GDPR in the Energy Sector

Neil Williams

01 Oct 2017

At the upcoming Tilix GDPR Seminar on 2 November 2017 (at Warwick Racecourse), energy industry professionals will share their best practice, experience, challenges and opportunities.

How Will GDPR Affect the Energy Industry?

Tilix spoke recently with Jon Stamp, an expert in risk management and governance in the energy sector. He is a chartered engineer and was recently Director of Energy Management at RWE npower. In summary, he said:

GDPR is legislation with teeth. The downsides of not being ready are significant both competitively and legally. A key upside for GDPR readiness, is that data protection is a commercial opportunity not just a compliance cost.

Find out more from Jon at the Tilix GDPR Seminar.

The Thin Line Between Threat & Opportunity

Consumers are taking privacy ever more seriously and information security breaches are headline news.

Most people understand that a vast amount of their data is being collected and stored in computer systems by business, government and the third sector. They rightly expect their personally identifiable information to be treated with care, courtesy and respect.

Many also have an ever increasing appetite for bespoke products and services. They are happy to share data if it is part of a fair and equitable transaction.

Businesses have to walk a very fine line between threat and opportunity: Can personal data be used to tailor market performance? Or are privacy concerns so great that personally identifiable data should be avoided?

Rather than being a possible show stopper, GDPR can be a business enabler. However, this requires that information security is much more than a tick the box exercise. Privacy best practice has to be in the DNA of every product, service, process and piece of technology.

GDPR by Example

GDPR applies in many contexts across the whole energy value chain. Two cases which are particularly relevant to Tilix are outlined below.

If these scenarios don’t convince you that GDPR is a data revolution for utilities then you should also see Nic Sheen’s recent Utility Week article.

B2B Communications

A key difference between GDPR and earlier regulation is that GDPR makes no distinction between B2B and B2C. It applies to both.

B2B marketers in the energy sector (which includes Tilix) need to prepare for GDPR so that marketing continues to feed the sales pipeline. We don’t want to be caught off guard come 25th May 2018.

It is likely that under the new rules, a consultancy could not send a marketing email (about an upcoming seminar for example) to an SME suspect unless prior consent had been given. Therefore social media and search engines will grow in importance.

Fortunately marketing to existing customers by email is unlikely to change. Any addresses captured through the course of delivering products or services can be used for marketing similar products or services as long as there is a clear opt-out option.

There continues to be debate and analysis about how GDPR will apply in B2B contexts. See for example The lowdown on ePrivacy Directive revisions from the Direct Marketing Association or Marketplace analysis from Smart Insights.

The Smart Grid

The smart grid sits alongside smart homes and smart cities as a big deal for everyone that makes, moves or sells energy. The value chain is driven by regulators, utilities, the “supplier hub” and third party intermediaries.

In the UK, there is a plethora of mandatory functional specifications embodied in various licence conditions and industry codes. Some of the key principles are:

  • Ensuring consumer confidence and trust.
  • Maintain the privacy of individuals.
  • Secure the national infrastructure against threats both foreign and domestic.

Smart metering is front and centre for all domestic suppliers. However, many practical details are still unclear. Where is customer consent required for using data? Are utility operations, energy efficiency, demand response or energy management exempt? Or do all purposes require positive customer authorisation where personally identifiable data is used?

Another concern is around how much time, effort and money is needed to protect the privacy and security of customer energy usage data. To address these and other concerns, firms should be establishing privacy governance frameworks that include:

  • Respect for customers and their data.
  • Continuous management, measurement and improvement of information security.
  • Designing privacy into products, services and software.
  • Role based employee data access rights.
  • Privacy and security embedded into supplier hub contracts.

How Tilix can help

Tilix helps small and medium enterprises within the energy industry treat privacy holistically.

Market Research

Through surveys and interviews with energy industry professionals, Tilix is seeking answers to key questions concerning GDPR within the UK gas and electricity industries.

Our research shows that GDPR is a priority for everyone, not just consumer-facing business units. It also identifies:

  • The overall information security needs of the UK energy industry.
  • The top privacy issues and risks in the gas and electricity markets over the next 18 months.
  • What typical GDPR budgeting, deployment and optimisation plans look like.

Energy industry professionals that complete the Tilix GDPR Survey are making a valuable contribution to helping the energy industry treat customer data intelligently and fairly.


On 2 Nov 2017, at Warwick Racecourse, Tilix will share best practice and experience relevant to parties across the whole energy value chain.

There will be valuable insights and analysis for those who are fully prepared to those who are still to find out about GDPR.

Book tickets (£99 incl VAT).**


Our team includes GDPR certified professionals who understand the commercial, technical and compliance dimensions of the energy industry.

Tilix GDPR solutions follow a step-by-step approach:

  • Observe the current situation relative to GDPR;
  • Orientate and align through interviews and workshops;
  • Decide how to close gaps and grasp opportunities;
  • Act according to an agreed schedule of work.