DP2017: Vodafone's Jo Blazey

Jo Blazey is Vodafone UK’s Privacy Officer & Counsel and leads its privacy team, responsible for its privacy programme, working on all aspects relating to Data Protection and GDPR. Prior to joining Vodafone Jo worked in private practice for Taylor Wessing and Thomas Eggar.

Blazey worked for several years at Vodofone UK on corporate contracts before feeling the allure of data.

"My interest and knowledge of data protection was almost non-existent. But I began to see that these data issues were quite interesting and wanted to review the privacy risks," she says about her work at Vodafone.

"In 2014 I saw they were advertising for the role of Privacy Officer. I managed to persuade them that I was the one for the role. Would I have taken the role if I knew about the tsunami of change? Safe Harbour, Snowden, GDPR, so much change. In two years I have aged 20 years, but enjoyed it, and through all the changes there are three consistent themes," she says.

"My first theme is the importance of maintaining customer trust when there is so much concern about data. You have to be primed to deal with a breach to keep customer trust.

"Second, everyone wants to be more data-driven. That’s happening when the public are becoming more aware about the kind of data kept about them. They know about ads following them and there is something happening behind the screen, but they are not sure how that is happening. That savviness is coming.

"This comes through in the GDPR, giving back control to individuls. Are we the eyes looking in from the cartoon above?" she asks.

"My third theme is regulatory change of GDPR and its rowdy sbling, ePrivacy reglation. We are continuing to go on with privacy by design, and the overarching requirement of accountability. How do we get our heads around that - what does it mean?" she asks.

She says GDPR experts are out there and happy to offer advice on compliance. But when is the guidance coming? What are the requirements? "I try to keep it simple," she says. "I’m asking three questions:

• What personal data do you have?
• Where is it?
• Why?

"Are there the right security systems in place? Those kinds of questions," she says.

She introduces Bob, a marketer. "Let’s say he runs a mobile company," she suggests.

"Bob wants to run a marketing campaign. Let’s say to remind customers in airports about roaming fees and offer them a voucher. He goes to legal."

She says that this is where there is a point of difference.

"He has a run in with the legal team, who explained that consent has to be unambiguous, specific, informed and freely given. Bob is stressed. He would like to keep the ‘opt out’ on page 54 of the privacy policy," she says.

But our marketer can see an opportunity.

"He works to create something in jargon-free language to explain to customers why they wouldn’t want to miss out on hearing from the company. He has ‘optimised’ consent. It’s jargon free and compliant," she says.