I think that in too many publications and articles people focus on describing GDPR as a burden and completely omit the benefits coming from it. After all, the introduction of GDPR entails many positive changes for both companies and consumers.

From a business standpoint that would be for instance:

1) Restoring trust between businesses and customers

There’s no doubt that customers have become increasingly suspicious about how their data is being used. For example, the results of the recent study conducted by The Chartered Institute of Marketing’s (CIM) show that 57% of consumers are distrustful of the ways brands use their data.

The new regulation will help them better understand how it’s being collected and further processed.

The new level of transparency provided by GDPR should lead to customers trusting brands more and having more confidence to share their data. This could also result in a more positive corporate image based on honesty, integrity, and provide a market advantage over companies that are not prepared for GDPR (which now will imply that they don’t care that much about the rights of their customers).

2) Data minimisation & different marketing strategies

GDPR requires, among other things, that companies should collect data about their customers only if it serves a specific purpose. What’s more, the data should be up-to-date, accurate, relevant, and its use should be accepted by each individual. This results in many positive changes, for instance:

  1. It eliminates situations in which companies collect all possible pieces of information about their customers they can find, creating databases containing heaps of useless data.
  2. Companies will need to reevaluate their marketing strategies and see how they can reach certain goals without such an extensive use of personal data. Thanks to limited but accurate data about their clients, they’ll be able to serve them with more valuable and precise recommendations and marketing campaigns.
  3. Also, less data means you’ll be able to use clearer, lighter and more valuable databases of customer data in your marketing efforts. And let’s not forget about less budget spent of the data storage. Not all that bad, right?

3) Ability to create single customer profiles

As you certainly know, under GDPR, users will have a right to access and rectify their personal data. To ease up the process of fulfilling data subject request, many companies will take advantage of centralised databases that will help them easily retrieve all the collected information about the user.

And with one, centralised database, you’re one step from creating single customer profiles (a.k.a. single customer views). This kind of information is extremely useful for marketers, to the point when some experts even call it “a holy grail” of marketing.

4) Less data breaches

Many studies, including the recent one conducted by Rapid7, state that human interaction is still key to cyber attacks. However, preparations towards GDPR should always involve educational campaigns that will explain to your employees the rules around handling data in line with the new regulation and help them employ safe data processing procedures across the whole organisation. That will aid in mitigating the risks of data breaches caused by human error.

GDPR and consumers

On top of the above, GDPR also offers benefits for consumers. Right now, customers have limited knowledge on who, why and where stores data about them. Fortunately, that will change once GDPR comes into force. This is what will change:

  1. Under new regulation, save for a few exceptions, everyone wanting to acquire personal data about individuals will have to ask for it first. Also, in their consent requests, companies will be obliged to disclose how they’re going to use user data and collect separate consents for each purpose.
  2. Also, under GDPR, user consent will mean an affirmative action undertaken in an unambiguous and informed manner. It automatically eliminates the ‘implication of the agreement’ (i.e. pre-clicked boxes or statements like “by visiting this website you agree to […]”) from the list of accepted forms of consent. What’s important, consents won’t be given once and for all — they expire after 6 months and the user will have a right to revoke or restrict them any time they want.
  3. Users (data subjects) will be able to receive access to the information companies gather on them as well as rectify inaccurate or outdated information. Businesses will be required to process their requests within 30 days. Otherwise, they expose themselves to harsh penalties.
  4. What’s more, they’ll have to be informed about breaches of data about them within 72 hours timeframe. It means that there will be no more horrifying stories of covering up data breaches for saving someone’s face, like in the case of Uber  or Yahoo.

All that will certainly help restore transparency of marketing and advertising activities. It will also put users in a position of power and allow them to decide on the level of privacy they want to keep in the internet. Just like they do it in the offline world.


I believe the GDPR is an opportunity for a more personal relationship with your customers and restoring their trust in how you deal with their data. However, I’m aware of all the responsibilities it brings to the table and know that many companies are afraid they will not be able to meet all the requirements before GDPR enters into force.