Five months into the GDPR, the Digital Leadership Forum are already looking towards what comes next. The “Future of Data Privacy” event, hosted by RSM, was an opportunity for attendees to take stock, discuss how the landscape has changed, and begin preparing for the next moves.
The event was kicked off by Michele Voznik, Partner at Pinsent Masons, who discussed the mixed efforts by companies to keep up with compliance requirements, noting that 37% of UK businesses are still not GDPR compliant. Additionally, while the GDPR is meant to harmonise data protection rules, nine countries have yet to adopt a national law. Voznik also discussed the ePrivacy regulation, dubbed “the cookie law”. The legislation aims to protect the privacy of electronic communications but has proven to be highly divisive since its introduction in January 2017 and has provoked intense and polarising lobbying campaigns. It remains unlikely that the regulation will be adopted before Brexit or the European Parliament Elections in May 2019. With the EU still scrambling to finish the Digital Single Market by the year’s end and the lack of uncertainty regarding Brexit, the future of regional privacy legislation remains up in the air.
Up next, Steve Snaith, Partner at RSM, spoke of the challenges within the digital environment, such as cybersecurity and data loss. He opened the discussion with remarks about the evolution of cyber attacks, their sophistication and damaging impact due to increased connectivity between devices. Although the cyber industry is investing in new ways of identification such as fingerprints and face recognition, systems still need to mitigate their vulnerabilities, such as weak passwords, poor system patching and data procedures, insecure networks, and ghosts in the machine (former employees with access rights to confidential information). Mr. Snaith stressed the importance of staff awareness regarding confidential documents and maintain cyber and privacy hygiene.
The event concluded with a fascinating panel discussion on the future of data privacy and data ethics with Steve Snaith, Loretta Pugh (Partner, CMS), and Hellen Beveridge (Privacy Lead, Data Oversight). The panel agreed that while overregulation can create barriers and deter experimentation, privacy is necessary for business operations as organisations must gain customer trust by being transparent, calibrating internal data hygiene culture, and developing simple and concise privacy statements. Lastly, they discussed the use of AI technology for data protection through privacy by design as well as the rising discipline of privacy engineering. Hellen Beveridge expects that in the next five years, personal online identification will allow individuals to give and reclaim consent.
The event concluded on a mixed note. While the future of data protection is still undefined, the measures taken within the EU —particularly the GDPR — have raised important consumer and industry concerns and have set the standards for the global privacy debate.
Author: Ivan Ivanov, Marketing Manager, Access Partnership