Webinar – The true differentiator in GDPR: Trust

Data Trust AssociatesGDPR

We recently collaborated with Belgian consulting firm Micropole to offer a webinar which covered understanding the impact GDPR will have on your business and discovering the benefits of the unique approach of Micropole and Data Trust Associates in this area.

The presentation was presented by Christoph Balduck, Managing Partner at Data Trust Associates and Kristof Gobbens, Practice Lead Data Governance, Micropole and was structured as follows:

  1. An introduction to GDPR
  2. Outlining our unique approach
  3. The partnership between Micropole & Data Trust Associates
  4. Q&A
Webinar Info
Please see the video above for the recording of the live presentation. You can also see detailed notes of the event below.

Time remaining until GDPR comes into force


As of the date of the webinar, the following time remains until GDPR Implementation Day on May 25th 2018:

  • 372 calendar days, or
  • 266 working days, or
  • 53 weeks, or
  • 12 months, 0r
  • 8,928 hours!

GDPR Principles


Christoph outlined some general GDPR Principles that apply.

  • Legal Ground
  • Purpose Limitation
  • Data Minimisation & Privacy by Design & default
  • Proportionality
  • Data Quality Classification and sensitive data
  • Data Sharing
  • Data retention
  • Data transfers / exchange
  • Transparency in processing
  • Subsidiarity
  • Data Subject Rights
  • Compliance (proven)
  • Integrity & trust
  • Accountability
  • Adequate protection / security

GDPR Compliance with a Risk Based approach


Christoph Balduck started off the webinar talking about how organisations are encouraged to take a risk based approach to GDPR. In particular this is due to the fact that, in practical terms, many organisations just do not have enough time to fully prepare and execute all required organisational changes in advance of May 25th 2018 and therefore, some form of risk acceptance is required.  In summary:

  • How much risk are you willing to accept as an organization?

List of topics on your road to compliance


Christoph outlined some of the many topics that may be considered by an organisation as regards GDPR compliance, which included:

  • DPP Strategy, Program & Business Case
  • Privacy charter and DPP principles
  • GDPR & DPO team & Full org set up
  • DPO
  • Data Categorisation and Register
  • Training, awareness, coms & change management
  • Information Security (ISO27001/1)
  • Data Breach Procedures, training, contracts, incident response plan, …)
  • Legal ground, consent including management / documentation
  • DPIA
  • Data Subject Rights
  • Data Portability
  • Vendor & Processor / Joint Controller management
  • Privacy by design and default
  • Profiling
  • Cross border transfers
  • Data retention & how to apply
  • Increase Trust & Act Ethically
  • Big data & (Advanced) analytics
  • Reusing existing (IM/DM..) capabilities
Click to enlarge

The DTA Trust Model


Christoph outlined the Trust Model that is the core of the Data Trust Associates offering, which included areas such as:

  1. Regulatory Compliance
  2. Customer Centricity
  3. Operational Excellence & Analytics
  4. Social Responsibility

He went on to note:

  • Trust is going to be the vital factor
  • It’s about making sure that your customers, employees and data subjects trust you
  • When dealing with GDPR, look at it from more than just a compliance standpoint
  • GDPR will force you into investing in a number of areas, such as:
    • Information & Data Management
    • Retention / archiving
    • Process Optimisation
  • Doing so will also benefit your overall business case in addition to getting towards GDPR compliance
Click to enlarge

When trust becomes a crucial topic


Christoph extrapolated on how the trust concept can have a direct impact on the Business Case of the organisation.

  • Business KPI’s are directly related to trust
    • Customer Life Cycle Value & Churn
    • Conversion rates of customers
    • Employee Retention
  • GDPR Puts the data subject (e.g. customer) in a stronger position
  • Lack of trust + GDPR = easy for customers go to a competitor, easy to be forgotten, etc
  • A key point is making GDPR efforts sustainable (and not just focused on May 25th 2018)

Positioning (The Data Trust Associates and Metropole partnership)


Both presenters went on to talk in further detail about how the partnership between Micropole and Data Trust Associates works.

  • Strategic (DTA)
    • Privacy & Data / Info Strategy
  • Tactical (DTA)
    • Plans, Roadmaps, capabilities
  • Operational (Micropole)
    • Architecture, guidance, TOM, governance, framework, etc
    • Collaboration with top vendors
      • (Data Trust Associates are fully vendor agnostic)

DTA Strategic & Tactical Services


Christoph outlined the five key service areas offered by Data Trust Associates, which are:

  1. Data Privacy & Protection
    • GDPR Assessments
    • Advisory & Consulting
    • DPO as a service
    • DPIA as a service
    • Program development
  2. Information & Data Management
    • Information strategy
    • Advisory & Consulting
    • CDO as a service
    • Program development
  3. Data Ethics
    • Ethical Research
  4. Training
    • Corporate Training
    • Events

Micropole Operational Services


Kristof from Micropole described the Micropole Operational Model which has Data Governance at it’s core.

Text

He said that you don’t want a situation where there is a conflict with the functions that own the Data in your organization (Data Goverance) with the GDPR / DPO roles.

A unique combined end to end offering (DTA & Micropole)


  • Scan
    • What is your data
    • What is the scope of your personal data
    • What is personal data in my company
    • 80-85% of all data sets contain personal data
  • Programs
    • The offering provides an end to end solution that includes project/program management, the legal part, the strategic tactical part and the operational part.
  • Guidance & Implementation
    • Gaps in existing programs / questions / issues etc
  • Maintenance
    • 25 May 2018 is the START OF GDPR, not the END OF GDPR
    • Many GDPR projects are scheduled to end May 25th. This is a mistake as National Governments can and most likely will add additional provisions to their local implementations of GDPR and as such, a maintenance process should be in place to keep abreast of any additional regulatory requirements going forward
Click to enlarge

About Micropole


Kristof outlined some key points regarding the size of the Metropole offering:

  • 1,100 Employees
  • Turnover of 100 million euro (2016)
  • 30% of turnover is international
  • 7 Countries in the world
    • Belgium
    • France
    • Luxembourg
    • Netherlands
    • Switzerland
  • 3 Locations in Belgium employing 90 consultants
    • Zaventem
    • Ghent
    • Liege
  • 3 Locations in China
    • Hong Kong
    • Beijing
    • Shanghai

Micropole Differentiators


Kristof outlined some key Metropole differentiators which are:

  • Broad International experience in Information Management and Data Governance
  • Resource pool of 83 skilled specialists
  • True vendor and tool agnostic
  • Partner relationship with several top IM vendors
    • SAP
    • IBM
    • INFORMATICA
  • High profile references in end-to-end IM implementations
  • Combining business knowledge with technical expertise

Micropole Customer Base


Micropole are strong player in Business Intelligence and Data Governance market and serve sectors such as:

  • Banking & Insurance
  • Life Sciences
  • Industry
  • Media & Telecom
  • Retail & Mass Consumption Products
  • Public Sector
  • Services

About Data Trust Associates


Christoph outlined the key elements of the Data Trust Associates organisation:

  • DP Forum
  • Locations
    • Belgium
    • UK & Ireland
  • 15 people
  • Services
    • Data Privacy & Data Protection
    • Information Management
    • Consultancy
    • Training
    • Events
    • Coaching
  • Young company
  • Top experts in Data Privacy and Protection
  • Involved with GDPR for many years
  • 15-20 years experience in Information and Data Management
  • DP Forum not for profit
Click to enlarge

Data Trust Associates Differentiators


Christoph outlined the key differentiators for the Data Trust Associates offering:

  • Experienced DPP Resources
  • Focus on Data Privacy and Protection
  • Information and data driven
  • Strong alliance with legal companies
  • Work with technology vendors
  • Training & coaching provider
  • Ethics & Trust – take the long term view

DTA don’t necessary do implementation themselves. Instead work with partners such as Micropole to do that.

DTA are completely vendor agnostic.

Upcoming GDPR Events


  • Data Protection Forum • May 23rd, Meetup Transforma Brussels

    • Free for customers and prospects
    • 3 x 20 min presentations on how to deal with practical challenges when implementing GDPR
    • Expert panel open to all your GDPR questions
    • Click here to register
  • Micropole • June 15th, Live Event (1/2 day), Van Der Valk Hotel Zaventum

    • Speakers from IBM and Information
    • Content to include explanations of how their tool stack assist with GDPR compliance
    • Light panel discussion
    • Session to be a bit more technical
    • Interested participants should e-mail sophie.tahir@micropole.be for more information about how to join this event
  • Micropole & Data Trust Associates • June 13th & 14th, Business Facility Vilvorde   

    • Day 1 – In-depth introduction to GDPR Legislation
    • Day 2 – Use Case demos from real-world scenarios in this area
      • Content can be tailored to your specific industry or area of expertise
      • Interested participants should e-mail sophie.tahir@micropole.be for more information about how to join this event

Q&A


  • Q. How do you feel the marketing in Belgium is developing in terms of organisations and a sense or urgency regarding GDPR?
  • A. GDPR is on the agenda of most boards and companies.
    • What exactly is it?
    • How deep & how profound do we have to implement this
    • How hard are out penalties going to be? (This is still vague for many organisations)
    • Some companies are attempting measures in an unstructured way
    • We prefer obviously a more structured approach
    • Awareness is there
    • Knowledge is the next step
    • From September on we expect a lot of companies to start investing in this
    • We see a lack of skilled resources from September onwards

 

  • Q. Can you give us an example on how you can increase trust with your customers on GDPR?
  • A. In GDPR, one of the principles relates to the rights of the Data Subjects to access their information. Instead of being burdened by this, there is the opportunity to create an open and transparent dialogue with your customers as regards how you communicate to them how you are processing their data (via your Privacy Policies etc) e.g. creating a “My Privacy Page” which outlines this
  • Your customer will see what type of data the company has on them and also the reason why the company has this data
  • The customer who can see what data you have about them, will be much more likely to trust you and will probably result in less Data Subject access Requests because there is full transparency
  • Be proactive with what you are doing with GDPR
  • Talk to your customers about what you are doing and why as regards GDPR compliance perpetrations

Contact Details for more information


Both Christoph Balduck from DTA and Kristof Gobbens from Micropole can be contacted on the details shown below:

Kristof Gobbens

Christoph Balduck