Meet the expert: Geoffrey Ceunen to speak at Last Thursday in Privacy

Going live on January 26, Last Thursday in Privacy is a livestreaming experience that takes international audiences on a deep-dive into all things digital.

VP for Sales at RESPONSUM, Geoffrey Ceunen is an experienced Privacy and Data Protection Officer. He will speak exclusively at Last Thursday in Privacy to discuss how businesses can build compliance into privacy management programmes. 

We caught up with Geoffrey for more about his professional journey and an introduction to the key issues in his forthcoming session at Last Thursday in Privacy.

Could you outline your career pathway so far?

I have been working in Privacy for over five years (since before GDPR was cool). As a Master of Law graduate, I started out as Privacy & Data Protection Officer at two separate companies.

After that, I found a role that combined my passion for privacy and people in a more commercial role for the largest privacy consultancy firm of the Benelux. Now, I am committed to bringing clients’ privacy management to the next level at RESPONSUM.

What are the biggest challenges that businesses face as they put together privacy programmes?

If we have a look at the macro economy for 2023, I must say that budget will be one of the biggest challenges businesses will face. A constrained budget means fewer resources within the privacy department but also less time spent on privacy challenges for your privacy champions in the different departments.  

Another challenge that is very common, is the lack of involvement of employees within organisations. Capturing information and following up on assigned tasks of employees are huge challenges for many reasons, including lack of awareness, knowledge, importance, prioritization, etc.

Another challenge is the fast pace of technological development which leads to large amounts of personal data being processed in a short period of time. This means privacy programs need to be flexible and agile.

A developing challenge concerns the fast rising and complexity of the new privacy and data laws in the world. Will the USA finally have their uniform federal privacy law in place or do you need to take into account hundreds of sectoral privacy and security laws among its states? California started the dance, but will every state follow? In Europe, we need to have a look at the development of the AI act, Digital Markets Act, Data Governance Act. Last but not least, each country in EU also has its own specific sectoral laws which could overlap or conflict with the GDPR.

What emerging trends are shaping privacy programme management?

Especially the case for customer-facing organizations, the data subject will be more aware of their rights. Therefore, they will increasingly exercise their privacy rights. More data subject right requests also mean that organisations will need to centralise their privacy UX. 

A new trend that we will see is the increasing need of data mapping and the subsequent need to know where your data is located. As mentioned above, emerging privacy laws and ever-increasing digitalisation will increase the need to know where your data is located. Without this, it will be almost impossible to run a decent privacy programme within an organisation.

More brands are aware of the high risks they can experience when they collaborate with third parties. This means that they will be more demanding regarding third parties to mitigate risks. As you are only as strong as your weakest link, it is necessary to improve and monitor the level of the vendors you are collaborating with. 

Because of all the above, organisations will increasingly make use of privacy-enhancing technology to stay up to speed with the upcoming emerging trends.