Greetings from Sydney!

I am "down under" for the festive season, and it’s been 18 years since I was last in Australia; the occasion then was for my sister’s wedding. Fast forward, and five children later between us, we have a rare opportunity to unite our families for Christmas under the warm blue skies of summer; natural enough for the natives here, slightly more novel for us Europeans. Sydney has a diverse natural setting, national parks ring the city and penetrate deep into its harbor heart. It's shoreline is adorned with an abundance of natural beauty and sandy beaches that meet the surf like no other place I have seen. Unsurprisingly, Sydney is all about the outdoors lifestyle, making the most of an agreeable climate all year round. In this city still growing with every passing year, I see much evolution since my last visit. Assertive is a word I would use to describe this international metropolis. "Sydneysiders" are confident, vocally so, and uncompromising. In short it happens here in Sydney. It's a hyper-energetic and ambitious view into the soul of all that is cutting-edge in Australia, where anything goes, and everything usually does.

The year is coming to a close, and I am reflecting on what has transpired, and what the coming year will have in store for privacy pros, and industry as a whole, as privacy strategy continues to stake its claim. The EU is six months away from instituting the GDPR, arguably the most comprehensive personal data protection law ever seen. If regulation is to be a fundamental safeguard for consumers against a backdrop of global economic and political interdependence, then you can say that the EU is ahead of the game, and streets ahead of the U.S. in this respect. Culturally this comes as no surprise. 

You could classically argue that the GDPR will impact business negatively from a spend perspective, and that’s fair, but it’s a tired argument that no longer cuts muster with many. Conversely, what I have seen as rather encouraging throughout 2017 is the growing number of companies accepting that data protection and practice were long overdue a face lift. Importantly, the GDPR will require of companies a higher level of transparency and accountability in future towards its customer base; that can’t be a bad thing in the long run. EU legislators and regulators alike have stated their high hopes that the GDPR will bring about organizational (and behavioral) change to deliver accentuated benefits, control, and empowerment to data subjects over their personal data. 

Perhaps this is more poignant for internet and digital companies, where user data is the determining asset of relevance. With so much data being collected, stored and processed, it was inevitable that data breaches would be on the rise. The year 2017 was shaped by more personally identifiable information being exposed through malicious intent than ever before, with some very notable landmark cases. An important consequence has invariably been the failings in public trust towards industry, with breach risks reaching new heights. The paradigm needs to shift for the better, more particularly as society embraces what the digital age has on offer across all aspects of our lives. The time to hold organizations accountable for how they handle personal data has truly arrived.

Staying with digital, 2018 will most likely see an emphasis on protecting digital identity and personal data in the field of international privacy, as this gets more strategic attention in board rooms. Both public and private sector entities, in increasing numbers, are prioritizing digital and cloud solutions for efficiency gains. Moreover, GDPR compliance is not self-evident and where some say it is over-prescriptive, others claim it is non-prescriptive,  underlining that there is no "black-and-white" compliant or non-compliant state. There are only degrees of interpretation. 2018 should see a body of practice emerge and develop to accompany the regulation, as companies take more responsibility for their internal processes to align and satisfy the body of the regulation. Furthermore, we should expect EU regulators to become more conversant as well as active with greater capability, know-how, and guidance.

On that note, and this being the last editorial of the year, it remains for me to wish you all a splendid festive season and New Year! At the IAPP, we look forward to serving you all come 2018,  which for many will be a real beginning come May.