Greetings from Brussels!

This week, I was again back in London where I attended the Fieldfisher data protection day, hosted by Hazel Grant, head of the privacy and information law group, at its offices overlooking the Thames. There are some spectacular views from their ninth floor conferencing facilities, it must be said. The event was international in composition, with attendees from all over Europe and beyond. I spoke to one seasoned privacy pro who had flown in from Los Angeles, California. You really have to hand it to the intercontinental globe-trotters — incredible energy.

The agenda was ambitious, but cutting edge, with an emphasis on the practical implications for the practitioner. That's no easy feat when dealing with the myriad legislative changes coming down the pipeline for organizations. The opening session examined the ever-changing landscape of data privacy law speaking to — among other things — the GDPR, the NIS Directive, and the forthcoming e-Privacy Regulation. With a focus on regulatory and enforcement trends at member state levels, the session addressed national harmonization issues, recapping what to expect with an infusion of guidance, including a treatise on WP29 output to date. There was also a considerable session devoted to the topic of risk management, talking on the future of international data transfers, cybersecurity, and preparing for new data subject rights. One particular session of interest to me was on the subject of data deals and how data protection contract terms will change under the GDPR; the area of supply chain and associated liability in what concerns data flow integrity between entities is clearly a hot topic for privacy pros. Data protection stands to become an increasingly key and meaningful consideration in procurement strategies, and I have started to hear more on this topic lately everywhere I go. The icing on the cake for me was provided by the interactive workshops held in the afternoon, with mock GDPR DPIA and cybersecurity-drill case studies starring Fieldfisher staff in cameo roles. They are a talented bunch at FF I have to say, and I can’t tell you how many times privacy pros here in Europe have wished for mock-up case studies to highlight legis concepts in practice, so that was a real highlight.

Yours truly was afforded a slot under the session heading "New legal regime readiness," in good company along with Terry McQuay of Nymity and Kabir Barday of OneTrust. Reinforcing the numerous DPO mentions in earlier sessions, I spoke to the legitimization of the DPO function under the GDPR and what that role might look like in reality, taken the articles and provisions as laid out in the regulation. The role will be a complex and demanding one. This was also an opportunity to articulate the IAPP’s new DPO-Ready offering, in response to the growing number of DPO readiness and GDPR compliance inquiries our offices have been receiving in abundance. I am happy to announce that a new IAPP simplified webpage devoted to the subject can be viewed on our website here. You should certainly check it out if you or your colleagues are looking for professional DPO training and qualifications. 

Again, I can only emphasize through my travels of late the growing sophistication and confidence among practitioners in their understanding of the changes that the GDPR will bring. Compliance rhetoric is most definitely moving into the implementation sphere. At the IAPP, we, too, are gearing up our resources to answer the call of the privacy pro market as the needs for know-how, training, and certification become more pronounced.