Since it came into force in May, GDPR has had a profound effect on the way that all organisations manage their data and relationships with customers. Issues that were once principally of concern to financial and regulated sectors are now affecting all industries. However, what was initially seen as a legislative burden has started to drive real business change and deliver tangible benefits.
The complexity of data and the increasingly varied ways in which it is used mean that managing it requires collaboration between DPOs and the business, legal, IT and information security among other departments. This is essential to mitigate privacy risks when developing products and services, to agree ethical approaches to data management and to protect that data. In many cases this involves a review of existing business structures, processes, culture and behaviour.
The key themes in this article were originally discussed in a panel moderated by Nina Bryant at the Managing Risk and Litigation Conference 2018, entitled ‘What are the focus areas in 2019 and beyond on the proactive compliance agenda?’ The panel members were: Michelle Levin, associate general counsel – digital and privacy, Coty; Jane Finlayson- Brown, partner, Allen & Overy; and Mo Ahddoud, chief information security officer, SGN