marketing to individuals (which includes sole traders and some partnerships). In general, the rules on marketing to companies are not as strict.”

So that’s as clear as mud, but put simply all of these companies have lost me but they might not have needed to disturb my inbox at all.

GDPR is here! And so is a lack of trust in companies and what they do with data.

Those that work hard to be clear and build trust are about to get a massive competitive advantage. Those that don’t read the rules or don’t follow them are about to get an enormous wake-up call.

But the long-term trajectory of this is interesting. Consumers are waking up to the fact that you can no more take their data than you can take money from their wallet (without their permission). They are also growing up to the fact that the contract of value is actually massively underplayed at the moment. Facebook makes £12 per user per month in the UK. No one would pay that for the service.

As we move forward into the future these models will change and evolve, being on the trusted end of that equation is crucial.


Read more on GDPR


Delete Day: How GDPR and ePrivacy could be an opportunity or an apocalypse



Data is the lifeblood of the modern insurance industry. It influences everything from pricing to claims, and insurers are constantly searching for the right data on the right customers. Without data, the insurance industry just ceases to operate...


Download GDPR Delete Report






Post a comment . . .

Submit a comment

You may also like

Get Ready for Delete Day
Get Ready for Delete Day
25 May, 2017

Get ready with your delete key. The 25th of May 2018 is Delete Day, that’s the day that you are going to have to delete ...

GDPR Count Down: 11 Months Until Delete Day
GDPR Count Down: 11 Months Until Delete Day
22 June, 2017

The deadline is looming on the horizon. It’s 11 months until brands could be forced to delete all the data they hold on ...

GDPR: Legitimate Purpose Is No Excuse For Being Drunk On Data
GDPR: Legitimate Purpose Is No Excuse For Being Drunk On Data
28 September, 2017

Imagine waking up in the middle of the night and finding a drunk stranger at your bedroom door. They have staggered into...