“Insights on GDPR in a Data-Driven Economy” forum
Aphaia attended the ‘Insights on GDPR in a Data-Driven Economy” forum jointly organized by Denae and University Queen Mary of London.
The “Insights on GDPR in a Data-Driven Economy” forum took place last Tuesday 29th in Madrid. It was a half-day event where some of the most relevant professionals in the industry talked about the Supervisory Authorities roles upon the GDPR, data protection implications of Brexit and the upcoming ePrivacy Regulation.
One of the main points stressed by the speakers was the fact that GDPR is not all about fines. In words of Dr. Ian Walden, Professor of Information and Communications Law and Director of the Centre for Commercial Law Studies in Queen Mary University of London, “the whole process of ensuring compliance with the appropriate rules in order to protect data subjects’ rights is not only based on fines”. In a similar way, Rafael García Gozalo, coordinator of the International Area of the Spanish Supervisory Authority (AEPD) stated that “in the AEPD strategy plan 2015-2019, enforcement does not appear as a main target. It does not mean that the AEPD is not going to enforce, it only means that the way the AEPD is conceiving their supervisory role is not primarily aimed at enforcement”.
The forum was comprised by three interesting panel discussions:
The sources where the enforcement actions originate from were discussed in the first panel. It is remarkable that 50% of data protection fines come from data subjects’ complaints. This means that not only a static compliance matters, but also how the controllers respond to their customers, users or employees concerns and to any accidental data breach makes the difference too. Mitigation measures should be placed at the top of compliance procedures.
The second panel focused on Brexit. Being data transfers one of the main concerns of businesses in case of hard Brexit (as detailed by Dr.Bostjan Makarovic in our blog), the speakers pointed out the importance of the Standard Contract Clauses in this regard, and also the need to update them in line with the GDPR, as they were approved under the former Directive 95/46/EC.
The last panel was comprised by talks that covered issues as compliance as a service, the roles of the data controllerand the data processor and the principal security architect-secureworks.
We are very grateful to Ian Walden for inviting us to this interesting forum and we also want to thank Cristina Morales, Mabel Klimt, Estrella Gutiérrez, Rafael García Gozalo, Silvia Ruiz, Raúl Rubio, Paula Ortiz, Ulrich Wuermeling, Christopher Millard, Laura Aliaga and Alfredo Reino for their much valuable contributions.