We recently hosted a GDPR-related event in London for our customers and ecosystem. For one, we wanted the topic to be upbeat and positive, hence our title, "GDPR - an opportunity to build trust and confidence". We also wanted to have a broader discussion, beyond the practical steps needed to be compliant.
Our panel included:
- James Tumbridge, a Partner leading the legal and disputes team at Venner Shipley
- Bojana Bellamy, President of Centre for Information Policy Leadership
- Elle Todd, Partner, Head of Digital and Data CMS LLP
- Jeanine Percival Wright, General Counsel and Data Protection Officer at NationBuilder
As you can probably imagine, our expert panelists had lots of great insights and suggestions to share with the room. Here are the ten key takeaways and insights from our panel discussion.
Ten key GDPR takeaways
- There are many misconceptions around the GDPR. The biggest one is probably that it’s all going to happen on 25th May - the day the GDPR comes into force - and we know this not to be the case. Our advise would be to keep this a business priority even after 25th May. The 25th (or most likely 28th) is just the tip of the iceberg.
- After 25th May, we can expect many instances of citizens exercising their new rights (which is a good thing) so make sure you are ready to field their requests and questions. In addition, we will probably also see an increase in privacy trolls, some companies that don’t comply will be made an example of, others will await further guidance on grey zones…
Data (and how to use it) should be at the heart of innovation. Elizabeth Denham, ICO Information Commission said it best, “One of the things I want to be clear about today is that I do not believe data protection is standing in the way of your success. It’s not privacy or innovation - it’s privacy and innovation.”
- Data privacy is not new, neither is the terminology. Data privacy, has however, gained momentum and awareness recently, but let’s not forget that we have been talking about it for a long time.
- We need more collaboration and accountability between businesses, government and citizens. Everyone has a role to play and all aspects of society need to step up and play their part.
- The GDPR might be one set of pan-European rules, yet many European countries will have their own rules too. Indeed, the GDPR also provides EU member States with the possibility to introduce more rules. Actually, Member States have been and are still preparing for the GDPR implementation.
- As of today there is no official accredited certification to prove you are GDPR compliant. Anyone out there today selling you GDPR compliance certification is not telling you the truth.
- A lot of what is in the GDPR is common sense. Although it might not be common sense for everyone, this is an opportunity to educate and create more awareness around data privacy and data security. This awareness should come from all aspects of society. Having more knowledgeable citizens and users is always a good thing.
- The GDPR launch is a great opportunity to make sense of the data you have at your disposal and our advise would be don’t waste time and resources on people who aren’t interested in what you are selling. Instead focus on your loyal advocates.
- Similar laws are likely in the future. Firstly, the GDPR isn’t the only new data law we should be focused on right now. We also need to spare some thought for the proposed revision to the EU ePrivacy directive that will focus on targeted ads, tracking and cookie compliance. Secondly, although EU citizens probably care more about data protection than most, they are no longer the ones demanding it. American citizens, for one, are demanding such protection too.
Note: You can read all about our GDPR efforts here.