The GDPR and Brexit create a bit of a “perfect storm” for UK businesses. One thing is clear: GDPR, and its risk management approach to data privacy, will be in force in the UK for the better part of a year before Brexit happens (this is not opinion: It is simple mathematics). But the eventual form of Brexit, and other legislative changes in the UK such as the Investigative Powers Bill, will inevitably raise potential further complications for organisations in the UK that process personal data about people in the EU.
Daragh O’Brien, Managing Director, Castlebridge, daragh@castlebridge.ie
Daragh will be presenting the following half day workshop Getting Ready for the General Data Protection Regulation – An EIM2.0™ Approach at IRM UK’s Enterprise Data & BI Conference Europe 2016, 7-10 November, London
Of course, with around 50 areas in the GDPR where Member States can legislate local variances, and a number of court cases making their way to the Court of Justice of the European Union on topics such as the suitability of Model Clause Contracts, and given the questions raised about the stability of Privacy Shield following the Yahoo NSA Backdoor/Hacking disclosures of recent weeks, it’s not just Information Management Professionals in the UK who have to deal with a wave of uncertainty in what has historically been a niche area of interest.
Add to this mix the increased focus internationally on ethics in Information Management, particularly in the context of Big Data, IoT, and other emerging areas of innovation, and we have a further step change away from a “tick box approach” to compliance and creates a more nuanced and challenging landscape for Information Management professionals dealing with data protection compliance and privacy issues in organisations.
Given the difficulty in getting senior management to get “engaged” with a topic that is, at first glance, as dry as “Data Privacy”, organisations at the best of times, how can Information Management Professionals, particularly those in the UK, frame the GDPR change discussion in a way that:
-
Gets buy-in
-
Engages stakeholders (and gets them to give darn about data privacy)
-
Helps align with other initiatives
-
Copes with the uncertainty of what the end game will be for the UK post-Brexit in the context of its “Adequacy” as a jurisdiction in which organisations can process personal data on people who are in the EU
-
Can scale to the potential challenges that lie ahead for organisations in the UK, or working with organisations in the UK, post-GDPR and Brexit
What can you do?
Education is key. That’s why I’m teaching a half -day workshop on “Preparing for the GDPR using an E2IM Approach” at the IRM UK Enterprise Data & BI Conference Europe 2016 in London next month (7th-10th November). This session is a distillation of material we teach and use with clients to help people understand the scale of the GDPR changes for organisations, and to give people some practical tools and techniques to apply to addressing the challenge.
When I submitted the session originally the E2IM Approach was referred to as EIM2.0 because a lot of the methods and practice we discuss are drawn from the disciplines of Information Quality, Data Governance, and Metadata and Master Data management. However over the last few months working with clients this has been refined with clients and is now known as the E2IM Approach: Ethical Enterprise Information Management, which is the proprietary framework we apply in client engagements.
Topics covered in this unique half day seminar will include:
-
What is GDPR and what is the scale of the change
-
The Post-Brexit Landscape for Data Protection compliance in the UK.
-
Understanding Ethics in the Information Management and Data Privacy context
-
Applying Agile Principles to GDPR Preparation, Privacy by Design, and Privacy Engineering
-
Adapting Information Governance and Information Quality practices and approaches to the Data Privacy and Ethics challenges of the GDPR and beyond
Also at the conference, my colleague Katherine O’Keefe will be presenting a primer on Ethical Principles in Information Management in general, with reference to some recent headline-grabbing news stories.
Daragh O Brien is MD of Castlebridge and is a specialist in Information Governance, Information Quality, and Data Privacy. He works with public and private sector clients internationally to provide advisory, training, and coaching supports on data privacy, governance, and quality in a strategic and operational context. Castlebridge is a key contributor to the Adapt Centre in Trinity College Dublin (www.adapt.ie), and Daragh has advised on research projects in the Insight Centre (www.insight-centre.ie). He is also on teaching faculty of the Law Society of Ireland, teaching data privacy and data governance topics. Daragh serves as Data Privacy Officer for a number of startups and non-profit organisations, including DAMA-International. Follow Daragh @cbridgeinfo.
Copyright, Daragh O Brien, Castlebridge