Abigail Dubiniecki is to speak at European Data Protection Summit, coming to central London this June.
The one-day event arrives one year on from the implementation of the EU’s General Data Protection Regulation (GDPR) to give business leaders increased guidance on their journeys to legislative compliance.
Following 12 months of high-profile data breaches, the privacy landscape has been shaken by financial penalties, regulatory sanctions and reputational damage for those falling short of rising global standards in data protection.
European Data Protection Summit offers IT specialists and business executives the knowledge and tools they need to get data processing in order and keep the regulator at bay at this critical time in the evolution of data protection law.
An expert in data protection
In her Summit talk, legal expert, Abigail Dubiniecki will discuss how organisations can embrace emerging tech trends in a way that nurtures the Privacy by Design core of GDPR compliance.
Abigail is a Canadian freelance lawyer and privacy professional based in the UK and Founder of Strategic Complianec Consulting Ltd. Drawing on varied expertise gained in-house and in private practice in Canada and the UK, Abigail works with various teams to advise organisations in all sectors on compliance matters, notably in privacy, data protection and GDPR implementation.
Whether consulting as part of the GDPR implementation team of a top-tier global consulting firm, delivering executive education to senior managers of some of the UK’s top brands through Henley Business School, or advising a portfolio of ambitious mid-sized UK companies through My Inhouse Lawyer, Abigail proposes timely, concrete solutions that connect the dots between compliance, risk and technology.
We caught up with Abigail recently to hear more of her views on technology’s role in alignment to data privacy laws.
Q) What technologies are proving the most successful in facilitating legal compliance with GDPR?
It’s difficult to say which technologies best facilitate legal compliance with GDPR because it’s never just about the technology.
The tech is just a piece of the puzzle. That said, a key starting point is getting to know what data you have and then being able to govern it, so from a governance perspective a data discovery tool that integrates with a good data governance platform, such as a privacy program management program that has reporting functionality and can be used to operationalise DSARs and assessments is a really helpful tool for the privacy office.
But what really helps in terms of building data protection by design and default into your day to day (especially for SMEs who outsource virtually all their tech and heavily rely on SaaS products) is to buy or subscribe to products and services with ‘turn-key’ privacy / GDPR functionality.
What I mean is, vet your suppliers and choose tools that are not only compliant but that make it easy for you because they’re designed with PbD principles in mind. Then you just make sure you configure it properly (the defaults will probably already be configured to achieve DPbD) and off you go.
You have to do your vendor due diligence anyway, so privilege vendors who themselves are compliant but also committed to privacy and your life will be much easier.
Are organisations succeeding in realising the GDPR’s goal of Privacy by Design and Default?
I haven’t done a full-blown assessment but there are benchmarking surveys out there. Anecdotally I think you have two approaches: the tick-box compliance types who try to do little nips and tucks here and there, and the ones who really get it and are committed to transformational change that levels the playing field, respects customers and employees, and bakes the principles into everything they do that involves personal data and privacy.
Sadly, though I think the focus has been on the more aesthetic dimensions – have I got my consent? Did I post a notice (even though it’s full of wiggle words), then it’s back to the same old ways. I think a lot of organisations struggle with the concept of DPbD and how you actually implement it. It needs to be demystified.
Are there any elements of Privacy by Design and Default that organisations are struggling with, and how can they improve?
The hardest piece is translating principles into practice. I think people need to see concrete examples they can then apply to their organisations.
I think the real challenge is around a ‘lifestyle’ change. Making it normal to ask, “Do I need this data and if so, do I need this much and for what? Is there an alternative?” It demands some creativity.
Stepping back and re-framing the question to find a business solution that is also privacy-protective. That’s the challenge. We’re so set in an unquestioning status quo mentality.
Delegates can hear Abigail explore the business implementation of Privacy by Design and Default, and other GDPR fundamentals at European Data Protection Summit on June 3rd in London.
Other speakers at European Data Protection Summit include:
- Sheila FitzPatrick, President & Founder at Fitzpatrick Associates
- Max Schrems, Founder at NOYB
- Tamara Ballard, Data Protection Lawyer at Channel 4
- Edward Hanson-Assan, Associate DPO at Knight Frank
- Abigail Dubiniecki, Data Privacy Specialist at My Inhouse Lawyer
Taking place at 133 Houndsditch on June 3rd, this exclusive event will bring over 800 DPOs together with security professionals and business leaders to provide a day of advice, learning and networking for all data protection stakeholders.
To register for European Data Protection Summit, click here.
European Data Protection Summit
Where: 133 Houndsditch London
When: 3rd June
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.