Published: 24 May 2019

Reading time: About 4 minutes

25th May 2018. The date that the General Data Protection Regulation was implemented throughout Europe. We are now one year on from the legislation coming into force and in this interview with our CEO Simon Cole, we ask what has happened in that time and what has changed for organisations.

“GDPR-day was the big deadline last year. Everyone was focused on that date – getting a GDPR policy in place, cleaning up databases and sending the “Do you still want to hear from us?” emails.

What organisations didn’t achieve was to understand their exposure to the GDPR across all of their data; it was too big an ‘ask’ and organisations couldn’t do that in time.

We have now had a year to reflect on this and what we’re seeing in the market at present is a real spike in companies realising that they need to get control of their data and undertake action to do so.

Pre- GDPR, this just wasn’t a tangible threat in the boardroom. What the GDPR has done is bring that to the fore.

When we’ve been speaking to CIOs or IROs over the past year, this is something which is much more on their radar and they talk about it as one of those core issues alongside regular challenges such as storage costs, platform integrity or data security.

Understanding all data, bringing it under control, and making sure it’s compliant is now part of the vernacular.

  • Data Risk = Financial and Reputational Risk

The real ‘gotcha’ with the GDPR is the hidden information.

A typical organisation will have lots of data spread across multiple repositories – some in Legacy ECM solutions, some in SharePoint, some in Exchange, some in fileshares etc.

Hidden within that will be a lot of personal information about employees, clients or customers which has fed its way into that data over time – and it’s lying there as a risk.

If any of that information were to be exposed, obviously there will be a significant fine, and we’re starting to see this happen. Companies are now aware of the risk and are putting aside funds to cover any potential penalties.

But whilst there is a monetary risk to the organisation, much worse is the reputational damage.

If you think of financial services for example, it is so easy for a customer to change banks. If there is a realisation that information isn’t being properly managed or that the company doesn’t know where that data is, then it is so easy for customers to really lose faith. And switch.

  • Solving the Data Challenge is Simple

Understanding data can seem very daunting for organisations.

Over the past 12 months we’ve heard so many companies say, “We just don’t know what we have or where the information is”, but what we are telling people is… it’s very simple to find out.

A straight-forward discovery against data can be done within a matter of days. This can give an overview of the information and can help companies on that journey.

Organisations have tried to solve the problem in one go, with large digital transformation projects, but without ever answering the simple questions.

Thanks to significant advancements in the technology and platforms, this is no longer many months of effort, as historically was the case.

Lack of insight and ability to plan often results in delayed or failed projects.  Planning a future information strategy without knowing what you already have is the same.

For us, the GDPR has helped organisations come to terms with why they need to care about what’s in their data. Understanding the shape and the size of the data problem is the next step to allow them to put a future business strategy in place.”

For more information on our data management platform AI.DATALIFT and our GDPR application, visit