On January 16, 2019, Hunton Andrews Kurth hosted a breakfast seminar in London, entitled "GDPR: Post Implementation Review." Bridget Treacy, Aaron Simpson and James Henderson from Hunton Andrews Kurth and Bojana Bellamy from the Centre for Information Policy Leadership ("CIPL") at Hunton Andrews Kurth discussed some of the challenges and successes companies encountered in implementing the EU General Data Protection Regulation (the "GDPR"), and also identified key data protection challenges that lie ahead. The Hunton team was joined by Neil Paterson, Group Data Protection Coordinator of TUI Group; Miles Briggs, Data Protection Officer of TUI UK & Ireland; and Vivienne Artz, Chief Privacy Officer at Refinitiv, who provided an in-house perspective on the GDPR.
The briefing provided an opportunity for companies (the "Companies") to reflect on their achievements so far and to benchmark their GDPR experiences ahead of Data Protection Day, which is on January 28, 2019. A main takeaway of the day was that building a business friendly privacy environment is an ongoing process that must be viewed from a global perspective.
We have summarized below some of the key discussion points from the seminar.
GDPR Implementation Insights
Generally Satisfied with Compliance: While the Companies were reasonably satisfied with the bulk of their GDPR implementation work and are now engaged in fine-tuning their data protection compliance programs, the Companies recognized that a number of challenges remain. Global Privacy Challenges: Data Protection Officers are seeking to move their companies toward sustainable privacy programs that ensure GDPR compliance, yet also address global privacy challenges beyond the GDPR. The Companies view GDPR compliance as important, but not an end in itself, at least not given recent developments in other parts of the world, such as India, Brazil, etc. The Companies recognize privacy as the new normal, and are working to build efficient programs to address privacy challenges at an international level. Maintaining a Culture of Privacy Awareness: Maintaining and developing a culture of privacy awareness within their companies is a key concern for privacy leaders. Some business leaders viewed the GDPR as a completed task once the implementation date of May 25, 2018, had passed, rather than an ongoing responsibility; and privacy leaders have been working hard to correct this view. Territorial Scope: Many of the Companies have struggled...