As the one year anniversary of GDPR approaches, a data expert is warning that companies need to change their attitude towards the legislation. Privacy Lead at Data Oversight, Hellen Beveridge, says that when it comes to GDPR, rather than recognising practices, businesses need to change to meet required standards, organisations frequently try to mould legislation to fit into their existing processes.
GDPR first came into effect across the EU on the 25th May 2018.
Beveridge was speaking about the first year of GDPR and how Brexit will affect it ahead of her appearance at this year’s European Data Protection Summit, which takes place at 133 Houndsditch, London on the 3rd of June this year.
The European Data Protection Summit 2019 will welcome over 700 attendees, feature over 50 industry expert speakers and over 30 exhibitors. Everything data protection, governance and security related will be discussed.
Speakers confirmed so far this year include:
Max Schrems, Founder of noyb and privacy activist
Steve Wright, Group DPO of Bank of England
Nicola Roviaro, Head of EMEA Data Privacy at Google
Tamara Ballard, Data Protection Lawyer at Channel 4
Sheila M. Fitzpatrick, President & Founder of Fitzpatrick & Associates
Speaking about companies in the UK and their failure to embrace GDPR in line with regulations, Beveridge said:
“Organisations fall broadly into two camps: risk-averse and risk-tolerant. While the former are working hard as they want to do the right thing by their customers and, more importantly, don’t want to fall foul of the Regulator. The latter, in return, are still waiting to see if any of their peers get caught, and then they might take action. Many companies in the UK are still just tickling the legislation at the edges. They haven’t invested in governance as a budget item and simply have their fingers crossed that they won’t get caught. This doesn’t just apply to SMEs either, there are multi-million pound turnover businesses who simply haven’t grasped the nettle.”
Hellen Beveridge is Privacy Lead at Data Oversight which offers practical, pragmatic data protection services for organisations of all shapes and sizes. With 25 years’ strategic marketing experience, she is well placed to understand compliance from an operational perspective.
When it comes to businesses implementing GDPR more effectively, Beveridge says Brexit could pose numerous challenges:
“The UK Information Commissioner’s Office is the largest data protection authority in the world and was responsible for the bulk of the work on Binding Corporate Rules (BCRs) undertaken in the EU. Companies will now need to find another lead authority.
Like countries outside of the EU at present, UK companies will need to comply with the individual laws of the 27 member states, including the appointment of an EU representative.”