The Information Commissioner’s Office has described the new GDPR laws as “the biggest change to data protection law for a generation”. Businesses will face a maximum fine of up to £17 million or 4% of global turnover, if they breach the EU rules. These are critical, but turbulent times for businesses across Europe. However, if organisations of all sizes play their cards right, GDPR can be transformed from a compliance nightmare, into a business advantage.

GDPR has been described as the biggest overhaul of online privacy since the birth of the internet. We’ve all been hearing about compliancy but with the dust beginning to settle, what’s next for businesses now this new chapter of data regulation has been opened? Host Paul Henley welcomes Ardi Kolah, Director of the GDPR Programme and author of the GDPR Handbook, and Jon Rees, Managing Director and Data Protection Officer at Barclays.

Competitive advantage

“General Data Protection Regulation is generally seen in a fairly negative light, particularly by organisations. But I think there is a huge opportunity to differentiate services based on trust. The consumer gains from interaction with any institution,” according to Managing Director and Data Protection Officer at Barclays, Jon Rees. He adds: “Our recent research has shown that the number one concern – across many different demographics and usages – is security of customer information, and how it’s being used. There’s a competitive advantage to be had by applying GDPR in a positive way.”

Consistency by design

As a ‘complex corporate’ itself, Barclays has seen another major benefit of GDPR, and that’s the obligatory enforcement of good practice and consistency by design across organisations, in terms of the harmonising of data systems. While it’s still early days, transparency is fast-becoming the buzzword of GDPR’s inaugural year.

Consumer confusion

There are, predictably, some areas of confusion that are emerging, especially for consumers – in part accelerated by miscommunication. People are confused about what their individual rights are when it comes to personal data and consent, and right to deletion. Some are interpreting consent as: ‘unless I’ve given a firm my approval, it has no right to use my data’. While this is not correct, the lack of understanding is unsurprising, given the complexities of GDPR and it being in its infancy. However, this is where businesses can once again shine. Those that are helpful, and offer clear communication with their consumers on GDPR, will come out on top as trustworthy brands that always put the customer first. A more consumer-centric approach is, after all, at the heart of GDPR.

Grey areas

What is less clear, however, concerns non-EU companies dealing with the data of EU nationals. Without a doubt, all organisations across all sectors are at the start of a journey, not the end, when it comes to the implementation of GDPR. There has been so much focus on firms within the EU and what they’re doing, that not that much light has been shone on the extra-territorial impact of GDPR. And then, of course, Britain’s departure from the European Union may throw up more challenges when it comes to the nuances surrounding these new laws.


“From a data perspective, the UK Government is being very clear about following continuing GDPR post-Brexit, with data protection being one of the areas where the UK has gone furthest forward in saying it’s fully aligned with the EU. The UK government is proposing a fully harmonised approach, with the UK retaining very active participation in all aspects of GDPR. Whether that’s actually possible, following the negotiation process, remains to be seen.” according to Barclays’ Jon Rees.

Insider view

Back at home, Barclays itself has been undergoing a vast, two-year GDPR implementation programme. From its own experience, reigniting trust in its customers has been a huge positive to the new regulations, despite the implementation challenges. It’s also seen some demonstrable benefits to understanding inside-out the way in which it handles and communicates the handling of data. “If you do it well, you differentiate yourself by building trust. While it’s been a heavy lift to get there, over time people will hopefully find it much easier to keep on top of,” adds Rees.

With rules, come rewards

Businesses may well have EU ePrivacy Regulations arriving next, hot on the heels of this revolution in data laws. But, now that most of the ‘heavy lift’ has been done with GDPR, businesses that adopt a consumer-focused mindset, based on transparency and trust, will be able to turn these new rules into great rewards.

To find out more about how Barclays can support your business across Europe, visit:

The Reuters editorial and news staff had no role in the production of this content. It was created by Reuters Plus, part of the commercial advertising group. To work with Reuters Plus, contact us here.