How many consultancies can lay claim to educating an entire country?

How many consultancies can lay claim to educating an entire country?

By Steve Hewison, CEO

The new EU General Data Protection Regulation has become a bigger and bigger news story throughout 2017, yet when Winterhawk, alongside our partners SAP, staged our first “Cyber Protection and GDPR” event back in October 2016, I got the distinct impression that people attended more out of curiosity, rather than a belief that the new regulation would truly be relevant to them.

At that time in the UK, there was still the small matter of a Brexit vote, and what the result might mean in terms of GDPR compliance (In January 2017 the British Prime Minister confirmed that irrespective of Brexit the UK would still need to comply).

So here we are, one year on from our first GDPR event, and Europe is awash with consultants and lawyers claiming to be specialists and experts, newly appointed DPO’s, and social media threads full of differing opinions on and interpretations of something that is very much open to speculation.

We live in an age where identity theft is a multibillion-dollar industry, and where organisations manage to lose data on a daily basis. As an individual, am I concerned? Too right I am.

I personally believe that the concept of the GDPR should be applauded – surely citizens should be entitled to far more control over their data.

Last week I saw a post on LinkedIn offering a “free guide to GDPR”; I clicked on the accompanying link, which took me to the company’s website. All I had to do was submit my full name, job title, email address, and a telephone number, and I was directed to tick a box agreeing to their terms and conditions in order to get my “free” guide.

Here we have a company claiming to understand the requirements and consequences of the GDPR, and suggesting that people should read their publication, yet in one fell swoop demonstrating that they don’t understand the most basic essence of GDPR: organisations are not entitled to capture or store data on individuals – in this case, blatantly for marketing purposes – and as individuals we are entitled to choose not to consent.

I didn’t know whether to laugh or cry.

Anyway, I started writing this on-board a very comfortable Atlantic Airways flight (highly recommend) to the Faroe Islands, a country which is home to about 50,000 people, a diverse set of industries, and a rapidly improving national football team. We were delighted to be invited to speak with business leaders and members of the Faroese government about GDPR. As locations go, what’s not to like – stunning scenery, a view of the Northern Lights (fog permitting we’re told), and a chance to hear and maybe learn a few words of a new and interesting language. Now back at home, I can say that the trip was more than successful – it was an incredible experience, and one that will live long in our memories for many reasons, including the warmth and generosity of our hosts.

For more information about any of Winterhawk’s GDPR-related services, contact us at