The General Data Protection Regulations (GDPR) is a  great opportunity, if you work with it. It is also, however, a threat, if you dare to ignore it. You’ve only got until 25th May 2018 before it is fully applicable in the EU and elsewhere. We are using the popular SOSTAC ® Planning framework to help you to plan and embed your own GDPR. Part 1 explored what it is GDPR and why organisations and customers need it.

Masked hacker working

In Part 2, we will look at setting a clear GDPR ‘Objective’ and also a crystal clear strategy to help you to embed GDPR. Part 3 will explore Tactics, Action & Control (the final sections of a SOSTAC® Plan.



SOSTAC ® Planning Framework highlighting Objectives

SOSTAC® Planning Framework


To be GDPR compliant within 12 months.

This is a major challenge and 12 months is deemed to be unrealistic by many experts. It might take 2 years? Be prepared.

An image of zero's and ones ie binary code.

Data Technology means GDPR is required more than ever before



SOSTAC ®Planning Framework highlighting Strategy

SOSTAC® Planning Framework



Improve data management & the Customer Experience (CX) simultaneously.

Start managing data much more seriously. Manage data better, quicker, faster and with far better security. Adhere to GDPR Guidelines within 12 months by appointing a data controller, initiate training, testing and reporting using a budget of £xyz. Adding GDPR audits to board agendae.

Build a Data Protection Culture. Cultural change is critical. Attitudes to personal data must change. Personal data is a new currency. Training is not mandatory (well it is! But think of it like ‘Training is an opportunity’).  Embracing GDPR requires a cultural change. Michael winner once said that a ‘£60 fine for driving in a bus lane was very good value’ (source: Ruairi Thomas MD, DST Systems). So how do you stop people thinking that GDPR fines might be cheaper than changing the whole culture of the business into a customer centric, customer caring, & data protecting – type of organisation?  GDPR is an opportunity.

Battery Looking Buldings

Build a a data protection culture

Become transparent. The whole organisation must become transparent regarding collection and use of data and be accountable.

GDPR has a cost but also brings an opportunity for a better Customer Experience – which, in the long term, means better business.

Part 3 will explore Tactics , Action & Control – the remaining sections of a SOSTAC ® Plan.



Powers of observation:

Two goldfish in a fishbowl one says “it’s wet in here” the other says “wow, a talking goldfish”.

Are some organisations fully observant as to what is happening with this new GDPR?



If you enjoyed this you might also enjoy:

Part 1 GDPR:  Opportunity to Boost CX or a Threat of Closure?

How Trump Won by analysing data to deliver extremely relevant and highly targeted messages that worked.

How To Write The Perfect Plan in 4 minutes using the SOSTAC ® Planning Framework (4 min. video)



Armstrong, Jonathan (2017) Cordery: ‘All you need to know about GDPR but were too afraid to ask’, GDPR Conference Europe, 27 Apr

Cameron, Gareth (2017) ICO: ‘The pathway to implementation’, GDPR Conference Europe, 27 Apr

Kolah, Ardi (2017) Henley Business School: Sizing the risk – carrying out a data protection impact assessment Lite

Miller, Nigel (2017) Fox Williams:  Individuals’ Rights Under The GDPR, GDPR Conference Europe, 27 Apr

Smith, PR (2017) SOSTAC® Guide to your perfect digital marketing plan

SOSTAC® Portal for SOSTAC® Certified Planners

Thanks to 

Ardi Kolah, Executive Fellow & Programme Co-Director, GDPR Transition Programme, Henley Business school, University of Reading.

Nick James, CEO of Amplified Business Content, hosts of GDPR Europe Conference