Ardi Kolah, Executive Fellow and Director of the GDPR Transition Programme at Henley Business School, kicked off the day with a presentation on ‘creepy or cool’. This highlighted the thought process all organisations should go through when deciding to process personal data, “If it feels a bit creepy, it is probably inappropriate.”
The data breach panel discussion started with key tips from each panel member about preventative measures. This included making sure organisations plan ahead, educating PR teams, identifying roles in the business, test out what to do in case of a breach, learn from it and see how to make improvements.
Dave Hortin, Technical Lead at One Trust emphasised how organisations should check any vulnerabilities of data shared with third parties. For example, companies who heavily use cloud-based customer relationships management will need to ensure that their provider is also compliant and taking the necessary precautions.
Abigail Dubiniecki, Associate at Henley Business School GDPR Implementation Programme, discussed the importance of Subject Access Requests (SARs). Dubiniecki explained the case where a journalist requested a SAR from Tinder and was alarmed to have over 800 pages of per personal data, including what she had liked on Facebook even having deleted the account associated. This case underlined how unnecessary the amount of data companies keep on people. Organisations should look at what they actually need rather than data hoard and leave customers feeling uncomfortable with the amount of data held on them. “You can lose trust if customers find out you have not been completely honest with them.” Organisations should focus on transparency, accountability and control.”
Later in the day Chris Combemale, Group CEO of DMA discussed the importance of transparent marketing. DMA’s recent findings of consumer attitudes revealed that 88% would like more transparency about how their data is collected and used. In addition, 78% believe that businesses get better out of value exchange. Combemale explained that by being more transparent and customer-centric, organisations will gain more trust and have better relationships with their customers.
In the afternoon session, Steve Wright, Data Privacy and Information Security Officer for John Lewis Partnership explained cyber securities role in GDPR. He stressed that all the records you think are harmless are just one part of a puzzle that criminals can begin to build up about a person and exploit it.
Throughout the day, the overall statement was to do the right thing. As the May 25th deadline gets closer, more and more organisations will be aiming to become GDPR compliant in time. Yet, like most speakers discussed throughout the day, it is very unlikely that organisations will be fully compliant before the deadline. Organisations must work towards compliance and see it as a journey rather than a destination.
The next GDPR Summit Series event takes place on April 23rd and will have three streams; general business, sales and marketing and HR. For more information on attending, visit the website.
GDPR Summit Series is a global series of GDPR events which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at http://www.gdprsummit.london/