Greetings from London!
I am here in sunny London, where we have been holding our "sold-out" IAPP Europe Data Protection Intensive conference since Monday. Moreover, I am happy to say that we were also at maximum capacity in our workshops and pre-conference trainings. We were — perhaps not unsurprisingly — overwhelmed with demand this year, actually selling out last month, so we will be looking closely at how we organize our London programming for next year. There is a likelihood that we will have to change venue to accommodate the growing demand we are seeing in the U.K. market.
We were fortunate to have Steve Wood, the ICO Head of International Strategy and Intelligence, as one of our keynotes. As reported by our very own Angelique Carson on Wednesday, the ICO is very clear that GDPR adherence will be the order of the day for U.K. companies when GDPR comes into force.
Steve Wood has this to say, specifically: “You will not hear talk of grace periods from people at the ICO. That's not part of our regulatory strategy." What you will see is a commonsense, pragmatic approach to regulatory principals from the ICO. It is not uncommon that we at the IAPP are asked by U.K. companies on the need for GDPR adherence, and my response is typically similar to how I answer all other European organizations: If you are of two minds about complying with GDPR right out of the gate, I am seeing that the European regulators are increasingly comfortable with the regulation and what it will entail for their future activity and should be ready to hit the ground running.
As the digital economy and increasing data-driven business models take hold globally, it makes sense to re-evaluate your internal data processes and systems, particularly in light of where your organization sits in the supply chain. It's clear that many of you will have your own organizations ready for GDPR, as you're already making preparations. But what about your vendors? There have been many reminders this week that a vendor's mistake is something that you, as a controller, will have to own.
Clearly, there is much to do and many questions that need answering. After each breakout session this week, I've seen a line of people eager for follow-up.
Indeed, I and my IAPP colleagues on the ground here have been receiving a fair number of questions regarding our IAPP public training offerings this year, as the countdown to May 2018 looms on the horizon. As an organization we have listened to the demand coming from the European privacy and data protection community and have launched our "Get DPO Ready" initiative this year to address those training needs of privacy pros keen to get trained on our CIPP/E and CIPM programs.
As a reminder, we will be offering several public training sessions throughout the year in both Brussels and London. You can find more information on the options and dates here.
Further, if there are specific questions for which you are having trouble finding answers, let me know directly. We are in the throes of programming our Brussels Data Protection Congress for the fall (submit your speaking proposal here) and we are always looking for feedback to make sure our programming reflects your real needs on the ground.
If you want to comment on this post, you need to login.