Here’s the scenario. You’re a business owner. You pay your taxes. Never late. You account carefully. Never falsely. You treat customers and employees well. You face your responsibilities head-on. You try. Despite your best intentions - diversion, distraction, direction (the lack of) or simply delusion leaves you at risk.

Here’s the detail. Small and medium-sized enterprises (SMEs) often grow organically. For all the planning in the world, things don’t always go the way you expect. You blink and years have passed and with every passing year, another good decision starts to look less and less so.

I’m talking about data, systems, processes, policies and procedures that have seen your organisation stay on broadly the right track. Until now. Delusion is thinking you can carry on as you have to date.

Now, seemingly out of the blue, the introduction of the General Data Protection Regulation (GDPR) suddenly brings into stark focus the implications of decisions made in the moment. Time to take stock and tackle the problem. 

How many systems does your organisation have? One, two, five, fifteen?

Apparently, good business writing is about reinforcing your point with evidence. Here’s a statistic for you. A personal one. My business currently has fourteen business systems, including:

• Two marketing automation systems (don’t ask)
• Two website tracking products (see above)
• Email
• Collaboration platforms
• Four websites

The list goes on. They all have two things in common. There is personably identifiable information on every one of them, and they were all bought and implemented in good faith, and for good reason. Sound familiar?

Now is the time to start understanding what they do for your business and why. The GDPR stipulates you get control of your data ahead of next year and, specifically, information of a personally identifiable nature, in readiness for the new control citizens living and working within EU boundaries will have over their data.

And herein lies the challenge. Too much choice, not enough time. Here are some choices I have regarding our processes and data:

Delete – make changes to the way my business operates, cutting the need for certain systems and allowing me to delete associated data. It's drastic, but effective. 

Migrate – take what I’ve got and consolidate it. Quick and dirty. Time is limited. Worry about the consequences later. It's messy, but could be effective.

Control – leave things where they are. Add a layer of control. Use resultant insight to my advantage. It's complex, or is it?

Read about GDPR for long enough and you’ll find articles that focus on search. And for me, search and process are the two facets of complying with any regulation.

Effective search says, “I know what I’ve got”. Extensions of search - conceptual search, auto-classification and tagging – says, “I know what I’ve got. And I know it’s being controlled.” Process automation says, “And I know when it’s not. And I know how to handle it."

So when I say broad choice and limited time is a bad thing, I mean it.

Many companies simply won’t have time to embark on multiple, lengthy migration projects. Similarly, evaluating the market for tools that “solve GDPR” will see organisations overwhelmed with apparent choice. No, I council another approach. Control what you’ve got. And for that, you need the power of search.


By Simon Wright, CEO at Britecloud

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus