TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, January 8, 2016 Related reading: Tim Cook talks Apple's privacy stance, pushback to app-tracking framework




New Year greetings from Brussels!

A new year is upon us, and it should be a particularly memorable one for those of you working in the data protection and privacy space. The 1995 Directive is for all intents and purposes no longer and consigned to history, and we have the new “enlightened" GDPR regulation to contend with. What does this mean for the privacy professional? Well one should probably get up to speed on what the changes entail without further ado, to determine their impact on the organization, business model, and interactions with the external world. It is safe to say that your function will be critical over the next years to lay new foundations, to guide and set up your organization for continued success moving forward.

There is a palpable sense of rejuvenation and energy in the air; the five years of debate and deliberations on the legislative reform were exhausting for all involved, bringing about despair for some and emotional (cerebral) fatigue for others. Who could have predicted back in 2010, when Viviane Reding tabled the reform, the magnitude of attention engulfing the many actors? I doubt the young MEP Jan Albrecht fully appreciated that he would be propelled onto the international stage with such significance, his every word scrutinized. Well, we are finally here and witnessing a new age for privacy.

This year will be less about the theory of GDPR and more about the practical implementation — the "how to." If they were not before, privacy and data protection as enablers are now well and truly established in the organizational lexicon. We should see a hive of activity in privacy policy and program re-engineering. Make no mistake, the GDPR is peppered with requirements that will oblige businesses to be more accountable for their data practices. In practical terms, this is where the heavy lifting will require focused effort. New provisions such as data protection by design, data protection by default, record-keeping obligations, data protection impact assessments and prior consultation with data protection authorities in high-risk cases will require substantial acknowledgement and support from top management as well as significant investment in time and resources. More rigorous than its predecessor, the GDPR will be entirely new for most businesses and which will require new levels of knowledge and "know how" to be ahead of the curve. Striking the right balance, with little disruption to daily business, may well be a feat in itself for many organizations.

If you haven’t made any New Year resolutions yet, then make privacy in practice your resolution for this year, and stick to it. Eduardo Ustaran sums it up rather eloquently in his recently posted commentary. There are no elephants left in the room, and this regulation is a game changer. So don’t be surprised if the subject of privacy and data protection starts taking on a new focus and dimension in your organization; it could well be a key driver for change throughout your organization for the foreseeable future. Be ready, get prepared, and let the work begin.


If you want to comment on this post, you need to login.