What GDPR Experts Are Saying About Compliance

The May 2018 GDPR deadline is just around the corner, and anyone with a hand in the data pot is astir. Below are insights from some of the foremost GDPR experts to consider as you prepare.

(Also, if you’re concerned about your level of GDPR preparedness, check out these   tactical steps for compliance  to see if you’re on the right track.)

Now, on to the GDPR experts.

Guilty Until Proven Innocent

GDPR requires that compliance be demonstrated: you are guilty until proven innocent. @AureliePols
Click To Tweet

“If you are in the business of selling or sharing user preferences or interests, if you are syncing cookies, or if you are exchanging/sharing/selling profiles, make sure sensitive data categories are either encompassed by the consent mechanisms that have been set forth within your contracts or not treated at all.

After all, the GDPR requires that compliance be demonstrated: you are guilty until proven innocent, not the other way around.”

Aurélie Pols, DPO Trainer for GDPR,   Sensitive Data and Teaching Kids How to Lie on the Internet

Reduce Data Debris

Estimates put the amount of digital debris at 65% of enterprise data. @heidimaheresq
Click To Tweet

“The more information we collect, the more data debris we end up with. This debris has no current value but increases storage costs, makes finding valuable information harder and often leads to unwanted and unnecessary disclosure in response to an e-discovery request.

A defensible disposal program can eliminate debris while also supporting the erasure requirements of the GDPR. Just as important, by reducing the total amount of data an enterprise maintains—estimates put the amount of digital debris at 65% of enterprise data—defensible disposal can dramatically reduce the overall burden on the GDPR compliance team.”

Heidi Maher, Data Privacy Officer at IBM,   If GDPR Compliance Doesn’t Start With Information Governance, You’ll Probably Fail

Not Just for EU Citizens/Residents

“The data subject is wider than an EU Citizen or Residents. Both are by definition a Data Subject but the Data Subject does not have to be either. It could be [someone] on holiday in the EU or even someone in transit through the EU, on flight.”

Moyn Uddin, GDPR, Privacy and Cyber Security Practitioner, GDPR – The Data Subject , Citizen or Resident?

No Room for Margin of Error

“With less than 200 working days to go before the GDPR is fully enforceable, there’s no room for any margin of error. But this is the first small step on what will be a very long journey…Accountability is now the watchword.”

Ardi Kolah LL.M, Editor-in-Chief of the Journal of Data Protection and Privacy, The cost of compliance is much less than the price of failure

Use GDPR to Level Up

GDPR can help you find, leverage and provide competitive value to your customers. Richard Hogg, IBM
Click To Tweet

“GDPR in the end can help you find, leverage and provide competitive value to your customers. It’s an opportunity [to] look across your business and how to create, capture and use information, not just at the entry and engagement points with clients but across the whole lifetime and lifecycle.”

Richard Hogg, Global GDPR & Governance Offerings Evangelist at IBM, GDPR – Let’s Get It Started!

Third-Party Threats

Third parties…are implicated in about 63% of all data breaches. @Annamazzone
Click To Tweet

“You should ensure you have robust life-cycle management of your third parties. The controls in place for off-boarding a supplier or third party should be just as rigorous as on-boarding. Third parties are often the weakest link in a company’s data security, and are implicated in about 63% of all data breaches.”

Anna Mazzone, Managing Director at Aravo Solutions, Anna Mazzone: Applying due diligence to GDPR

Marketing Is the Worst at GDPR

“I predict that the source of the biggest ICO investigations in 2018 will lead to Marketing (departments, agencies, services firms or platforms) as, right now, so few are doing so little to safeguard customer data yet still taking so much data for granted and from any sources possible … it’s like a wild west of data out there.”

Tim Hunt, Director, Strategic Adviser & Speaker on GDPR at Flexile, Marketing & GDPR … like asking Turkeys to vote for Christmas!

Competing for Consumer Trust

“As we move towards the commodification of data, the ultimate competitive frontier will revolve around consumer trust.”

The ultimate competitive frontier will revolve around consumer trust. @AureliePols
Click To Tweet

Aurélie Pols, DPO Trainer for GDPR, To Appoint a DPO – Data Protection Officer – or Not?

Incoming Wave of Consumer Litigation

“We expect consumer litigation and class actions to quickly follow once this regulation goes live, as has happened in the US. We are already seeing niche legal firms being established to cater for the anticipated demand, which could see another Personal Protection Insurance (PPI) debacle emerging.”

Pat Moran, Cyber Leader at PwC, GDPR will result in significant increase in litigation – PWC

Getting Compliant

May 2018 is getting awful close—still working on compliance? Step through this GDPR compliance checklist   from data governance and GDPR experts Chris Slovak and Clint Eagar to help boost your GDPR preparations.


Browse your favorite Categories

Schedule a Meeting