With 2017 drawing to a close, there will be some - most notably Equifax and Uber - who will be glad to see the back of it. On the other side of the coin are the companies who are trying to hold back time as the clock ticks away on GDPR D-Day.
Throughout the year, the skills gap was a cause for concern, especially given the predicted rise of artificial intelligence and machine learning. But as is often the case, threats can bring opportunities, too. Here we provide a month-by-month guide to the top stories of the year.
As is tradition, the year kicked off with a number of predictions, including that smart machines - including those offering cognitive computing, AI, intelligent automation and machine learning - would enter business mainstream within five years. According to Gartner, almost a third (30%) of large enterprises will employ some form of smart machine by 2021.
A separate report predicted that this could actually ease the skills crisis, with more than 40% of data science tasks to be carried out by machines within three years. This, Gartner argued, would free up humans to carry out more complex assignments.
Meanwhile, recruitment specialists Robert Walters foresaw a bumper year for professionals specialising in data analytics and business intelligence, whom it claimed could expect to enjoy inflation-busting pay rises this year - of over 4% on average - with junior to mid-level roles seeing the biggest increases. However, experts in data security across all levels of experience and in both permanent and contract positions would pocket the biggest increases, of over 8%.
And with consumers increasingly aware of the threat to their personal data from online criminals, it is perhaps easy to see why, especially as the vast majority (70%) believe it is brand owners' responsibility to protect and secure this information, with only 30% reckoning they should do more themselves.
February saw the Government confirm that the UK would implement the new General Data Protection Regulation (GDPR), with Digital Minister Matt Hancock describing it as a “decent piece of legislation”. Hancock insisted full implementation would help to ensure the UK would start from a position of “harmonisation”, rather than a position of difference in Brexit negotiations.
Not that marketers displayed much confidence in being compliant on time. In February, with just 67 weeks to go until GDPR D-Day, over a quarter (26%) reckoned their businesses were unprepared, with just over half (56%) reporting they felt prepared and a stubborn 5% still believing it was not their responsibility.
Over at the Information Commissioner's Office, however, Elizabeth Denham urged brands to move beyond doing the bare minimum when it comes to data protection compliance to ensure they treat their customers' data sensitively and ethically.
By March, it was becoming clear that the ICO was feeling the strain of GDPR. TechUK, the body which represents smaller UK tech companies, called on Chancellor Philip Hammond to give extra funding to the regulator to boost UK businesses' ability to get in shape.
The demand was one of a number of challenges set out for the industry body, which said the extra cash would also “enhance the ICO’s reputation as a leading independent regulatory voice on how data will underpin the new wave of international trade deals with key markets”.
Cracks also started to emerge in the education system, after universities were accused of failing their students. According to a report by Intern Tech, one of the main areas for concern was in the lack of knowledge and understanding surrounding the UK's in-demand technology jobs.
When presented with a list of the country's most sought-after roles in the tech industry – including data scientist, social media manager, app developer and cyber security specialist – a massive 48% of graduates said they do not know what these jobs entailed or how they would secure one.
City University of London's response was to launch a qualification for budding data scientists, which it claimed will be the only MSci - a combined bachelors and masters - for data science available in the UK. The four-year course will give students a foundation in computer science in the first two years, followed by the MSc in data science within their third and fourth year.
Data security hit the headlines once again, when Wonga revealed a mass data breach that had affected 245,000 UK customers. Within days, businesses large and small were urged to protect themselves against cybercrime after Government statistics revealed that nearly half of all UK businesses had suffered a cyber breach or attack in the past 12 months. Whitehall insisted most could have been prevented by signing up to the Cyber Essentials scheme. Not that Equifax, which gained certification in February 2017, found much benefit...more of which later.
April also saw the charity sector's data practices exposed when the Charity Commission launched its own investigation into 11 charities - including major brands Cancer Research UK and the NSPCC - after the ICO issued a raft of "discretionary" fines against them, ruling they had breached the Data Protection Act by misusing donors’ personal data.
ICO investigations found many of the charities secretly screened millions of donors so they could target them for additional funds. Some charities traced and targeted new or lapsed donors by piecing together personal information obtained from other sources. And some traded personal details with other charities creating a large pool of donor data for sale.
They were not alone, however, as the ICO pledged to take action to clamp down on the murky world of lead generation, after publishing the first results of a mystery shopping exercise against those sectors it suspects of gathering and using marketing data illegally.
The initiative, dubbed "Operation Bowler 2", marked the first time the regulator had proactively hunted businesses, many of whom it concedes might be carrying out the activity unwittingly. Due to a lack of resources, it usually waits until complaints are made before it acts.
With the continuing countdown to GDPR D-Day, a worrying trend emerged that, even though awareness is increasing about the new Regulation, over half of firms did not actually think it will apply to them.
According to a study of over 2,000 companies, carried out for legal firm Irwin Mitchell, a third of businesses reckoned GDPR would have no impact, claiming that the regulation is not an issue for their sector. A further 22% claimed it is not relevant to their organisation because they are not a consumer business.
Even more concerning was the fact that more than a quarter of UK retailers had abandoned all preparations for the GDPR in the misunderstanding that it will not apply after Brexit.
A new phenomenon also emerged in 2017, the rise of ransomware. The first attack, dubbed WannaCrypt, hit an estimated 100,000 organisations in 150 countries, including the UK NHS. It was followed by NotPetya which rocked marketing giant WPP, FMCG group Mondelez International and Danish shipping company Maersk. Ransomware attacks are unlikely to go away any time soon.
As are data breaches, and this year saw some of the biggest in history. Enter stage left, Deep Root Analytics, a marketing firm which worked for the Republican National Committee and accidentally exposed the personal data of almost 200 million US citizens - nearly half of the population - including birthdates, home addresses, telephone numbers and political views, in one of the most serious data breaches on record.
What happened in the second half of 2017? Find out here