DP2017: Next steps with the DMA

Get Ready

The countdown is on.

As we enter the final phases of preparation for GDPR in May 2018, DMA CEO, Chris Combemale lead a day of talks and breakout sessions surrounding Data Protection and the crucial next steps that need to be considered.

"This period for many companies is filled with uncertainty and confusion," he says of some concerns around the laws, "Much of it is genuine concern around doing the right thing – some of it fuelled by opportunist chasing legal experts and very conservative guidance at large companies."

"Much concern emanates from a lack of guidance on how the GDPR might be applied." says Combemale of many companies’ unease around implementation. "At the DMA we have been caught in a bit of a chicken and egg situation on whether we should proceed with comprehensive guidance for our sector or wait until Article 29 has been published with guidance."

Announcing that the DMA will proceed to develop a complete set of guidance around Accountability, Consent, Legitimate Interests and Profiling, he maintains the support is there: "Available from October – guidance will be supported by IDM training modules, as well as Legimate Interests and a complete IDM Certificate in GDPR."

Accountability

A key principle, "Accountability will be one of the primary issues that will be looked at in terms of any breaches or investigations after May 2018" says Combemale, "Every company is responsible for evaluating its activity to determine if what it is doing is consistent with a transparent and honest relationship with its customers."

"Certain fundamentals are essential: a company must know what data it is collecting and on what basis, what it is doing with it and on what basis, where it is stored, whether it is safe and secure."

Beyond that, "A company must create a culture of accountability," he states in relation to internal communications "All employees should be trained to consider the impact on a customer’s privacy."

"Our IDM training and DMA guides will produce templates, how to's and case studies in key areas, such as privacy by design and privacy impact assessment – essential tools for everyday business."

ePrivacy

With battles being fought in parliament, the ePrivacy Regulation is not one to be ignored.

A sole focus for both the DMA’s and Fedma's advocacy teams in Brussels, tha latter that Combemale co-chairs. "The team are focused on addressing alignment between GDPR and ePrivacy, in particular, getting Legitimate Interests into ePrivacy as a basis for data processing so that the same bases in GDPR apply across all channels."

Describing the proceedings as an uphill fight, Combemale also comments on B2B becoming opt-in, stating that "We are strongly lobbying that B2B would be excluded from this."

And Next?

"One day at a time," says Combemale, "The key takeaways are companies need to adopt a customer-centric approach understanding all data they touch and engaging with all levels across their business."

"GDPR is here to stay and needs to be fully embraced by all – and that goes far beyond 25^th May 2018."