• by Sean Hargrave , Staff Writer, March 31, 2017

It was entirely predictable. That's not to say that it's right, of course, but the news that nearly one in four companies are now dropping GDPR preparations is not entirely surprising. Less than half a week after Article 50 was triggered, it's not too surprising to see that companies are allowing themselves to presume the new law is no more.

Information management company Crown Records surveyed IT decision makers -- it's not clear how many -- to gauge opinion from the tech and information systems guys who are in charge of data protection projects. The truly worrisome statistic is that 24% have now stopped working on GDPR compliance. The reason is pretty obvious. Nearly one in two of those surveyed -- 44% -- think that the legislation will not apply to them due to Brexit. 

For those who share this opinion, it's time for a massive reality check. Even if the UK and EU negotiators manage to pull a proverbial rabbit out of the hat and arrange a fit-for-purpose exit and trading agreement within the allotted two years -- and it's a big "if" -- the law will have already been in place for the best part of a year.

Technically, it's already law -- but its massive fines (up to 4% of global turnover) don't swing into action until May 2018. By then the EU negotiations will still have at least ten months to run.

So in the words of Clint Eastwood, "do you feel lucky, punk?" Do you really reckon that you can go ten months of being compliant and not have a single complaint? Do you really reckon that the new arrangements will be in place by March 2019, or do you think there will be a transition period where the law will apply for even longer? 

More to the point -- and here's the really crucial observation -- the law will still apply to EU citizens data. Even if GDPR is repealed in the UK, the law will still apply to EU citizens' data held by companies. So any business that deals outside of the UK would be absolutely crazy to stall plans to be compliant.

So companies that don't think GDPR applies to them could get terrible wake-up call even if the law is eventually repealed.

Ultimately, it's a compliance pain, but in terms of email marketing it does at least ensure that you are only messaging people that want to hear from you.

List sizes will almost certainly shrink, but that should help focus on building conversations with relevant people rather than those who no longer need to be in touch, or can't remember ever having elected to do so.