GDPR: More concern for marketing, or IT?

Who will be responsible for all the data?

Many businesses now consider the threat of GDPR "much more a concern of the marketing department," than for IT, according to group technology officer at Blenheim Chalcot Accelerate, Mark Ridley.

Speaking as a part of an IT leader ‘hot seat' session at Computing's Enterprise Security and Risk Management Summit 2016 in London last week, Ridley explained how studies are now showing that while GDPR "isn't really resonating" at the lower end of the business market, from mid-market upwards companies are now "very concerned" about changes wrought by GDPR.

But fears, it seems, are often seen outside IT.

InfoSec itself, both from the business side and the CTO, we're hearing that information security is a very big deal. Some of that is driven by GDPR - especially as you get to the larger businesses, there's concern about it.

"I spoke to a business recently, and when I asked them about GDPR they were saying it was much more a concern of the marketing department. So, there's a really interesting change happening with marketing technology across the business," said Ridley.

The fears, Ridley believes, may be based on the ways and forms in which data is gathered on customers of a business.

"With marketing and sales, if you think about Salesforce and everything you've got around tthe collection of data, thay's something that obviously sits outside of the IT function - it's not seen as a core IT function, but it's collecting an awful lot of data," he said.

"One of the big things I'm particularly interested in is what happens when that extends to the data warehouse, or you have a data lake. So businesses - and especially digital businesses - are increasingly not seeing that, actually, data is the largest intangible asset their business has. there's no question about it."

With all this data being out somewhere and "increasingly more accessible across the business in terms of reporting," said Ridley, there's a change in ownership that is manifesting itself away from IT.

"If it's being collected on your website and put in your CRM, who's responsible for it, and how do you meet GDPR regulations for it when it's going between different sources? It depends who in the business you're talking to."