On 17 September, Bitkom will host the 5th Privacy Conference. In advance of the conference we are talking with some speakers about current privacy issues, the impact of the GDPR and their expectations to the #pco19. Today in the interview: Dave Horton, Solutions Engineering Manager, CISSP, CIPP/E, CIPM, OneTrust
More than one year ago, the General Data Protection Regulation came into effect. What do you think are the major barriers when it comes to the implementing in the companies?
In short, resources. What we are finding with our customers is that they typically struggle to align the following: i) human resources (enough privacy professionals on a team), ii) time resources (being able to conduct all the necessary assessments and reviews in time while also further developing company privacy program), and iii) financial resources (having allocated sufficient funds to support the privacy compliance efforts). Management awareness and buy-in across the company are proving key to tackle these issues.
In your opinion: Which sectors still have the greatest need to catch up concerning the implementation of the GDPR?
According to the ICO recent report on Adtech industry, this sector is very much the focus in terms of pending compliance efforts (similar signals also came from the CNIL). On a broader level, perhaps the issue isn’t a specific sector as such, but rather there is a significant split in GDPR-readiness between SMEs and large businesses – again, this boils down to the issue of resources and prioritizing privacy internally.
There are various technological possibilities which can be helpful during the implementation. Which tasks can employees delegate to a compliance software?
Compliance software these days can help employees with vast majority of compliance-related tasks: consent and DSAR management, vendor risk assessment and regular vendor audit/reviews, incident management, and the list goes on. The software is especially helpful in documenting and tracking tasks split among several departments or business owners – helping compliance officers always stay on top of what is needed and automatically creating auditable trail of records.
What do you think characterises a good data protection management system?
Flexibility – good data protection management system should be easily scalable based on company structure and changing development. It shouldn’t be a headache to maintain and should be easy to navigate for people from all departments.
Which insights do you hope to gain at this year's Bitkom Privacy Conference?
It would be great to learn what are the key organizations’ priorities in privacy compliance for this year and moving forward. We have all survived GDPR effective date, we are now on our way from paper compliance towards real-live effective compliance: sharing insights and priorities among companies with respect to their individual privacy journeys is extremely helpful.
Thank you, Dave Horton!
Find out more about the #pco19