IAPP Intensive France – 17 & 18 March 2022
EDPO attended the IAPP Intensive in Paris (17 March). Here are the main insights from this first day of conferences:
š International data transfer remains the hot privacy topic. There still doesnāt seem to be any solution at the moment. This issue should be handled at the political levelā¦which could take quite some time.
š Metrics can be very useful to assess your compliance and convince your boss and the board to focus on data protection. Key words: cost & time.
š Privacy regulations are popping up all around the world. Some are very similar to (and inspired by) the GDPR. So being GDPR compliant is a great baseline but letās not forget that the right to privacy isnāt a fundamental right in every country.
š Privacy by design and operational efficiency: Data Protection Impact Assessments are the most challenging part of building privacy into technology
š Nothing is impossible in terms of GDPR compliance ā itās just a question of cost
š Perform cookie audits at least once a year to make sure that what goes on in your system matches what you say on your cookie banners
Some of the key discussions and funniest outtakes from the second day of the IAPP Intensive in Paris (18 March):
š European Data Protection Board announcedĀ the creation ofĀ a GDPR compliance tool for SMEsĀ andĀ upcoming guidelines on fines
š The number of sanctions and fines are through the roof, and authorities are only going toĀ pickĀ up the pace
š The question is not āare you going to have a breachā butĀ ratherĀ āwhen is it going to happen?ā!
š A few funny DPO stories:
– data subject asking to remove personalĀ data so thatĀ their partner doesnāt find outĀ what theyāre up to
– what song best fits the DPOās: role? āIĀ will surviveā or āComplianceā from Muse
– donāt beĀ surprisedĀ if your kids donātĀ wantĀ to provide their personal data to anybody: you āprivacy-by-designedā them!
IAPP Intensive UK – 23 & 24 March 2022
EDPO attended the IAPP Data Protection Intensive in London on 23 March and 24 March and it was a success! Here are some insights from the conferences:
šĀ OnlineĀ advertisingĀ is in the spotlight. Multiple businesses play in the chain of services or products and need to be compliant. Some want to pull back and reduce the number of players having access to data. Does that mean going back to the 1980s? Other say that we have to move forward and need to think differently to bring data closer and safer to the user without removing any parties from the game.
šĀ The responsibility is always on the individual to giveĀ consentĀ – or not – with very complex privacy policies to read through. We need to take a different approach: fairness should be guaranteed by the company. The user should have the ability to make choices, not feel obliged to give consent.
šĀ We need to stop thinking about data as a thing to manage through tech, an asset to leverage or a risk to manage. Is it data protection orĀ data protectionism? Data is a powerful economic tool. Data serves the economy, the society, and businesses. Data protection shouldnāt be a barrier to anything.
šĀ SCCsĀ are all the same and donāt work. Nobody reads or audits them. Why not take aproactive approach? āPrivacy in practice rather than privacy on paperā.
šĀ Is GDPR theĀ golden standard?Ā Many countries donāt have the same rights and privacy regulations – e.g., Africa andChina donāt have legitimate interest. The GDPR has a dominant approach but the ultimate goal is to draw approaches together and not just stick to the most influential one. After all, theyāre seeking the same outcome.
šĀ TheĀ UKĀ is looking to develop a unified framework. Supporting businesses and protecting the rights of individuals is not incompatible! Transparency is the key.
šĀ Can the UK make meaningful changes on data protection and still have theĀ adequacy decisionĀ from the EU? Yes. The point is to not travel in different directions but to make sure that the framework is well-thought and adapted to the reality of society.
Follow us on Linkedin for daily breaking GDPR news!
Get our weekly newsletter in your inbox every Monday with fresh GDPR and Data Protection news!