Greetings from Budapest!

Historically, this city is more a "tale of two cities" if you like, Buda and Pest separated by the Danube, which would eventually be united to become Budapest — often referred to as the "Queen of the Danube." From an architectural perspective, the city is a gem, with baroque, neoclassical and art nouveau to marvel at. Overall, though, the city has a very "fin de siècle" feel about it, as it was during the city’s "Golden Age" in the late 19th century that most of what you see today was built.

Why am I here? Budapest is the backdrop to a two-day conference entitled "Justice in Big Data," organized by the legal studies department of Central European University. The aim of the conference is to bring together academia, practitioners and policymakers to discuss the social and regulatory aspects of big data, and the implications of the big data revolution. There is a good line-up of speakers with topical themes on how big data is transforming the market and our sense of "fairness," to how data is impacting the relationship between justice and the citizen, as well as the state. For my own part and contribution, I am speaking to what I like to term as the "DPO imperative" under the GDPR, and why the role of the DPO (and privacy professional generally) could very well be a pivotal and growing strategic function for organizations presently and into the future to ensure accountability across organizational culture — in the fundamental matters of data protection and privacy. In our increasingly digitalized global economy, the data protection reforms taking hold in Europe — extraterritorial in nature — will, to my mind, fundamentally change the face of how we share and process personal data across the spectrum of implicated actors; think of the vast societal changes we see emerging because of the intersection between innovation and data.

More specifically, and in what concerns the private sector, the reforms go well beyond the question of mere legal compliance, bearing a potentially far more transformative influence on private-sector governance practices. If companies are to be forward-looking and watchful for business continuity, they will see the forthcoming reforms as an opportunity for further business enablement; it is here I think you will find tomorrow’s market leaders, those that embrace the full extent of the data ecosystem as more than a regulatory obligation.

Most recently, I spoke to an executive audience at an industry event in London on the DPO imperative. Clearly companies are far more advanced in their GDPR thought-process and planning then earlier this year; questions are getting more specific as opposed to general. One question in particular, or variations thereof, was in reference to how to identify a lead supervisory authority against organizational cross-border data processing needs. For some, this will a more complex choice where there are multiple company decision-making structures, and legal entities, in multiple EU member states. In a controller-processor relationship, there may be more than one lead supervisory authority identified for a given number of interdependent data-processing activities; supply chain and vendor management relationships are critical. Not a simple assessment by any means. There is a good article in the latest issue of  The Privacy Advisor that’s worth the read I think, and goes to clarify many questions I am hearing on the subject.

I’ll leave you with this final mention on Budapest: I hear there is more to Hungarian food than goulash. The Magyars like to tell you their cuisine is sophisticated. I’ll be sampling some this evening, perhaps their reputation as one of the European food capitals in the late 19th and early 20th century lives on. We shall see.