2018: Marking trust in technology
This year we are coming up to the end of the two years of GDPR implementation.
January 28th was the annual Data Protection/Privacy Day (DPD). A day that marks the increased focus on the issue of privacy and its protection across the world. It was also a moment to reflect back—and to look ahead.
2017 saw many developments around GDPR compliance activities: the Japanese data protection law, the start of adequacy discussions between the EU and Japan, the first EU – US privacy shield review, questions around a post Brexit UK data protection world, just to name a few…
And 2018 will be known as the GDPR start date. We know that it was a long legislative process and we are coming up to the end of the two years of implementation. I am sure GDPR compliance took centre stage at many DPD events this year.
GDPR: 3.5 months to go
With the May 25th deadline approaching fast, many organizations are well on their way to mapping out their respective GDPR compliance procedures, or at least they should be. In discussions with customers (both public and private sector), there are still a range of questions regarding various provisions and their implementation. Although looking back at the intent of the legislators during the debates provides a sense of direction, potential other questions remain unanswered.
To that extent, the European data protection authorities have been actively working on providing guidelines around key topics such as on data breach, consent, etc. This additional clarity is very much welcomed and provides an indication of implementation requirements, however, I expect other issues to arise as we move through 2018. What will be crucial is a strong partnership between all stakeholders to identify and remedy such issues.
The broader picture: trust
GDPR, and other global legislative initiatives, are only one element of the puzzle. Trust is the broader theme. This was also recognized by the discussions during the recent World Economic Forum (WEF) gathering in Davos. CA Technologies CEO Mike Gregoire addressed this directly in his new role as Chairman of the WEF IT Governors Steering Committee. As Mike stated in a recent WEF blog post, “we have reached our digital adolescence, but given the inevitability of technology in our lives, we need to consider how to evolve a more mature relationship with it.”
Such a mature relationship includes stronger transparency around data collection and the increased protection around it. Organizations, public and private, need to continue to work on gaining and retaining trust. The GDPR and other legal security and privacy initiatives are essential building blocks.
With many pieces now on the table, 2018 will be the time to test and adapt where needed.