As Principal Solutions Engineer at OneTrust, Joseph helps companies put together effective data protection responses to legislative frameworks including GDPR, the CCPA, Brazil’s LGPD and many more.
As organisations push to maximise the value that data creates, responsible data handling has never been more critical. Joseph will discuss the issue in depth at PrivSec Amsterdam, and shed light on how companies can use Privacy by Design to optimise the consumer relationship.
We spoke with Joseph about his career in Privacy, and for more insight into how companies can use compliance to drive trust.
Could you outline your career pathway so far?
My academic background is in Engineering. I have a degree in Mechanical Engineering and started my career working in the rail industry in the UK. From there I branched out and worked for various start-up companies dealing with professional services and management consulting.
In the consulting space, I really started focusing on technology particularly SharePoint. As a principle SharePoint consultant, I was involved in scoping and delivering several intranets and internal communication platforms. In 2019 the opportunity to work in Privacy presented itself. I knew it was a growth industry and I believed in the concept of privacy so it seemed like a very good fit. Since then I’ve never looked back.
I’ve gained three privacy certifications and this year I was awarded Fellowship of Information Privacy from the IAPP. I have found the Privacy industry to be more proactive and collaborative than the other industries I’ve worked in. I’m also proud that the work I’m doing enables data subjects to exercise their privacy rights which are essentially human rights.
What are the priority areas to address when embedding privacy by design into an organisation’s data operations?
From my experience organisations tend to focus on the elements that present the greatest risk in terms of fines from regulatory bodies and reputational damage. With this in mind creating and maintaining a Data Map in order to demonstrate records of processing activities, (GDPR article 30), enabling Data Subjects to exercise their rights (GDPR articles 15, 16, 17 and 18), and incident management, (GDPR articles 33 and 34) are the priority areas.
This is an excellent baseline from which to build out the rest of your privacy program. Most organisations have some solutions in place, but these were hastily implemented around the 2018 GDPR deadline and don’t align to the principles of Privacy by Design. Rethinking the program, leveraging the work you’ve done already and re-baselining with a focus on the Privacy by Design principles delivers value to the organisation, data subjects and also reduces risk.
This brings us to the concept of, “Trust Intelligence.” Trust intelligence is using your data holistically to add value to your organisation and seeing the big picture across all of your privacy initiatives. You’ve spent time and energy getting things in order so it makes sense to drive as much value as you can from that effort.
What are the benefits of a successful Privacy by Design programme?
There are several benefits to consider. Firstly, you’ll have a program that is fit for purpose, scalable and adaptable. Privacy by Design mandates that the approach be proactive and privacy must be embedded in to the design. Taking privacy into account from the outset positions the organisation to succeed and be able to adapt moving forwards.
Secondly, implementing Privacy by Design reduces the privacy risk presented to the organisation. Privacy by Design mandates full lifecycle protection, thus privacy must be considered throughout the entire data lifecycle. This in turn respects Data Subjects rights by protecting their data.
Finally, Privacy by Design can save organisations money. Introducing automation reduces the administrative burden on your staff and makes every process, whether it’s onboarding a vendor, completing and data subject access request or responding to an incident more efficient.
What hurdles lay ahead for companies aiming to build compliant and transparent data handling long-term?
The biggest challenge concerns changes to the legislation and geopolitical changes. Privacy has always been a moving target but events like Brexit have intensified the pace of change.
Where previously there was one regulation we now have two and this can result in having to do everything twice. Equally, legislation is being introduced at a fierce rate as countries see the value of privacy and adopt their own programs.
In the USA, there is the introduction of a further wave of legislation as we move ever closer to a federal law. Staying ahead of the curve is by far the greatest long-term challenge. That being said, privacy laws are rarely revolutionary; they mirror other standards and they evolve. If you have a solid baseline in one standard such as the GDPR and you have built your program to be adaptable you are in a great position to respond to changes in the privacy landscape.
→ Session: “Re-Thinking Trusted Data”
→ Time: 10:30 - 11:05 CEST
→ Date: Tuesday 27 September 2022
→ Venue: RAI Amsterdam
Sponsored by OneTrust, PrivSec Amsterdam is part of the Digital Trust Europe Series. The event brings together thought leaders and subject matter experts for an exploration of the issues defining the data protection, privacy and security sphere of today.
PrivSec Amsterdam will feature panel debates and presentation on topics including: Trust & Transparency; International Data Transfers; and Data Ethics.
PrivSec Amsterdam is also available on-demand for global viewing.