A sobering lesson for us all

With news of a British Airways data breach hitting the headlines, Jarrang CEO Stafford Sumner says it is vital that businesses are GDPR compliant


Ask anyone who knows me – I am a GDPR fan. I firmly believed that the new regulations that came into force on May 25 would provide enormous opportunities for companies to strengthen their relationships with their customers. And now the deadline for compliance has passed and we’re in this brave new GDPR world, I believe it more than ever.

And while GDPR provides an ideal landscape for businesses to connect with their customers in a more value-laden and effective way, it also builds trust. Trust that customers’ data will not be abused and will be carefully protected.

Yet the British Airways data breach – the impact of which is still unfolding, with the latest news this week that the business is facing a £500 million group action lawsuit over its handling of last week’s cyber attack – is a sobering lesson to businesses large and small. It highlights the legal, financial and reputational damage that can result from data breaches in this post May 25 world.

One of the key elements of GDPR is identifying and reporting breaches as early as possible, including notifying all those affected as soon as possible.

Whilst all businesses need to minimise the risks of a breach in the first place, we also need to have a battle-ready plan prepared about how to deal with such issues quickly and compliantly if they do arise.

It’s really important that this is embraced by the whole organisation, not just the IT and/or legal teams.

At Jarrang, we work with businesses across the south west and beyond to ensure the email marketing data and processes are compliant. To make sure our clients have a wide spectrum of advice and robust protection, we partner with legal and privacy professionals to provide GDPR support. Something that is essential in the unfortunate, but not uncommon, instance of a breach.

Due to the high-profile nature of these breaches and the awareness of the personal impact on consumers, brands and their income can be severely affected unless the issues are dealt with head-on and immediately.

So take heed from the British Airways debacle – and make sure you are continuously GDPR compliant. May 25 wasn’t the end – it was just the beginning!

Jarrang and law firm Stephens Scown are publishing a new free ebook about email marketing in a GDPR world in October, which can be downloaded from both the Jarrang and Stephens Scown websites from that point.

About the author

Stafford Sumner is founder and CEO of the UK’s leading independent email marketing agency, Jarrang, which is based in Falmouth. An email marketing pioneer, Stafford started out on his own 15 years ago at the tender age of 24. He now runs a dynamic, hugely successful and – uniquely – platform agnostic email marketing agency, offering an unrivalled supported self-service product.

Jarrang’s sector experience spans ecommerce, hotel and hospitality, financial services and retail industries. With offices in Cornwall and London, and an international client base, Stafford and his team offer intelligent, bespoke email marketing services, ranging from strategy building to full project execution.


  1. You may be a GDPR fan, but you clearly don’t quite understand it. The GDPR is a regulation, not regulations, and came into effect, not into force, in May. It came into force in 2016 – see Article 99.

    You also say “One of the key elements of GDPR is identifying and reporting breaches as early as possible, including notifying all those affected as soon as possible.”

    Nope. Some breaches don’t need to be reported at all, and people (data subjects) only need to be informed if there’s a high risk to their rights and freedoms.

    Better read it more thoroughly!

Comments are closed.