GDPR Workshop Reflections & Takeaways

“It was the best of times it was the…”

No really – it was great!  What an exciting opportunity we had at CompliancePoint last week as we hosted our workshop in Atlanta, “Navigating the GDPR.”  As described at the event our goal was more interactive session than boring lecture, and our speakers and attendees certainly delivered on that promise of collaboration.  A special thanks to the CompliancePoint team, speakers from Kelley Drye, SolarWinds, and JLL, as well as more than three dozen brands represented who have kept the conversation going.

In addition to finally learning how to correctly pronounce “pseudonymous” (soo-don-a-mus for inquiring minds) here are a few of my takeaways from the event:

1. Attorneys Made Up the Majority of Attendees – Naturally, this lent itself to some strong opinions and debates throughout the day, but was also telling of where much of the marketplace is in its maturity around GDPR compliance.  With May 25 enforcement looming, many organizations are still determining where GDPR fits into the scope of their risk management priorities and what framework makes most sense for their business.  There is still time to take practical steps toward compliance and our attendees shared and received valuable insights on creating a defensible position.
2. Consent Was a Hot Topic – As we are aware, consent is a cornerstone of GDPR legislation and compliance, and the key to keeping your marketable universe and customer conversations in tact post May 25.  There were many questions around how to best capture consent along the customer journey, while ensuring disclosure language is clear and proactive steps are taken by the data subject to provide consent.  I was reminded of a best practice we recommend called “S.L.A.P.” – which translates to “Speak Like A Person” when considering how consent should be presented to customers.
3. Internal Alignment is a Must – Attendees who got it right (and those left with room to work) pointed toward strong internal alignment and executive sponsorship as an important first step toward creating a privacy culture and progress toward GDPR compliance.  While executive sponsorship spans the C-suite given the nature of financial risk, collaboration across business, technology, and governance was common among those practitioners who are on track for compliance.  It is easy for me to see why privacy professionals are in such demand given so many of the best and brightest minds in the marketplace are solving for this important issue.

“The best time to plant a tree was twenty years ago, the second best time is today.”  I’d like to encourage all of you who attended or are reading to continue your efforts toward the vision of privacy and compliance.  This is a market moving priority and while we all deal with a sense of urgency ahead of enforcement it creates an opportunity for each of us to create immense value in our respective organizations.  Whether you started the journey years ago or last week, action today and forward progress is key.

If you have other takeaways, please share, we would love to hear them!  We are also happy to continue sharing our experience around how we help find, fix, and manage risk related to privacy and GDPR compliance.  With that in mind, be on the look out for follow up materials including updates on future events.

Hope to see you out there!

Rob