The European Union’s General Data Protection Regulation (GDPR) comes into effect May, 2018. Every firm, irrespective of its physical location, interacting with EU citizens, will need to make changes to oversight, systems and processes to comply with the new rules.

Little known and even less discussed, the GDPR is the most important change in how we are store and process data the world has ever seen. In the UK it replaces the Data Protection Act (DPA) of 1998, which is nearly twenty years old and a relic of an age in which the fax machine was ubiquitous and data storage often involved a cupboard and some paper. The DPA couldn’t have foreseen the rise of ‘big data’ or the ever increasing role that data plays in our lives.

In the last two decades we have entered the information age – mankind has created a vast digital universe. Data creation and storage is thought to be growing at as much as 50 per cent a year, a vast expansion driven not only by increasing populations, but also the number of ‘smart devices,’ items connected to the Internet which store and manipulate data continuously.

In this time, the average person has sacrificed privacy for convenience. Sharing data with everyone from the supermarkets to utility providers, and of course the technology firms which have sprung up to monetise this growing resource. The information age has seen the birth, rise and relentless growth of data giants such as Google and Facebook. But the GDPR has the potential to change this narrative, placing data back in the hands of the consumer and rewriting the concept of data ownership.

As such, this legislation is good for the individual, potentially onerous for corporates, but possibly dangerous for the business models of many tech firms. In the new regime, as individuals we have the right to be informed of data ownership, the right to correct, delete, or restrict the use of data and also the right of data portability. For the first time our unique data is ours. (At least for EU citizens!) For firms with multi-billion valuations based on their ownership of our data this could be interesting to say the least.

This has significant and under-appreciated ramifications for social media. Social media is playing a larger part in all our lives and the stock market valuations for the tech companies that obtain, process and then sell our data are higher than ever. The relentless rise of Facebook et al may no longer be a ‘sure thing’ when the very nature of information is about to change. We see the role of GDPR as a potential catalyst for the more ethical use of data.

Recent world events have often made us question whether social media platforms are a benign influence. Many of us live in ‘social media bubbles’ in which are our views are reflected and amplified without receiving the checks and balances of those with both differing viewpoints and differing experiences. This is compounded by outright lies, a lack of fact-checking, and led to the emergence of the so-called ‘post-truth era’. These issues create dangers not just to us individually but also to democracy.

Politicians and traditional media have sought to blame Google, Facebook and Twitter for this. But perhaps they themselves are the real culprit that they have struggled to adapt to change. The propagation of fake news led many of the giants to appoint chief ethical officers and adopt policies that try and halt the flow of misinformation and improve the quality of their channels. But the amount spent by these firms developing ethical procedures is insignificant compared to their billions in revenues and profits.

This, compounded with growing evidence that data giants treat tax as a game rather than a moral imperative (Facebook is thought to be pay less than 1 per cent tax on UK profits!,) has led many to question whether a more ethical approach is needed. With many consumers critical of the data giants’ business models, GDPR could become a catalyst for change.

Some investment banks have analysed the customer value to Facebook of an EU citizen as greater than €1,000 – this value relies on the data and the platform effects. With this data portable from 2018, the potential is there for a large group of consumers to seek to set up their own ethical platform, that is more in tune with their values, i.e., shows fewer advertisements, restricts the flow of malicious information, or pays more tax. Or they may simply wish to capture the €1,000 of value for themselves. For those of us who pay more than a 1 per cent tax rate, this sounds both feasible and desirable.

It has frequently been noted that data is this century’s oil – the essential component to industry. To extend the analogy further, the introduction of the GDPR has the potential to be as momentous as the 1911 breakup of the Standard Oil monopoly.

Also by Dan Tammas-Hastings:

The exploding popularity of RegTech



  • The post gives the views of its author, not the position of LSE Business Review or the London School of Economics.
  • Featured image credit: Twitter Facebook, by LoboStudioHamburg, under a CC0 licence
  • Before commenting, please read our Comment Policy.

Dan Tammas-Hastings is Managing Director and founder at digital asset management firm RiskSave. He founded the company in response to inadequate risk measures and a lack of transparency dominating the financial services industry. After a successful career as a fixed income trader specialising in GBP derivatives at Merrill Lynch and as a hedge fund manager, managing multi-billion £ portfolios across credit and rates, he is now a leader in risk management and is in charge of strategy and investment at RiskSave. Dan has been awarded both the CFA and FRM charters and is a graduate of the LSE and the University of Cambridge.