Laurie Penny: I’ve turned 25, but the world won’t let me be a grown-up

We are old enough and ugly enough to build a better future for ourselves.

It happens without warning. At some point between the first time you hear an ironic remix of the cartoon theme tunes of your childhood and the expiration of your Young Person's Railcard, you wake up one morning and something has changed. Under the puppy fat and pimples, your face has begun to emerge, and so has your future. You have become, however inadvertently, an adult.

By the time I finish this column, I will be 25 years old. Growing up is always an odd process, but since I graduated from university, it has become more convoluted than usual. For many people my age -- including most of my friends -- secure, meaningful employment, marriage and home ownership all seem as distant and unimaginable as they were when we sat our GCSEs.

While we've been finding our first wrinkles and filling out our first dole forms, all the normal things that were supposed to make up for theuncomfortable position of suddenly having to take care of oneself have been confiscated by the forces of world finance. Little lifelines like the Future Jobs Fund and the Education Maintenance Allowance have been cut to save costs, just as university fees have been trebled by an administration happy to hand billions in subsidies to the investment banks that created the crisis.

The impetus behind this year's uprisings in Egypt has been partly ascribed to the frustration of young adults unable to afford the transition into work, marriage and independence.

It's tempting to frame all this as a generation war, an immense and predictable kick-off between the baby boomers, who enjoyed every benefit that the postwar consensus brought its fortunate children, and Generation Y, the ragtag, loosely defined group of late-cold-war babies who are old enough to have been promised a future of permanent growth and young enough to have been shafted when that future failed to emerge. This interpretation is madly convenient for many who would prefer not to engage with the realities of geopolitics. It is also wrong.

It is wrong because it allows the enormous crisis of capital and democracy sweeping Europe, the US and the Middle East to be reconfigured as an intercontinental temper tantrum. With a bit of imagination, it's easy to see all the strikes, protests, riots and revolutions accompanying the disintegration of late capitalism as merely the international equivalent of a bedroom door slammed in fury -- a worldwide whine of: "It's not fair!"

In fact, it's a little more complicated than that. Property, privilege and profit are not the sole preserve of the "power generation" now easing its way into precarious retirement.

Disaster capitalism

There are baby boomers who have lived all their lives in poverty, and baby boomers who were marching, striking and fighting against the numbing tide of disaster capitalism when today's activists were still in nappies; just as there are members of Generation Y who'd take a Jack Wills hoodie and a job at Goldman Sachs over global revolution any day.

Something larger and far more frightening is going on. The struggle going on across the world is not between old and young, but between the possessed and the dispossessed -- most of whom just happen, like 52 per cent of the world's population, to be under the age of 30.

Three years ago, I turned 22 just as the world's stock markets were tumbling. Watching the news, I realised, like so many other middle-class young people in the west, that the future we had been promised would not be delivered after all, at least not without a fight that would finish far too late.

For many of us, it is already too late. Denied the trappings of adulthood, we grew up anyway, into unemployment, anger and disillusion, into a world that didn't want us.

When I was 22, I was angry. Now that I've been 25 for a whole ten minutes, I'm still angry, but I'm also hopeful. All around me, and across the world, people are organising, educating themselves, building new, alternative communities, joining resistance movements, and starting to talk about the possibility of a future that our parents never expected.

Fed up with waiting for a better future to be delivered, we have realised that we are old enough and ugly enough to build one for ourselves. It's not a generation war -- but the power generation has every reason to be frightened.

Laurie Penny is a contributing editor to the New Statesman. She is the author of five books, most recently Unspeakable Things.

This article first appeared in the 03 October 2011 issue of the New Statesman, Which Tories is it ok to love?

Image: Shutterstock
Show Hide image

Are you ready to comply with the EU GDPR?

Alan Calder, the founder and executive chairman of IT Governance, discusses the EU General Data Protection Regulation (GDPR) and how your organisation can achieve compliance.

The EU General Data Protection Regulation (GDPR) will supersede the UK Data Protection Act 1998 on 25 May 2018, introducing new obligations for all organisations that process the personal data of EU residents.

The GDPR introduces significant changes in the areas of data subject and child consent, privacy by design, data breach notification, international data transfers and data protection officers, among others.

With the prospect of multi-million pound fines for non-compliance, and less than two years until the Regulation is enforced, organisations in the UK should urgently be considering what they need to do to comply.

The skills and resources required under the GDPR

The GDPR requires certain organisations to appoint a data protection officer (DPO). The role of a DPO includes informing and advising the controller and processor of their data protection obligations, monitoring the organisation’s compliance and performance, providing advice on data protection impact assessments, and giving due regard to risks associated with data processing operations. DPOs must have the legal and information security knowledge and skills necessary to help organisations achieve compliance with the Regulation.

As an expert in information security and data protection compliance, IT Governance has developed Europe’s first certified EU General Data Protection Regulation Foundation and Practitioner training courses to help individuals who are involved in data protection or who are looking to fulfil the role of data protection officer in order to achieve compliance with the Regulation. The certified training programme is designed to equip individuals with a comprehensive understanding of the GDPR requirements and a practical guide to planning, implementing and maintaining compliance with the GDPR.  

Inform GDPR transition planning through data flow mapping and gap analysis

An important first step in achieving compliance with the GDPR is to review your organisation’s data flows. A data flow audit will allow your organisation to map the locations of all personally identifiable information (PII), gain visibility over your data flows, develop effective strategies to protect PII, improve data lifecycle management and introduce efficiencies into your processes, and reduce privacy-related risks. 

Organisations that plan to comply with the GDPR but that lack visibility over their data flows are encouraged to conduct a data flow audit. The process involves mapping out the organisation’s data flows to get a comprehensive understanding of the sources from which the data flows. IT Governance can help organisations prepare for the GDPR with an extensive data flow audit that will enable you to identify the measures, policies and procedures needed to reduce the risk of a data breach.

Implement technical and organisational measures with ISO 27001

ISO 27001 is the international best-practice standard for information security management and encompasses three essentials aspects: people, processes and technology. The Standard is designed not only to defend your company against technology-based risks but also to prevent common security issues such as those caused by lack of staff awareness around current threats or ineffective information security procedures.  

Moreover, the GDPR clearly states that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”. These measures relate to personal data encryption and pseudonymisation; access and availability of data; the confidentiality, integrity and availability of processing systems and services; and regular assessment and evaluation of technical and organisational measures to ensure the security of processing.

An ISO 27001-compliant information security management system (ISMS) is founded on an enterprise-wide a culture of information security, led by the board. It necessitates that your organisation’s information security strategy be constantly monitored, updated and reviewed, and this process is amenable to helping you implement the technical and organisational measures of the GDPR.   

ISO 27001 can help you meet parallel GDPR and NIS Directive requirements

The NIS Directive, which is set to come into force at the same time as the GDPR, is designed to help organisations within the EU achieve a common level of security across their networks and information systems. The Directive applies to organisations providing essential services in sectors such as finance, energy and transport, as well as digital service providers.

Similar to the GDPR, the NIS Directive requires a robust ISMS and encourages a security culture. As a result, more and more organisations preparing to comply with both the GDPR and the NIS Directive are also seeking certification to ISO 27001. The Standard contains information security requirements that, when met, can allow your organisation to centralise and simplify your compliance efforts for the NIS Directive and the GDPR.

IT Governance’s ISO 27001 packaged solutions can help you tackle your organisation’s GDPR and NIS Directive compliance requirements as well as implement a robust  ISMS. The ISO 27001 packaged solutions provide a unique blend of expertly developed tools and resources that complement your organisation’s skills and resources at a fixed price and in a timely manner.

To find out more about GDPR compliance or ISO 27001 packaged solutions please visit (, email, or call us on +44 (0)845 070 1750.

Alan Calder is the founder and executive chairman of IT Governance.