The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO’s favourite weekly read ☕️
Hello and welcome to another edition of the DPOInsider. I’m thankful for all the feedback we have received and to all those who share this newsletter.
If you can share it with relevant people in the space, I’m eternally grateful for that. For now, on with the weekly updates.
How can data privacy be a business enabler?
We talk a lot about how data compliance is an obligation for businesses.
But I’m sure this is looking at the problem with the wrong lens.
What if compliance was a business enabler rather than seen as a hoop through which companies need to jump?
What if privacy is the differentiator businesses need to stand out in their industry?
At the last point of checking, around 74% of consumers are concerned about how their data is used, but they continue to expand their digital footprint.
I think I will dig more into this idea in a future edition of the DPOInsider. But for now, this interview with Luke Webber of Deloitte has an excellent overview of this idea and what it could mean in practice for your business.
Google does not understand privacy
For many of us, that has been abundantly clear for a while now. But, the new 10M EUR fine from the Spanish regulator AEPD is especially intrusive. A key pillar of data compliance and privacy should be to understand consumers and act according to their wishes.
When faced with a consumer request to delete or remove data, Google decided to share the deletion request (along with consumer identification) with a third party without obtaining consent.
Whilst EU states’ data protection authorities seem to be using Google as a privacy punching bag at the moment. It highlights that all of us need to get our heads around the regulations.
Essentially Google is doing many of us a solid by directing us towards behaviour that can and will bring fines.
So, I’d say now is a great time to familiarize yourself with how your organization manages consumer requests.
UK government pledges to ‘reform’ data protection legislation
I posted a few weeks ago regarding the noises coming from the UK that they wanted to reshape their legislation around data legislation.
Well, now it seems that this commitment has been more formally announced in last week’s opening of Parliament.
A lot of the PR around the announcement seems to stick to the message that EU legislation is akin to red tape, and this change will reduce the amount of ‘excessive paperwork’ needed.
But as this article points out, the Bill could ultimately cost the economy more than it will deliver. If the UK were to depart from the EU standards too greatly, it could lose its data adequacy status, meaning businesses would face higher compliance costs when receiving data from the bloc.
Oh, what a time to be a UK based data business.
In other data protection news:
New regulations in the US have left vast swathes of data without any regulatory framework. We have written about teething problems around privacy legislation before. These news stories are a good indicator that privacy is evolving but a reminder that it is not perfect yet. We are bound to see this transform into better privacy and security in the future.
Three pillars of a powerful governance strategy. Two of these I seem to bang on about every week; Context for compliance and centralized data catalogs.