The new General Data Protection Regulation (GDPR) - which comes into force in May 2018 - may at first blush seem like “just another EU regulation”. However, organizations - and specifically third party risk management teams within them - would take a “tick-box” approach to compliance at their peril.
In this session, Simon and I discussed:
- The GDPR goes into effect in May 2018, what are some of first the enforcement actions we are going to see? What industries are most exposed? What are some of the failures that will be revealed by the GDPR?
- Should and how can companies think about educating their regulators around their GDPR programs and what they are doing to comply?
- What type of impact will the GDPR have on privacy regulations in other countries?
- How should multinational organizations approach the divergent privacy regulations in different countries?
- In preparing for the complexity of GDPR, are multi-stakeholder teams looking beyond May 2018? Is there a design future-view of the regulation?
- Will GDPR cause a shift in the relationship between multinational organizations and customers?
Also enjoy podcast sessions 1 and 2, links provided below.
Simon McDougall is a Managing Director in Promontory’s London office, and leads Promontory’s global privacy and data protection practice. He is a Chartered Accountant and until 2010, led Deloitte’s UK Privacy & Data Protection and Payments Regulation teams. He specializes in privacy and data protection, information governance and regulatory investigations.
Simon has led engagements with some of the world’s largest financial institutions, technology firms, retailers and life sciences firms. He has developed rationalized privacy risk management models, built enterprise-wide privacy programs and managed in-depth data protection audits. He spent six months seconded as the Head of Privacy and Records Management for the retail half of a large international bank.
Simon serves on the IAPP Board of Directors and the IAPP European Advisory Board. He has previously served on the UK Data Protection Forum executive, the BSI Data Protection Editorial Board, the DataGuidance Panel of Experts, the President of the Law Society’s Surveillance Working Group, and a range of other consultative and advisory groups. He was the co-author of a paper to the Leveson Inquiry, addressing privacy and press regulation.
For more information about how Aravo can help improve your Third Party Risk Management programs, please contact us.