Rethinking Fundamental Business Models: A Q&A on GDPR’s Impact

Laurie Boyall

Group Chief Executive, McGregor Boyall Associates

Laurie Boyall is co-founder and Group Chief Executive of McGregor Boyall Associates, a leading international recruitment consultancy with UK offices in London, Manchester, Edinburgh, and Glasgow as well as offices in Dubai, Singapore and, imminently, Hong Kong. After working as an academic and in the educational travel industry in the United States and Europe, Laurie set up McGregor Boyall over three decades ago to meet the recruiting and resourcing requirements of a UK IT sector that was growing exponentially.

Laurie Boyall is no stranger to organizational change and transformation. As the Managing Director of McGregor Boyall Associates, he’s amassed a successful three-decade track record helping an international clientele adapt to innovative technologies and market opportunities. Here, he reflects on his firm’s approach to GDPR implementation. Not surprisingly, he views the regulations as an opportunity to reexamine fundamental business models and operating procedures.

RIX: Has anything surprised you about how the industry is preparing for GDPR?

Laurie Boyall: Yes, I’ve been surprised by the degree to which the May 25th deadline is being taken seriously. The industry is not famed for embracing—or even being aware of—new regulation. In fact, an ostrich with its head in the sand would probably be the most appropriate recruitment sector mascot. However, this time things appear to be different.


RIX: Why do you think it’s different this time?

LB: There are several potential factors, including hyperawareness of data breaches, fueled by the media, and terror of sizeable fines. Then there’s the tsunami of emails from lawyers/consultancies/IT firms describing in ghoulish detail the consequences of getting it wrong and (surprise, surprise) the benefits of signing up for their services.

The causes don’t really matter. What counts is that it’s being taken seriously.


RIX: What essential questions have your internal GDPR preparations uncovered?

LB: For contingency recruiters, the database is at the heart of operations. The question that comes up most about their database is “how big is it?” Less frequently do they explore questions like “what’s it for?” or even more scarily, “do we really need one?”


RIX: What’s the most positive outcome that is coming out of your approach?

LB: Our approach has led us to refocus on essentials, including an examination of fundamental business models. A firm’s database enshrines its relationships with clients and candidates. When you start to question the database—who should be in it, why, and for how long—you’re actually asking about the fundamentals of your relationships and the exact nature of the services you are supplying. In other words, you’re reexamining your business model. That’s what we’ve been doing, and it’s been refreshing and positive.


RIX: What concerns do you have about the post-GDPR landscape for recruitment? How should firms mitigate risks?

LB: The post-GDPR environment does not appear to be particularly threatening simply because of GDPR. Dangers can be mitigated by sensible planning and a commitment to putting in place systems—both human and digital—that help you step through the minefield without injury.

However, firms could be impacted by a loss of competitive advantage. GDPR investment, in terms of both time and money, is not insignificant. The ultimate outcome will be more diligently monitored working practices. But there will be firms who will neither invest nor monitor. They will simply choose to do neither and take a chance that nothing bad will happen.


RIX: How do you see the scenario playing out for firms who don’t prepare?

LB: For some, and maybe many, nothing bad will happen. For a while, such firms may enjoy a freedom and speed to market that more conscientious firms may lament. But in the long run, the chancers will have to come in line, not necessarily because they get caught out but because clients will insist on, and inspect bullet-proof supply chains.


RIX: Beyond GDPR, what regulations or legislation on the horizon are you keeping your eyes on?

The EU’s upcoming ePrivacy Regulation will no doubt introduce some thorny elements to be addressed. However, the Regulation appears likely to have less direct impact on the sector than GDPR will have.


RIX: Outside of navigating the regulatory landscape, what’s top of mind for you right now?

LB: In a word, talent. How do we identify it, attract it and retain it?  In a complex, changing world it’s almost a relief to have a challenge that can be summed up in one word! Sadly, the solution can’t be…