TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, April 22, 2016 Related reading: 10 years after: The EU's 'crunch time' on GDPR enforcement



Greetings from London!

I’ve spent the week here at our Data Protection Intensive and, as expected, it’s been a bit of a whirlwind, with shoulder-to-shoulder networking events, substantive sessions, and plenty of hands to shake. The only real surprise has been the week of unadulterated sunshine. Brussels could do with getting some similar luck.

Of course, if we’ve done things right, our events should be a reflection of the most current conversations happening inside your organizations here in Europe. If that’s the case, you’re talking GDPR in the lunchroom, over espresso – maybe even over fish and chips at the pub.

All of our GDPR content here at the event has been lapped up — the new rules, how to comply, processors vs. controllers. There was even a session on explaining GDPR in something called “up-goer five” and we had to bring in more chairs for that.

A lot of the focus has been on the role of this “mandatory DPO” and on the many pieces of the GDPR that are creating uncertainty. If this DPO needs to be independent, will that person be invited to strategic meetings at the highest levels of the organization, or will those conversations happen so that everyone has their story straight before talking to the DPO?

Will your CPO be the DPO? Will your general counsel be your DPO? A lot of people are answering, “almost certainly not,” to both questions. So what does that mean for the way that companies will have to organize their privacy operations? It’s time for companies, and public bodies for that matter, to start grappling with that question, if they haven’t already done so.

It’s also clear that the DPO function likely won’t be handled by law firms, as they’re worried about creating conflict with their clients.

That means we may very well see continued growth of the emerging specialized consultant organizations created for the sole purpose of serving as an out-sourced DPO. An interesting new business model to be sure.

Of course, there were other topics covered at DPI, from children’s privacy to career development, but the GDPR did seem to dominate. Some attendees may even have GDPR fatigue! Don’t let that set in, though. This is the challenge of your time.


If you want to comment on this post, you need to login.