Tilix GDPR Survey

Neil Williams

26 Oct 2017

Tilix Research is seeking answers to key questions concerning GDPR within the UK gas and electricity industries. Our approach comprises desk work, meta-analysis and polling energy industry professionals. Our research shows that GDPR is a priority for everyone, not just consumer-facing business units. It also identifies:

  • The overall information security needs of the UK energy industry.
  • The top privacy issues and risks in the gas and electricity markets over the next 18 months.
  • What typical GDPR budgeting, deployment and optimisation plans look like.

Join us on 2nd November at the Tilix GDPR Seminar to discuss our current findings and to shape future research.

How Can We Keep Customers and Regulators Happy?

Our research clearly indicates that the biggest challenges for energy businesses are retaining customers and maintaining regulatory compliance. Revenue protection and smart metering are also important.

Companies are becoming increasingly aware of how customers are more concerned about privacy than ever before and the need to oblige consumers with the right to request the data being held about them has become vital in today’s market. For customers, the right to opt-out of automated profiling and the right to opt-out of marketing altogether has also become increasingly important.

As part of this, companies are obligated to ensure that it is as easy to withdraw marketing consent as it is to give it.

According to a poll of 2,000 UK adults commissioned by SAS, 64% welcomed the Right of Access, whilst 27% of customers would request their energy suppliers for their personal data to be removed as well as disallow them to have access to personal data.!

Are you ready for GDPR?

The Tilix GDPR Survey revealed that “somewhat prepared but still need to execute plans” is the status quo. This resonates with other surveys from earlier this year. For example, [Trust Arc][6 found that 61% had not yet started preparations, whilst only 11% of companies were well underway towards GDPR compliance.

A majority of our respondents feel a high level of urgency to respond to GDPR. The most common actions that respondents have taken already are

  • Training employees on how to protect data.
  • Taking third party advice.
  • Investing in new security solutions.

The Data Protection Officer

A handful of respondents indicated that their firms have a designated Data Protection Officer (DPO). As per article 37 of GDPR, this role is mandatory in organisations processing substantial volumes of Personally Identifiable Information (PII).

Smaller firms who are obliged to have a DPO might ask: Can DPO responsibilities be subsumed by an existing role?

Yes. As long as the professional duties of the employee are compatible with the duties of the DPO and do not lead to a conflict of interests. Another option is simply to contract out the DPO role.

NB the DPO is a protected position. The DPO must report directly to senior management and have no conflict of interest. The DPO should be appropriately qualified for the role and should be consulted in respect of all data processing activities.


Your input to the Tilix GDPR Survey will help grow energy industry awareness and understanding of GDPR. If you have not contributed already, please take three minutes of your time to share your viewpoint.

To hear more about GDPR, join Tilix and other industry professionals at the GDPR in Energy Seminar taking place at Warwick Racecourse on the 2nd November 2017.

Further Reading


Blog Posts