Data Protection Summit in London
Emma Martins, Data Protection Commissioner for the Bailiwick of Guernsey, will be speaking at European Data Protection Summit, coming to central London this summer.
Opening in central London on June 3rd, European Data Protection Summit is a one-day event that gives business owners and Data Protection professionals the answers they need to their data protection and privacy concerns.
Emma Martins has held the statutory role of Data Protection Commissioner for the Bailiwick of Guernsey since 2012. At that time, she was also Information Commissioner for Jersey when the Islands created a pan-Island regulatory office.
Emma joined the Data Protection Office in Jersey in 2002 in the post of Deputy Registrar and was successful in her application for the position of Registrar in 2006. After the decision was made to separate the offices again in 2017, Emma remained in her post for Guernsey and left the Jersey role in early 2018.
Emma is an ex-officio, non-voting member of the Data Protection Authority and acts as the chief executive of that Authority with responsibility for day-to-day operations. Emma heads a small team that is committed to embedding data protection compliance into their jurisdiction by supporting positive, enlightened legal and ethical engagement by the regulated community.
We caught up with Emma to hear how organisations are managing to step up to the compliance plate.
One year on from its implementation, how effective do you feel the GDPR has been in strengthening user privacy and improving data handling?
EM: There was a great deal of activity and publicity surrounding the arrival of the GDPR. This served to place data protection firmly on the agendas of businesses and governments, which is to be welcomed.
The important thing now is to maintain that engagement. We are beginning to see supervisory authorities flex their muscles in enforcement matters, but we need to move the conversation on from data protection compliance being about avoiding sanction, to one of data protection being fundamental for each of us as human beings and for the society in which we live.
Exposeés of data breaches and manipulation on massive scales are beginning to encourage better engagement in this area beyond questions of technology. GDPR has triggered a more informed public conversation about how we can treat data lawfully as well as ethically, but these are still early days and there is still much that needs to be done.
What are the main challenges that organisations are facing in adapting to the GDPR?
EM: Coverage of the GDPR in May 2018 rather gave the impression that this was the first time organisations had been faced with strict controls about how they handled personal data. The reality is that comprehensive regulatory regimes have been in place for many decades.
The problem is therefore twofold. Firstly, many organisations are playing ‘catch-up’. GDPR has been taken more seriously than any previous data protection legislation and it is now something better understood by senior management and boards. Many have been almost starting from scratch in respect of their data protection compliance. That necessarily makes the mountain a lot tougher to climb.
Secondly, whilst the broad principles haven’t changed, the environment has. Data plays a role in our personal and professional lives that we could barely have imagined only a few years ago. Equally, the rapid growth of new technologies has changed the nature of processing. The speed of change requires organisations to build data governance into all their activities right from the outset. This is a cultural change as much as anything else and cultural change never happens overnight.
What compliance issues are organisations having most success with?
EM: As data is increasingly recognised as the fuel of the economy, organisations are recognising that, as a valuable asset, data needs to be well looked after. Consumers too are playing an important role. As we all become more aware of the importance and value of our own data, we are understanding the environment through a new lens and we are increasingly demanding that companies take more care.
Regulation is important, but businesses with a customer base understand that they need to look after data not just to ensure they stay the right side of the law, but also to keep their customers happy and loyal. The reputational damage to companies that hit the headlines after a data breach can be significant. Trust and confidence is hard won and easily lost.
What areas do business need to work on most to help in the ongoing compliance journey with GDPR?
EM: Compliance is exactly that – a journey. One of the worst things an organisation can do is to treat data protection as a tick-box exercise; as if once that to-do list is ticked off then that’s the job done. Nothing could be further from the truth. Doing data protection well means embedding it into every aspect of an organisation, however big or small. It is no longer the sole preserve of the IT department or employee, it is something every individual in the organisation needs to actively and positively engage with.
Such an approach starts at the top. Managers, directors and boards should never underestimate the impact on organisational success (or failure!) the tone they set will have. Again, this is very much a question of culture and changing culture requires investment, commitment and time.
Hear Emma Martins live at European Data Protection Summit.
Summit delegates can hear Emma talk on the GDPR landscape from the regulatory perspective, one year on from the new law’s implementation.
Against a backdrop of increasing data breaches impacting on a global scale, the event comes at a critical time in data protection and user privacy. The need for ideas, debate, advice and technological solutions has never been greater.
Taking place at 133 Houndsditch on June 3rd, this exclusive event will bring over 800 DPOs together with security professionals and business leaders to provide a day of advice, learning and networking for all data protection stakeholders.
Other speakers include:
- Sheila FitzPatrick, President & Founder at Fitzpatrick Associates
- Max Schrems, Founder at NOYB
- Steve Wright, Group DPO, Bank of England
- Tamara Ballard, Data Protection Lawyer at Channel 4
- Abigail Dubiniecki, Data Privacy Specialist at My Inhouse Lawyer
To register for European Data Protection Summit, click here.
European Data Protection Summit
Where: 133 Houndsditch London
When: 3rd June
European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.