The first morning of Data Protection World Forum saw an international delegate base congregate at London’s Excel arena where specialists are currently giving their views and advice on the most pressing issues in the global landscape of data security.
In the Keynote Conference Theatre’s morning session, VP of One Trust, Kevin Kiley put GDPR under the microscope, providing a commentary how organisations are orientating themselves six months on from the implementation of new EU data laws.
The audience heard how firms are “struggling to get to grips with the legislation” and emphasised how “good record keeping” should be a fundamental part of compliance efforts, which should be a living, breathing part of organisational life, not just a one-time issue.
The fact that GDPR compliance is becoming a prerequisite for B2B transactions means extra care should be given to vendor management, attendees were told; reviews should be kept up to date, contracts for DSARs (Data Subject Access Requests) should be in place and incident audits should be carried out.
Transparency is key
Kevin also provided details on breach notification increases in the international region since GDPR’s introduction last May. In Ireland, 547 data breach notifications were made, with 386 complaints issued to the Regulator within the first month. In the UK, complaints hit 1,106 for the first month, while France saw similar surges.
The figures lent weight to an argument about the urgency of prompt data incident reporting: companies have 72 hours to report a data breach to the Regulator, and should be wholly transparent and cooperative in such instances.
Kevin held up BA’s recent data breach as an example of how to handle an intrusion – the airline was quick to let the ICO know of the situation as it played out, it notified customers affected in good time and advised on data security measures to be taken accordingly.
At the other end of the diligence spectrum lurks Equifax, an organisation that failed to be transparent about their data breach. Bosses instead tried to cover up the scandal and only drip-fed information to the authorities and victims alike. The lesson learnt: transparency is a demonstrably key part of GDPR compliance; it needs to be taken seriously.
The audience heard how automation will progressively improve the way we deal with data, enabling companies to save time and money in the long-term, in a move away from the 1990s thinking of paper-based compliance.
The process should enable Privacy by Design to evolve, so that a programme for global privacy law compliance can eventually become a reality.
The coming six months
Kevin explained how ePrivacy represents a further “compelling event” for 2019 which promises to disrupt marketing, advertising and online messaging for all industries.
While an implementation date is not yet set, the changes will ring in the way we collect and use data for marketing purposes.
The final message – prepare! “If you weren’t ready for GDPR, prepare now and be ready this time for ePrivacy, Kevin said.
“Understand that it applies to you, determine what needs to be changed, plan ahead and design the change. Use it as a competitive differentiator. Be ready, be compliant.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.