Meet the expert: Merilyne Davies among guests at PrivSec: World Forum

Part of the Digital Trust Europe Series, PrivSec World Forum sponsored by OneTrust is a two-day, in-person event that takes professionals to the heart of the debate on all things data protection, privacy and security.

PrivSec World Forum takes place at Park Plaza, Westminster Bridge, London on June 7 and 8, creating a must-attend environment for security professionals who want to network, share knowledge and learn from a broad range of subject matter experts.

Chief Privacy Officer at RX Global, Merilyne Davies will be leveraging her expertise at an exclusive PrivSec: World Forum panel debate on Data Subject Access Requests and the role they play in building the essential trust upon which all business relationships depend.

We spoke with Merilyne about her career pathway to date, and to learn more about good practice when dealing with DSARs.

Could you describe your professional journey?

I celebrate my 20th year in privacy and data protection this year. My career began as a Data Protection Executive Officer, handling DSARs.

Since then, I worked my way up to holding DPO positions in a number of amazing organisations from the Metropolitan Police Service to LexisNexis. Now, I am the Chief Privacy Officer for Reed Exhibitions, proudly leading our global centre of excellence for privacy and data protection.

Why have DSARs become such a cornerstone of data protection rights?

Data Subjects have a number of rights to which they can exercise under the GPDR, LGPD etc. However, it is DSARs that enable Data Subjects to effectively exercise and enforce their remaining rights, where applicable.

Without access, the data subject may find themselves feeling around in the dark when trying to assert some control around what and how organisations process their data.

What role do DSARs play in improving transparency and building consumer trust?

In my experience, an individual submits a DSAR either due to curiosity (‘where did you get my data?’), or, the relationship has broken down between the individual and the Data Controller (including pre-litigation discovery).

Both scenarios provide additional transparency mechanisms to your privacy notices etc. However, when DSARs are ‘weaponised’ it can be challenging to use the DSAR process as an opportunity to rebuild consumer trust. We will discuss what measures organisations may take to achieve this during our session at PrivSec: World Forum.

What are the key challenges that organisations and businesses are facing when it comes to improving efficiency around providing DSARs?

Challenges can range from request volume / complexity vs lack of resource to ineffective data inventories and data discovery tools. At PrivSec World Forum, my fellow panel members and I will discuss the different strategies and tools that privacy pros may wish to consider for their organisations.