Tash Whitaker is to speak at European Data Protection Summit, coming to central London this June.
The one-day event arrives a little over a year on from the implementation of the EU’s General Data Protection Regulation (GDPR), to give business leaders increased guidance on their journeys to legislative compliance.
European Data Protection Summit offers IT specialists and business executives the knowledge and tools they need to get data processing in order and keep the regulator at bay at this critical time in the evolution of data protection law.
A data law leader
Tash started her career managing master data, implementing governance and protecting data privacy in the days when Mark Zuckerberg was still writing BASIC on his Atari and GDPR was not yet a four-letter word.
With over 20 years of experience with Dun & Bradstreet, Cisco and Moorcrofts LLP, Tash is Global Data Privacy Director at Whitaker Solutions. She leverages her considerable knowledge and experience to guide organisations through their data privacy journey, offering consultancy, advice, and training, as well as data privacy as a service.
Tash has a reputation for making the impossible seem simple and turning regulatory legalese into something that can be understood and implemented by all.
We caught up with Tash recently to hear more of her views on technology’s role in alignment to data privacy laws.
Q) How far are we from the creation of templates that organisations can follow to help, or even guarantee compliance?
The ICO has created templates for some aspects of the GDPR, for example the Article 30 Record of Processing Activities. However, I do not believe templates are the way forward. Every business is different and has different challenges on their compliance journey.
Attempting to use templates in an effort to “guarantee compliance” is like equipping a boat and an aeroplane both with parachutes to save the lives of passengers; useful in some cases, downright dangerous in others.
Q) How can companies differentiate standard data from highly sensitive data, and how do handling requirements differ between these two categories?
Most companies already have their own definition of highly sensitive data and treat it accordingly. However, in many cases this tends to be limited to financial data, which is not considered special category under the GDPR. That is not to say that it shouldn’t be well protected, it should; but it is the special categories of data as per the GDPR that have additional handling requirements.
All employees need to be trained to understand when data is special category and follow the processes to handle it put in place by the controller. It is important that the controller remembers that they must assign a derogation to be allowed to process special category data. This is in addition to their lawful basis for processing.
Q) What benefits can compliant data processing unlock beyond compliance?
Processing personal data lawfully and ethically is about more than just compliance with the regulation; it fosters a higher level of trust between consumers and companies.
In the age of social media, where a company’s reputation, and subsequent share value, can be ripped to shreds in minutes, most brands rely on trust as a competitive advantage. Companies have started to recognise this and names such as Apple, Microsoft, and now even Facebook have started to use privacy as a buzzword to sell their services.
Trust is founded on our belief that someone is doing the right thing, within the confines of the law and our own ethical compass. A company that can prove a level of compliance that drives trust will is one that will continue to grow its customer base and place in the market. Those that cannot prove it, will lose their foothold very quickly.
Hear Tash live at European Data Protection Summit
Attendees of the Summit can hear Tash’s talk, ‘The ever-changing face of anonymity’ at the Interact Theatre.
Other speakers at European Data Protection Summit include:
- Sheila FitzPatrick, President & Founder at Fitzpatrick Associates
- Max Schrems, Founder at NOYB
- Tamara Ballard, Data Protection Lawyer at Channel 4
- Edward Hanson-Assan, Associate DPO at Knight Frank
- Abigail Dubiniecki, Data Privacy Specialist at My Inhouse Lawyer
Taking place at 133 Houndsditch on June 3rd, this exclusive event will bring over 800 DPOs together with security professionals and business leaders to provide a day of advice, learning and networking for all data protection stakeholders.
To register for European Data Protection Summit, click here.
European Data Protection Summit
Where: 133 Houndsditch London
When: 3rd June
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.