Interview with: Joao Torres Barreiro, Associate VP & Chief Data Protection Officer, HCL Technologies

What do organisations need to know about the changes the EU General Data Protection Regulation will bring?

This regulation will change the power dynamics between companies, data protection authorities and data subjects, which are the customers. It will also radically transform the way organisations process personal data and use this data to do their business. ‘Privacy by design’ and ‘privacy by default’ will become the standard.

Instead of looking at those changes as a challenge, I prefer to face them as an opportunity. For example until now, companies had to deal with twenty-eight European data protection laws. In the future, they will only deal with one data protection law in the European Union. We cannot dismiss what this data protection reform will do for economic growth. In one of the European Commission’s press releases it was stated that the benefit of having one data protection law in the EU, instead of an inconsistent patchwork of twenty-eight national laws, is estimated at 2.3 billion Euros per year. Also, strengthening Europe’s standards of data protection can be a business opportunity.

What are the key elements for designing a privacy and data protection programme?

The key and most important element for designing a successful privacy and data protection programme is to first define the scope of the program. To do that, companies need to identify what legal and regulatory data protection requirements are applicable to their organisation. This is particularly difficult for multinational companies, since they are present in different geographies across the globe and need to take into consideration multiple data protection laws. As well, multinational organisations need to consider that different countries may have different views on the concept of privacy. For instance, the way an American perceives privacy is completely different from the way a European does.

Companies should develop a global privacy strategy that speaks to all markets. They can only do this by adopting a holistic approach with very high privacy standards that should be customised only when strictly required.

Why do all departments need to be engaged when designing a programme?

There are many functions that do not have a seat on the privacy office but are necessary to implement a privacy and data protection program. For example, how can the privacy office draft a procedure that defines how personal data of employees is processed without the involvement of the human resources department? Or how can the privacy office implement procedures that address data protection breaches without the participation of the chief information security officer and the cyber security officer?

Also, by engaging several departments within an organisation, you ensure a buy-in and a sense of ownership concerning privacy.

What advice do you have for organisations that process personal data?

The first step is to map the risks associated with the company data processing activities. Only by doing that, companies can adequately design and prioritise the privacy deliverables that should be implemented first. Otherwise, they will have a privacy program that is not going to solve the daily privacy problems of the organisation. Just like in any compliance program, to build a successful privacy program, companies must first know what their real weaknesses are.

Contact: Luzdary Hammad, Press Manager, marcus evans

Email: press@marcusevanscy.com

The marcus evans group has over 20 years experience in the production of premium business events. Known globally for our unwavering dedication to quality and excellence, we aid our clients in achieving their strategic goals by providing market leading business intelligence otherwise inaccessible to them.

At marcus evans, we craft products that empower our clients to drive organisational growth and achieve effective decision-making. Our clients’ focus on continuous improvement creates a strong basis for an ongoing dialogue, allowing us to evolve our abilities to address their needs successfully.

Developing major sector-focused events, marcus evans provides unique business and networking opportunities across diverse industries and professions. We aim to meet all of your strategic information requirements through premium products delivered through a variety of media.

We consider innovation to be vital. Our extensive proprietary analysis of our clients’ business needs enables us to equip you with the tools you need for future success.

Bio
Twitter
Latest Posts

marcus evans

The marcus evans group has over 20 years experience in the production of premium business events. Known globally for our unwavering dedication to quality and excellence, we aid our clients in achieving their strategic goals by providing market leading business intelligence otherwise inaccessible to them.