With the first anniversary of the General Data Protection Regulation (GDPR) now upon us, a prominent data expert is warning that companies need to change their attitude towards the legislation. Hellen Beveridge, privacy lead at Data Oversight, suggests that when it comes to the GDPR, rather than recognising practices, businesses need to change to meet required standards. Instead, organisations are frequently trying to mould legislation to fit into their existing processes.
Speaking about companies in the UK and their failure to fully embrace the GDPR, Beveridge said: “Organisations fall broadly into two camps: risk-averse and risk-tolerant. The former are working hard as they want to do the right thing by their customers and, more importantly, don’t want to fall foul of the GDPR. The latter, in return, are still waiting to see if any of their peers are caught out and then they might take action. Many companies in the UK are still just tickling the legislation at the edges. They haven’t invested in governance as a budget item and simply have their fingers crossed that they will not be caught out. This doesn’t just apply to SMEs, either. There are multi-million pound turnover businesses who simply haven’t grasped the nettle.”
When it comes to businesses implementing the GDPR more effectively, Beveridge believes Brexit could pose numerous challenges. “The Information Commissioner’s Office is the largest data protection authority in the world and was responsible for the bulk of the work on Binding Corporate Rules undertaken in the EU. Companies will now need to find another lead authority. Like countries outside of the EU at present, UK companies will need to comply with the individual laws of the 27 Member States, including the appointment of an EU representative.”
Beveridge was speaking about the first year of the GDPR and how Brexit will affect it ahead of her appearance at this year’s European Data Protection Summit, which takes place at 133 Houndsditch in London on Monday 3 June. The Summit is due to welcome over 700 attendees, feature over 50 industry expert speakers and over 30 exhibitors. Everything data protection, governance and security related will be discussed.
Speakers confirmed so far this year include Max Schrems (founder of noyb and a privacy activist), Steve Wright (Group DPO at the Bank of England), Nicola Roviaro (head of EMEA data privacy at Google), Tamara Ballard (data protection lawyer for Channel 4) and Sheila Fitzpatrick (president and founder of Fitzpatrick & Associates).
*For further information on the European Data Protection Summit visit https://summit.dataprotectionworldforum.com/