Greetings from London!
This week I traveled to the U.K. with IAPP Europe colleague Bo Pereira to attend the annual EY Data Protection event in Canary Wharf. Our colleague Alyssa Rosinski, who oversees international business development, was over from HQ to attend the event, as well, which allowed us to have a series of meetings while here in London. To complete the quartet, we were fortunate to have Rona Morgan, our IAPP Asia managing director in town, home from Singapore to see family.
International as we are, it was certainly fortuitous for us to spend quality time together to discuss 2017 and arrange meetings with the data protection community here in the U.K.
Following on from EY’s inaugural event, this year's event proved to be just as engaging. Come to think of it, a good deal has transpired in the area of data protection over the last year; you get the sense that there is a better collective assessment of the organizational needs with GDPR, and the conversation has shifted from a pure compliance narrative to more practical and operational aspects facing business.
The much anticipated EY event keynote was delivered by Elizabeth Denham, the ICO Commissioner. And as you might expect, Brexit is still very much an influencer in ongoing data protection discussions. Folks were keen to hear from the ICO on how impactful the forthcoming political changes will be. As previously announced, Elizabeth Denham confirmed that, come 25 May 2018, GDPR will be “live” and it will be the law of the land as the U.K. remains a member of the EU. No surprise there.
The commissioner spoke of her priorities for 2017, as well. Enhancing the ICO’s technology expertise remains key, she said, as a regulator of internet services, (disruptive) technologies, and digital innovation. And if you thought the data protection industry was struggling with recruiting, retaining and training of staff, the ICO, too, is faced with much of the same challenge; the commissioner is passionate on the subject of sustainable staffing and engagement. Key to the ICO strategy is the building of relationships with industry groups, activists and government to cooperate on defining necessary guidance as well as data protection codes of conduct across the spectrum.
Denham is pragmatic in this regard, and is seeking more than proactive and bidirectional consultation with concerned stakeholders, with an expectation that they take ownership of some of these outputs. The task ahead is demanding and a tough ask for the ICO to deliver as a stand-alone entity – restructuring ICO resources to tackle the depth and breadth of the work ahead on GDPR and sectorial specifications is a priority, as is the dialogue and cooperation with other industry regulators impacted by the implementation of the new data protection regulation.
An additional activity will be providing support to academic research on independent privacy by design initiatives. With change comes opportunity, and technology and business models have changed significantly since the '95 Directive. We must change with it. The ICO remains a firm advocate for a robust consumer protection environment, and it seems clear that the ICO sees the positives and opportunities to be derived from GDPR adoption, such as establishing an accountability culture as well as best practices in understanding and mitigating risks associated with personal data.
We certainly have some interesting times ahead.
If you want to comment on this post, you need to login.