The topic of data protection, and the EU’s new General Data Protection Regulation (GDPR), is on the mind of many telecoms risk professionals. The potential fines for non-compliance with GDPR are enormous, but many European businesses are unsure of what they need to do by the time the new rules come into force, in May 2018. And businesses outside of the EU also need to understand the new expectations, if they receive and process the personal data of EU citizens. With so many telco people needing advice on this topic, I reached out for help from Rachel Goodin, one of the best consultants I have had the pleasure of working with. As well as being a former telco auditor and a senior information risk consultant, Rachel is currently helping her business to grapple with the challenge of data protection.
Whilst some consultants write reports that repeat what others have said, and prefer to glide over serious issues, Rachel concentrates on really solving the problems that businesses face. These days data protection is one of the most significant operational challenges facing telcos, as they seek to collect and process an increasing amount of customer data, but also fall prey to data breaches and malicious hackers. Rachel knows plenty about data protection; she is Head of Control Environments at Ocado Technology, a UK business that has automated the process of ordering food online, then delivering it to people’s homes. Her responsibilities include instigating and overseeing Ocado’s program for ensuring compliance with GDPR. Rachel is also known to be generous with her insights; the photograph above shows Rachel giving a well-received presentation about GDPR to the audience at RAG Bonn. So it was a no-brainer to ask Rachel to join me for episode 31 of the Commsrisk podcast, so she could address the issues raised by GDPR.
You can listen to the interview by pressing the ‘play’ button at the top of this article. Or you can download the mp3 file by clicking here.
During the interview Rachel referred to many useful sources of information about GDPR and data protection in general. Here are some links to resources that Rachel recommends:
- Guidelines issued by the EU’s Article 29 Data Protection Working Party:
- on the right to data portability
- on Data Protection Officers (DPOs)
- on the lead supervisory authority
- on data protection impact assessments (DPIAs)
- on personal data breach notification
- on automated individual decision-making and profiling
- Advice about GDPR from the Information Commissioner of the Isle of Man
- Website of the UK’s Information Commissioner
- IT Governance, providers of GDPR training and certification
- The International Association of Privacy Professionals (IAPP)
- The Association of Data Protection Officers
If you enjoy the Commsrisk podcast then you are welcome to subscribe for free via the iTunes Store, and Android users can follow the podcast via Blubrry. If you do, then you will never need to worry about missing a future episode.