Greetings from London.

Once again I have the privilege of filling in for Paul while he is off on (yet another?!) well-earned holiday.

Well, just in case we were in any doubt, the sky didn’t fall 25 May. Everyone in the privacy world I have spoken to appears to be just as busy as they were before the "go-live" date. As we all knew, there is plenty of work still to be done in both implementing the General Data Protection Regulation compliance mechanisms and then, of course, maintaining them. 

I am sure that as a citizen/consumer, you are all experiencing the same sudden "attention" to your privacy as I am. While, on one level, it is nice to finally be given some opportunity to choose whether and how I am tracked and marketed to, I have yet to see a solution that lets me do this with ease and confidence across all my online interactions. I sometimes feel that I am spending as much time on sites ticking and unticking boxes (sometimes every time I revisit the site!) as I am actually reading content or consuming the service. As many of you who may have seen me speak at an event somewhere recently will know, I am passionate in my belief that "digital trust" is going to be a key driver in business performance in the coming years. It will be interesting to see whether any of the recent changes in business practices around personal data will really move the needle. My personal feeling is that there is plenty more to do.

The last time I wrote this piece for the newsletter, I had just witnessed the U.K. information commissioner outline her strategy, particularly for enhancing the resources and capabilities of her office to be in a position to respond appropriately to the introduction of the GDPR through the Data Protection Act 2018. In the time since, there has certainly been plenty of evidence that Commissioner Denham is true to her word — none more so than through the recent appointment of former IAPP Board Member Simon McDougall as the ICO’s first-ever executive director of technology policy and innovation. It has been a while since I caught up with Simon in person, so I will say "congratulations!" from myself and the whole IAPP team here and look forward to the opportunity to celebrate with him soon. While Simon is an obvious loss to the IAPP, I am confident that he will be a great asset to the U.K. as a whole in his new role and that we can all look forward to significant progress in the role technology plays in protecting and enhancing our privacy. 

On a personal level, I have seen no slowdown in invitations to speak at various events since GDPR Day. I was particularly honored to be asked to sit on the panel at a recent Global Thinkers Forum at the House of Lords. We were kindly hosted by Lord Alderdice and had a fascinating debate about the future of identity and privacy in the digital world. The consensus in the room was that legislation was always going to be needed to address "bad actors" and, generally, was heading in the right direction. However, the feeling was that both organizations and citizens might benefit from more formal standards around data ethics and that a commitment to ethical behavior in the capture and use of personal data would do more to earn the trust of citizens and customers than relying on the threat of heavy fines and other regulatory actions. I am sure we will see further developments in this area in the months and years to come, not least because we will be facing some enormously interesting challenges in the implementation of artificial intelligence as the technology becomes increasingly capable.

As ever, please do connect with me through LinkedIn or in person at one of the many IAPP events, and let me know what we are getting right and what we could do differently. We look forward to developing some of the most promising ones further in the coming months.