I’ve heard and read this a lot recently: “GDPR will kill our business.” In the same way that health & safety legislation killed manufacturing when that was first introduced? Or anti-discrimination laws killed off the service sector? Or the Highway Code and speeding laws killed off motor transport?

This is, of course, typical knee-jerk reactionism. Nobody likes change, especially where it’s foisted upon them and particularly where it involves adjusting (or implementing) processes, training staff, changing attitudes. Oh, and spending money. But to those people out there moaning about GDPR, are you the ones who aren’t using personal data in a fair (and lawful) manner? It will be doubly difficult for those who have just discovered there is already a Data Protection Act in the UK that they should be complying with.

GDPR compliance will be a shock to the system, particularly if you’re in an organisation that has no regard for how it controls & processes personal data. But, in 10 years time, it will probably be viewed as another law that cleaned up dodgy practices. Businesses will survive — unless of course they haven’t been using personal data properly and they fail to adapt to GDPR. In which case, those businesses will be fined by the ICO or will be hit with data processing bans. They may suffer data breaches and reputational damage and will lose ground to other businesses. Maybe that’s not a bad thing.

And no, don’t wait for Brexit to kill GDPR.