Harriet Parker

Navigating GDPR – threats and opportunities

Harriet Parker

As more of our lives are carried out online, protecting personal or corporate data from theft continues to offer opportunities for investment.

Several businesses are finding better ways to protect this growing area of the economy and Enhancing digital security has been a key theme across our Sustainable Future funds for many years. This theme is becoming ever-more important with a number of high-profile breaches recently leading to growing concerns about how personal data is managed and the new European General Data Protection Regulation (GDPR) coming into force on 25 May this year. This requires companies to prove they understand where data is held and who has access to it, and also introduces stricter rules on security and processing. 

From a scale perspective, it is important to note this regulation does not just apply to EU businesses but to any company holding European data – and the penalties for non-compliance are considerable, with fines up to €20bn or 4% of revenue, whichever is higher.

Key requirements under GDPR:
  • Increased rights for data subjects, the right to “be forgotten” and data portability
  • Software developed with security in mind (privacy by design and by default)
  • Pseudonymisation or encryption of personal data
  • Secure processing of data

Initial research from Ernst & Young suggests that half of relevant companies will not be fully compliant with requirements by the deadline, suggesting the regulation should be a catalyst for higher IT spending in Europe over the long-term.

Areas set to benefit include vulnerability management, security analytics, identity and data protection technologies, and storage software.

Although we see many organisations allocating additional spending to comply with GDPR, a good proportion of this money looks set to be channelled towards external advisory services, benefiting companies with greater involvement in this area. But if half of companies are not yet prepared, we believe there could also be an upsurge in demand for cyber security products.    

Our GDPR focus is twofold: we continue to look for businesses benefiting from the Enhancing digital security trend but as many of the companies in our Funds have to comply with the regulations, it has also become a key engagement issue.

Initial research last year showed corporate disclosure on this issue was limited and we continue to assess the level of preparedness among our holdings. Smaller companies with fewer resources could be at significant risk, for example, given the potential fines and loss of consumer trust.

In the lead up to the GDPR deadline, we have been investigating other opportunities among the growing number of companies innovating in the digital security space. This spans a broad range of businesses, involving analysis of vendors, master data management (MDM) companies and larger systems integrators and consultants with a high percentage of revenues coming from products exposed to digital security growth.

Current holdings with exposure to this include pure-play security software providers such as Sophos in the UK and Splunk in the US.

Sophos provides information technology security and data protection products, offering protection against viruses, malware, spyware, intrusions, unwanted applications, spam, policy abuse and data leakage. Splunk develops web-based application software that collects and analyses data generated by websites, applications, servers, networks and mobile devices and its products can be used alongside traditional digital security products to better assess threats, incidents and responses.   

We will watch the impact of GDPR in the months after May with interest: when similar rules came into force in the Netherlands, for example, there were over 1,000 breaches in the first 100 days. It will be here that we get to understand how well companies have prepared. As a digital security expert said to us recently: “You’ll never know when you’ve overspent on security, but you’re sure to find out when you haven’t spent enough.”

Key Risks

Past performance is not a guide to future performance. Do remember that the value of an investment and the income generated from them can fall as well as rise and is not guaranteed, therefore, you may not get back the amount originally invested and potentially risk total loss of capital. The issue of units/shares in Liontrust Funds may be subject to an initial charge, which will have an impact on the realisable value of the investment, particularly in the short term. Investments should always be considered as long term.

Some of the Funds managed by the Sustainable Future Equities team involve foreign currencies and may be subject to fluctuations in value due to movements in exchange rates.


This content should not be construed as advice for investment in any product or security mentioned, an offer to buy or sell units/shares of Funds mentioned, or a solicitation to purchase securities in any company or investment product. Examples of stocks are provided for general information only to demonstrate our investment philosophy.  It contains information and analysis that is believed to be accurate at the time of publication, but is subject to change without notice. Whilst care has been taken in compiling the content of this document, no representation or warranty, express or implied, is made by Liontrust as to its accuracy or completeness, including for external sources (which may have been used) which have not been verified. It should not be copied, faxed, reproduced, divulged or distributed, in whole or in part, without the express written consent of Liontrust. Always research your own investments and (if you are not a professional or a financial adviser) consult suitability with a regulated financial adviser before investing.

Monday, May 21, 2018, 10:11 AM