Vivienne Artz, Chief Privacy Officer, Refinitiv talks about the past, present and future of GDPR on the In:Confidence 2019 main stage (April 4th at Printworks, London).
In:Confidence 2019 - Privacy: is GDPR the past, the present or the future?
1. In Confidence 2019
CONFIDENTIAL – FOR INTERNAL USEONLY
Privacy – is GDPR the past, the present or the future?
Vivienne Artz
Chief Privacy Officer
Refinitiv
4 April 2019
2. Privacy – is GDPR the past, the present or the future?
2
3. India
Past
3
25 May 2018
IAPP/EY Annual Governance Report 2018
- 50% are “fully compliant”
- The remainder are “far from compliance” or “will never comply”
- Average $1.3 million spent and $1.8 million expected on GDPR programs
- Global not EU phenomenon
- Regulation for previously unregulated firms
- B2B more likely to have full-time privacy teams than B2C businesses
- Standard Contractual Clauses is main mechanism for international transfers
- 3 in 4 firms have adapted products and services to be GDPR compliant
4. India
Present
4
- GDPR Sweep Up
- New obligations eg breach reporting, privacy by design, data portability, erasure, consent,
risk and processing registers, processor obligations, etc
- Automating privacy
- Maturing and operationalizing privacy i.e. moving from theory to practice!
- 8 in 10 firms view investment in training as top GDPR compliance priority
- 1 in 4 have changed processors as a result of GDPR
- 8 in 10 report privacy matters to the Board
“Privacy is the New Normal”
7. Future
7
- Brexit
- EU E-Privacy Regulation
- US & Global privacy laws
- AI and automation
- Innovation – ICO Sandbox
- New privacy frameworks emerging internationally
- Ethics
- Cyber threats/data breaches
8. Is GDPR a “high” standard or “the” standard
Consent as the basis for processing
DPO
Registrations
International transfers/localization
Personal data definitions and individual rights
Conflict of laws
8
9. India
New Privacy Laws since GDPR
9
CCPA -
California
Brazil
Kenya
Nigeria
China
Tanzania
Vietnam