In November this year, more than 1000 people attended the International Association of Privacy Professionals annual conference in Brussels. Every year, this 2-day event brings together data protection experts from around the world to discuss the biggest privacy-related topics on the global agenda.
It’s not surprising that this year Europe’s new General Data Protection Regulation (known by the experts as the ‘GDPR’) was top of the agenda. The regulation, which will come into force in May 2018, is a complete overhaul of data protection law – not only for European companies, but for all global companies which deal with consumers in Europe. This is the first time that privacy rules coming out of Brussels will have such a wide remit, and companies all over the world are gearing up to comply before the 2018 deadline.
But whilst privacy professionals have long been preparing for the GDPR and its potential implications, other functions within global companies may be less aware of the changes on the horizon.
In contrast to the Brussels privacy conference, the Chief Data Officer Summit in New York in December was largely attended by the people within global companies who access and process consumers’ personal data every day such as data scientists, data analysts and data governance managers.
As I learned at the conference, global companies are currently dealing with the implications of amassing huge amounts of data on the actions of their customers and consumers. Speakers from a wide range of industries including insurance, publishing, banking and FMCG explained that understanding how to leverage this data to produce actionable insights was the key to their companies’ success – and this involves analysing, processing and understanding the very data which the GDPR seeks to regulate.
The GDPR was, however, conspicuously absent from this conference which was, essentially, all about data. While privacy professionals are analysing and discussing every detail of the GDPR right now, there seemed to be little concern about the new rules from those who touch and analyse consumer data every day.
Bridging the gap between these two worlds is an important part of what European policymakers have set out to do with the GDPR. The new rules are far-reaching and introduce many new concepts which permeate every part of an organisation’s internal structure – for example ‘privacy by design’ which requires companies to adopt internal policies to integrate data protection principles into their day-to-day work.
As the deadline to implement the GDPR approaches, this gap will need to become smaller and more and more functions within global companies, including marketing, will find themselves needing to think about privacy as an integral part of their work – and not just something which legal needs to assess and approve when needed.
WFA has been helping members tackle this challenge since it set up the Digital Governance Exchange (DGX). By bringing together senior digital experts across functions including legal, marketing and public affairs, the group aims to spark a discussion and share best practice in important, emerging areas like privacy. And with the GDPR on the horizon, this approach is going to become all the more important.
For more information about DGX, get in touch with Catherine at email@example.com.