We begin today’s talks at the Data Privacy Theatre, where Steve Wright, CEO of Privacy Culture, welcomes our audience to PrivSec Dublin, before presenting an early keynote that studies the condition of the global data privacy landscape.
Steve Wright looks back on the data privacy landscape so far, noting how the term “cyber-security” didn’t exist ten-to-fifteen years ago. He comments:
“Now we are learning about the value of data, but still making mistakes about how it is used.”
Steve focuses on one major theme that will change the data privacy ecosystem – “ethics”. He asks: “What is the reason for using data, does that usage feel right? Is there potential harm to an individual?”
“As DPOs, we’re not there to tell you what to do, we’re there to advise you because ultimately it’s a business decision regarding what to do with data. I’m there to protect the rights of the individual”.
Steve comments on how cyber-security and data privacy are two sides of the same coin:
“As a DPO, I’m heavily reliant on the CISO, as ultimately, [whether a breach is malicious or not], the consequences are the same. Now we are seeing these two cultures – data privacy and cyber-security – joining together. It’s very significant because risk of breach is being recognised around the world as a problem that needs to be addressed.”
Looking at the broader scale of privacy compliance, Steve acknowledges the GDPR’s global influence. “It is considered the world’s most stringent data protection law,” he says, before asking: “The challenge is now to ask how we operationalise GDPR’s standards – so, what does “good” look like?”
The number of complaints received in the UK is just under 7,000 since may 2018, and this, Steve says, means the GDPR is working. But which instances were reportable?
“I was on the phone to the ICO on a weekly basis trying to get their interpretation as to whether breach instances were ‘reportable’. Some cases involved the police, or ransomware… you’re always doing your best to get the balance right – is it reportable? Am I protecting the data subjects’ rights?”
Looking forward, Steve says that he anticipates a federal law in the US, but, “I think the time frame is at least 5 years, possibly ten. I could be wrong, but there’s an awful lot of US organisations that are just using GDPR as the framework,” before noting how “the CCPA is based on it too.”
Steve acknowledged the great help that events such as PrivSec afford. “Over the last ten years, [the events] have let me rub shoulders with DPOs and ask the key questions.”
Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.