Countdown to GDPR – a new paradigm for personal data

This was the title of the presentation I recently gave to 300 data professionals in the City of London. They were gathered to hear the collective wisdom from industry ‘experts’ about how to operationalise the changes required by the General Data Protection Regulation (GDPR), which becomes fully enforceable across the European Union on 25 May 2018.


It’s easy to listen to just one side of the privacy debate. Personal data breaches are happening at a rate of one a day, and recent examples include Equifax, BUPA, the NHS and WannaCry (aptly named, as I bet you do). 

Should we all live in fear of whether we are next? Maybe, but it doesn’t have to be this way. 

We are transitioning to an era in which individuals have both the skills and the opportunities to choose how they manage and share their personal data to achieve a range of beneficial outcomes. 

Digital evangelists such as Stephen Deadman, Global Deputy Chief Privacy Officer at Facebook, remain optimistic about the future, rather than terrified by it. 

He points out that more than a billion people on the planet use social media services every day to actively communicate and manage information about themselves with organisations and each other. 

Innovation and economic growth through data, on the one hand, and the desire to preserve our fundamental rights in respect of that data, on the other, shouldn’t be in tension or in the balance. 

But right now, they are.

Rampant identity theft and the invasion of personal and sensitive data is now a daily occurrence around the world. As a result, Sir Tim Berners-Lee has consistently called for greater privacy on the web and for people to become the legal owners of their personal data in order to control when and how it’s used.

But there’s another view. A more relaxed attitude towards the use of personal data and one that sees this as a liberating experience rather than one to be feared.

So who do we believe? 

Unfortunately, much of the debate about personal data confuses what might or could be happening with what’s actually happening. 

‘It’s difficult to conduct a mature debate or make workable policies without clearly distinguishing between fact and fiction, actual harms and potential harms, real risks and imagined risks,’ observes Ctrl-Shift, a specialist digital consultancy that works with social media giants such as Facebook.

Any debate also needs to be informed by an equal consideration of the benefits and opportunities – actual and potential – but not at the cost of the rights, freedoms and interests of the citizen.

Looking to a brighter future, Sir Tim predicts there’ll be faster networks and more intelligent computers using artificial intelligence (AI), a bit like the world depicted in the movie Minority Report, starring Tom Cruise.

Data will no longer be ‘owned’ by big corporations with sophisticated customer relationship management (CRM) and data-mining tools but by ordinary people who will make a living selling their own personal data to these same organisations.

In fact, it’s already happening.

Nicholas Oliver, CEO and founder of pays people for watching ads. In fact, big data is being undermined by companies using their customers’ data for targeted advertising purposes.

Professor Viktor Mayer-Schönberger from the University of Oxford and the author of Big Data, takes up this theme. ‘The value of Big Data lies not only in the way we use data here and now but also in the potential, future use of the volumes of data collected. The driving force for this type of Big Data business is the idea that large amounts of data equals great potential. But all that could change in the future.’

In the future, data will work in much the same way that calendars work – where each person will choose to invite certain people to share events and information with them. Ordinary citizens will have a higher degree of control than they do at present over what data they share with others and this is likely to become the new norm in the wake of the GDPR. But changing the legal landscape won’t be enough. 

Sir Tim says that in order to achieve this new state, we’ll have to build powerful computer systems that can adapt to changing environments and allow the protection of privacy to be core to that development.

The business world is slowly waking up to the future ‘internet of things’ and the new paradigm in personal data. For example, Microsoft believes that we have to think differently about data and that we should move away from the need of Big Data that has so obsessed the marketing profession for years.

We’ve also rapidly reached the point where people often struggle to tell the difference between talking to a computer and a real human. The latest Hiscox radio ad for cyber insurance boasts that it was written and performed by a computer and challenges the listener to tell the difference.

So while 2017 may go down in history as the ‘coming of age of the algorithm’, if you fast-forward to 2030… biological computing looks set to overtake non-biological computing.

Which sounds like a brave new world. Provided we are still in control of our personal data!

Ardi Kolah LLM
Executive Fellow and Director, GDPR Transition Programme
Editor-in-Chief, Journal of Data Protection & Privacy

Contact Image

Contact Us

If you have any questions, please contact our programme advisors, Hannah, Ruhi & Diana by email at or by phone on +44 (0)1491 418767.