While the spotlight has been undoubtedly focused on May 25 for some time now, The Privacy Advisor reached out to privacy pros to ask them: What does your life as a privacy pro look like on May 26?
Alejandra Brown, CIPP/E, CIPT, founder and principal consultant, Kirke Management Consulting
May 26th will be a special day. It will mark the achievement of a very important goal for some of my customers. And for some others, it will be the continuation of an effort to achieve full compliance.
For me, it will be a moment to reflect on my growth as a privacy professional and how I can best support organizations in their journey to achieve a greater level of trust with their customers by ensuring they truly safeguard their data; not because they have to, but because it is the right thing to do. And then, it’ll be back to work bright and early on Monday morning.
Emma Butler, CIPP/E, CIPM, FIP, data protection officer, Yoti
The short answer: Holiday!
I'm taking the last week of May off, and I don't work Fridays, so 25 May is the start of my leave! Like most Fridays it will involve yoga followed by lunch, coffee and cake in my favorite local cafe. It's a bank holiday weekend in the U.K., so we're hoping for sunshine and being able to sit out in the garden. I'd like to be going away somewhere warm and by the sea, but it's also school half term in the U.K. so prices are through the roof. So I'll be at home instead for that week doing boring but necessary domestic stuff, enjoying lunches and drinks out, and avoiding LinkedIn, work email and any GDPR. related news!
Estella Cohen, CIPP/C, CIPM, FIP, senior privacy consultant, TrustArc:
I will continue to have to respond to the most often asked questions from my Canadian clients — Will the EU continue to recognize Canada's privacy laws as "adequate?" My response: Probably, but let's not count on it as a given. Canada's privacy laws will need to evolve to reflect the stringent GDPR requirements. The good news is that progress is being made with recommendations for the Personal Information Protection and Electronic Documents Act to make Privacy by Design a central principle and to include the seven foundational principles of this framework, where possible.
In my future, I see myself conducting many, many GDPR assessments with organizations that are just beginning to realize the huge impact of GDPR in the global privacy landscape and closer to home, in their own organizations.
Jestlan Hopkin, CIPP/US, manager, cybersecurity and privacy, KPMG
On the 26th, I'll be relaxing, celebrating and reflecting. I'll be relaxing from a several months' intensive push to get compliant-ready; I'll be celebrating a law that I believe will create positive rippling effects for innovation and consumer privacy for natural and legal persons around the world, and reflecting on how I can help extend the same data subjects rights to non-European citizens.
The GDPR is not about stifling innovation, but enabling it. As technologies continue to move from the periphery of our person to on and in our person, forward-thinking laws like these ensure stakeholder accountability and create clear, baseline data protection standards — both of which allow innovation to flourish because they can greatly facilitate user trust in and adoption of new and emerging ICTs. Why wouldn't every country want that? Congratulations, Europe!
Luis Alberto Montezuma, CIPP/C, CIPP/E, CIPP/US, CIPM, FIP, privacy and data protection specialist, risk management consultant, compliance attorney
The GDPR will apply to non-EU territories, including Colombia.
There are requirements that are not established in our local regulation, such as the right to data portability, the right to be forgotten, carrying out data protection impact assessments (DPIAs), the implementation of both Privacy by Design and Privacy by Default in internal processes and IT systems, keeping records of processing activities, the notification of data personal breaches to supervisory authorities within 72 hours, and in some cases to the individuals affected, among other issues.
On May 25, I have scheduled a Bogotá KnowledgeNet Chapter meeting to explain how exactly the GDPR will impact companies in Colombia.
It is important to stress that while EU GDPR and data protection (or data privacy) regulations, such as Colombian Law 1581/2012, share a number of core tenets, they are different laws. Therefore, we as privacy specialists must continue to help organizations meet all requirements of each data protection (or data privacy) regulation in countries where they do business.