Chad Wollen, Chief Marketing Officer at Smartpipe Solutions answers some key questions on GDPR ahead of 25 May.
1. What's your main priority right now in the run up to 25 May?
There are five things which we are focused on:
DPIA. As a "Data Processor" we are not obliged to conduct a DPIA, but doing it has been incredibly useful, especially using a third party to conduct it.
DPO. Who your DPO is and how they are sourced is a big deal with many future ramifications. This is not a trivial matter, we are thinking hard about our options.
Contracts. Transitioning is a lot of work, especially maintaining the cascade from Controller-Processor-Sub Processor.
Governance. Setting up mechanisms to ensure the spike in compliance activity is embedded into "business as usual" processes is critical.
Culture. Compliance is already yesterday's story. We have to build an industry which recognises this is about digital, data ethics and sustainability.
2. What's the biggest obstacle you're currently facing?
Time. We got a good head start, but the further you push into the weeds the more you need to do. Maybe this is because we are setting the bar very high, or maybe the GDPR is a recursive spiral.
3. What has been your biggest learning over the last two years when it comes to GDPR implementation?
There are five things that have crystallised for us:
Respecting and aligning with the existing laws - the directives - means so much less stress and worry when tackling the GDPR.
Much of what the GDPR is requiring us to do is already a matter of good data governance and management.
The onus is now on the industry to demonstrate compliance. This means that one has to change the culture not just the technology.
US law vs EU law - embracing the differences rather than taking a fight or flight attitude has been valuable.
Any resistance to the GDPR from the industry is self-defeating. Accepting the changes lets you focus on innovation and competitive advantage, and also lets you embrace and encourage consumers to take control.
4. How has the GDPR changed your company culture around data protection?
I think it has shaken our complacency. We are a business which is proud of its data protection credentials and that we have taken the innovation "high road". The GDPR has caused us to put everything under the microscope.
We are now creating a privacy culture which is focused on continuous improvement and always being able to do better. No resting on one's laurels.
5. From your POV, what does/will the GDPR mean for our industry?
It means massive transformation. What is causing the industry a GDPR headache is that the features of our technologies have suddenly become privacy "bugs".
Moving from a default "On" to "Off" with consent is a huge change.
This, coupled with the extended data supply chain of third parties, means some parts of the Lumascape will struggle to survive - the cost of compliance is too great for them to retool and consumers will just never say yes to a long list of vendors.
There will emerge a new sort of industry, one which has a different set of priorities and values.