The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

The role of company culture in data privacy

Is it enough to just hire a DPO and sit back and relax?

As DPOs we are increasingly aware of our responsibilities under data privacy legislation.

But is that everything you need to implement data privacy?

Transparency and governance over customer data use have become business-critical issues and if organisations are to increase digital users’ engagement and support, in order to continue benefiting from free-flowing access to customer data, regulation must stop being treated as a last resort measure.

But it turns out there’s a mismatch between SMBs’ knowledge of their obligations and consumer awareness.

According to a consumer privacy survey conducted by Cisco, 83 per cent of ‘privacy actives’ read privacy policies.

Rather alarmingly, 38 per cent of small to medium-sized businesses (SMBs) believe that the GDPR does not apply to customer data they may come into contact with, according to DMA’s ‘SMBs and GDPR’ data.

So what’s the solution?

We should start promoting data as a force for good. Governed by principles, ethics and a framework that places the customer at its core.

There are a number of codes of conduct available to guide us, but a culture within an organisation can be much more valuable. This is what we mean when we talk about privacy by design.

This culture is what will allow us to become more people-centric and change organisational culture, build consumer trust and strive for better business outcomes.

What does Europe’s approach to data privacy mean for GPT and DALL-E?

It seems that you can’t move for new AI tools. Some are gimmicky, some less so.

We’ve talked more about what this means for privacy regulation.

Personal data is, of course, an important part of this regulation. But, as this piece argues, there’s more to this than just PII.

What about the data we generate as content and art? It’s certainly not legal to copy someone else’s work and then present it as your own. But there are AI systems that attempt to scrape as much human-generated content from the web as possible in order to generate content that’s similar. 

Can GDPR or any other EU-centered policies protect this kind of content?  

A great read on the relationship between AI and data privacy, and whether we are going far enough with current legislation.

Other data privacy news

Customers’ personal data stolen as Optus suffers massive cyber-attack

Revolut data breach: 50,000+ users affected

Looking Back 4 Years Later, Is the GDPR All It Was Cracked Up To Be?

Why a data privacy officer should be your company’s next hire

Post of the week

This post on the importance of words in data protection.

Poll of the week