Want to talk about the EU GDPR? You’re two years too late

The EU General Data Protection Regulation is coming into law on May 25th, marking the end of one of the most popular speculative talking points the cyber security industry has seen. The regulation has easily been the most discussed topic over the last few years outside of individual security incidents such as the WannaCry attack or Equifax data breach.

It’s easy to see why. The sweeping new data rights the regulation will introduce for EU citizens, combined with the huge potential fines for companies failing to protect the data in their care, means that the EU GDPR has prompted a sea change in attitudes towards data for most companies around the world.

The broad nature of the regulation and its lack of prescriptive language also means that every information security company has had an angle to wade into the discussion – and hundreds of vendors have gotten involved over the last two years. Frankly, it will be a bit of a relief for the regulation to come into law so we can move the conversation on from speculation to proven impacts.

The GDPR is finally coming into effect in just under two months after dominating the conversation for two years but curiously we still see some vendors entering the fray as though it were a relatively obscure development that was discovered just last week.

At best we can expect any journalist covering the GDPR to roll their eyes at any vendor trying to bring in a hot take this late into the game. These belated pitches will almost certainly not be offering anything that hasn’t been said a hundred times over the last few months.

Inevitably, these vendors are trying to enter into the discussion from an outsider’s position.  Unless you are following the local news agenda on a daily basis it’s difficult to gain an idea of what’s fresh and new and what’s already reached saturation point in the media.  This is precisely why your local PR partner is vital in guiding you on the local media appetite for topical issues like the EU GDPR.  For those vendors based outside of the region, finding a partner specialising in the UK market is essential to cracking leading local issues like the GDPR.

Likewise, establishing yourself in the narrative of an industry as dynamic and fast-moving as cyber security is extremely difficult without the help of a specialist with an insider’s perspective. The growth of the cyber market and contrastingly shrinking newsrooms means that the inboxes of most technology and business journalists are full to bursting with hundreds of pitches a day. I know several journalists who routinely delete thousands of unread emails on a weekly basis.

Breaking through this wall of noise to claim a place in the narrative is all but impossible without both in-depth knowledge of the undercurrents of the cyber security industry and first-hand knowledge of the local market and the specifics of its key press.


The five biggest mistakes US cyber security vendors make when launching in the UK

Why you should try and find the time to put your nose in a good book today