It’s 3 months until GDPR is enforced - have we hit the panic button?

Don't forget to share this post!


The social conversation around GDPR is growing, but are we learning anything?

GDPR is a once-in-a-generation event - the most important change in data privacy regulation in 20 years, and one that is looming large now as we get ever-closer to the enforcement date of 25 May 2018. While the bureaucrats have been talking about it for years, it’s only been in recent months that the urgency has trickled down through marketing teams, and we’ve all begun to pay close attention.

We’ve now got just three months to check our data management processes before facing fines of up to 4% of global turnover or 20m euros.

Marketers all over Europe are beginning to panic; the volume of conversation and debate online is increasing since the year ticked over from 17 to 18. Social chatter concerning security and privacy has doubled in recent months and the last four months has seen over 300,000 posts relating to GDPR in the UK alone.

What topics are driving GDPR chatter?

There’s a lot to discuss when it comes to GDPR. Using Radarly, we narrowed focus down to three of the main conversation drivers here in the UK, and found overall volumes of 184k over January and February 2018.

Privacy and Security concerns

Privacy and security are huge talking points in the world of GDPR; 41% of social conversation in our key topics surround them. While marketing thought leaders are concerned about consent, other organisations are talking about privacy issues for vulnerable groups such as children, employees, and consumers who are at risk of data breaches.

Here we bring in the right to be forgotten, and privacy by design - both familiar concepts in data protection across Europe, they are now enshrined in law thanks to GDPR. It’s a relatively new concept for many of the non-EU companies who will need to comply with these regulations. Only data which is absolutely necessary for “completion of duties” can be stored and processed, but what that actually means is still a matter of debate.

Case in point: it may soon be illegal for employers to research the social media accounts of job applicants. And, how will a data breach or misuse of personal data affect future sales? In fact, the words “data breach” were used in 2% of total GDPR mentions over our research period; it’s not surprising this is a worry considering the hefty penalties for non-compliance.

What makes for “compliant” data handling?

Data management as a topic drove 38% of conversation during our research period. The buzzword was #compliance, and the Information Commissioner’s Office had the most widely-circulated post of the period. A simple, visual 12-step guide covering the key things to know about GDPR garnered 50 retweets in quick succession.


Industry-specific conversation was rife in data management, particularly in legal, health and education. Fear-mongering was deployed; tech influencer @NeilCattermill reckoned 40% of banking firms are not prepared for GDPR.

Information-sharing was another driver of data management conversation, and we can see plenty of webinars, seminars, podcasts and blogs putting their own spin on compliance. Some, like Sage UK, brought GDPR compliance into discussions around how tech is affecting business practices, and other regulation such as #makingtaxdigital.

How do you define, gain and manage consent?

This is the one that marketers are really uncertain about: what impact will the new rules around consent have on marketing strategy? Our research showed there is a common misconception that consent is all that you need in order to comply with GDPR; and social conversation centred around busting the myth that only consent matters. Heading back to the oracle that is @ICOnews, we see prolific posting directing users to various guides and resources.

But there is a difference in opinion as to how important consent alone is. Some argued that legitimate interest overrode consent as a category for GDPR compliance, such as this from marketing strategist @ComendadorMBF on Twitter.

Who do marketers turn to for advice?

Search for #GDPR on a social channel and you’ll find plenty of organisations trying to get your attention through webinars and “download our guide now!” (While, of course, collecting your data in exchange for said guide or webinar.) There are a few emerging thought leaders online, though; experts who have made it their purpose to share information and calm down the UK’s marketers.

Organisations leading the Twitter conversation for marketers include @MarketingWeekEd and @DMA_UK, while tech companies are heavily involved, too (see @sageUK, @DataVault_UK, @Jisc).

If you prefer your information to come from a human rather than an organisation,influencers in the GDPR space thus far this year identified by Radarly include:

  • Thomas Power, Member of the Board of Directors at tech company 9 Spokes, whose 24 posts gained a reach of almost 500k and impressions of 6.12 million (@thomaspower)
  • Conor Coughlan, Global Head of Marketing - Risk, Regulation and Compliance at Thomson Reuters, whose 76 posts gained a reach of almost 400k and impressions nearing 5 million (@capital_finserv)
  • Neira Jones, independent advisor and international speaker - an influencer in digital innovation, fintech and information security - who gained almost 2 million impressions and 157k reach from 173 posts (@neirajones)

So what happens now?

Whether you like it or not, GDPR is coming - and if you haven’t been thinking about it, time is running out. We are less than three months from compliance deadline and the fines - up to 4% of global turnover or 20m euros, whichever is higher - are not worth risking.

Much of the conversation is wrapped up in the notion of consent, but in fact there is more to GDPR than ensuring compliant opt-ins to your marketing. In this increasingly data-driven world, GDPR is designed to protect and empower all EU citizens, and to reshape the way organisations across the region approach data privacy.  

The knock-on effect is that GDPR doesn’t just impact European organisations; one of the biggest changes is that the regulation applies to all companies processing the personal data of “data subjects” residing in the EU regardless of where the company is located. That means if your company is in the US and you collect the data of an EU citizen, you must comply with GDPR.

Finally, the most commonly-used emoji to express sentiment towards GDPR? We’ll let you decipher what this means...

Read More: 5 Reasons To Start Social Media Listening

Don't forget to share this post!