Welcome to 2017 and the Future of Data Protection | DMA

Filter By

Show All

Connect to


Welcome to 2017 and the Future of Data Protection


2017 is the final year for businesses to adapt to the General Data Protection Regulation (GDPR) before enforcement begins in May 2018.

However, there are many other factors complicating the situation for the UK. The vote to leave the EU is clearly among them but the EU Commission is also in the process of revising the ePrivacy Directive and replacing it with the ePrivacy Regulation.

These points pose challenges but they also present opportunities. DMA Group CEO, Chris Combemale, spoke at a meeting in Parliament for an Exeter University event, laying down a challenge to the UK to become a centre of the global digital single market, with a unique competitive advantage.

The data-driven economy is an engine of growth in the UK. The Tech Nation 2016 report published by Tech City and Nesta, shows this with some headline stats about the sector DMA Members work in: £160 billion contribution to the economy, growing 32% faster than the rest of the economy, 1.56 million jobs with 12% of them in data management and analytics solutions, 11% job growth versus 4% in the rest of the economy and salaries that are 36% higher than the rest of the economy.

The UK is a leader in this space, particularly in marketing and advertising. In a series of four reports entitled Ad Pays, the Advertising Association has laid out the case from a variety of perspectives: for every £1 spent on advertising it generates £6 for the economy. So £17.5 billion of annual expenditure generates more than £100 billion of incremental activity. Advertising services are a major export sector with $4.1 billion of export services, almost all them involving data in some way.

While all this is well and good, the success of the UK’s digital economy relies upon a robust data protection framework that strikes the right balance between innovation and privacy.

The Information Commissioner explained this point well when she said, “It’s not privacy or innovation – it’s privacy and innovation”. This point is perhaps best illustrated by Venture Capitalists in Silicon Valley who now consider an approach to privacy and potential compliance with global standards of data protection as an essential component of due diligence before making investments in the latest start-ups.

The GDPR does strike the right balance between those two factors and so it is extremely important that the UK implements the legislation in full and maintains a strong standard of data protection law after the UK leaves the EU.

Moreover, the UK needs to ensure that it obtains adequacy status by the EU, which will mean the UK can continue to trade data freely right across the EU. Restricting the flow of data will be bad for economic growth and development.

In a recent speech on the EU Digital Single Market EU Commissioner, Andrus Ansip, who is responsible for the EU digital single market policy said: “Confining data within countries constrains the entire EU Data Market. If today’s restrictions were removed, it could generate up to Euro 8 billion in GDP per year. But if the current trends on localisation are not stopped the cost to the EU economy will be much higher than this gain…..I am not a fan of data localisation.”

Commissioner Ansip is correct in his analysis and so the DMA will be lobbying hard for the UK to be granted adequacy status.

Although the UK does not only trade data with the EU but with many countries outside the EU, once the UK leaves the EU it will need strike its own deal with the US as it will lose access to the EU-US Privacy Shield.

Many other countries around the world are modernising their own data protection law and moving in a similar direction with similar principles to UK’s own data protection principles. There is increasingly a global convergence. Singapore and Australia recently upgraded their data protection law with significant reforms.

In 2017 the UK can begin to examine new relationships that will need to be forged after Brexit and contemplate how organisations can work towards making the UK a hub for digital economy. Trusted because of its robust data protection law and support for business and technology innovation.

The video of DMA Group CEO, Chris Combemale, speaking at Exeter University’s event in Parliament can be viewed below:

Hear more from the DMA

Please login to comment.


We recently surveyed businesses across the UK to measure their understanding of the prospective impacts of the General Data Protection Regulation (GDPR).

The results showed that 62% of businesses have no plans in place to prepare for GDPR, yet 93.6% believe that GDPR is applicable to their business.

These statistics show an acute need for businesses to take part in further training on the implications of GDPR, and how to prepare before it becomes law in May next year.

We’re running the GDPR Conference Europe (London, 27th April 2017) which will provide a framework to keep your organisation GDPR compliant. Join us to learn how to stay on the right side of the law come May next year.

Feel free to get in touch if you have any questions or need any further information, my email address is Jacob@amplifiedbusinesscontent.com.