Tag: Privacy

Data Governance Information Technology Privacy

So, how much is this damn CCPA thing gonna #$@&%* cost me?!

By Rafael Moscatel, CIPM, CRM, IGP

The short answer? A lot, but not as much as you might have been told…

As I’ve traveled around California doing my “Blessings of the CCPA” presentation, I’ve been asked repeatedly about the “average” cost of a CCPA solution from CFO’s, GC’s and IT folks alike. It’s a loaded question as there are many requirements to the law, from policy and website disclosures to consumer data request obligations. One size does not fit all and your organization needs to spend time methodically planning its approach before setting aside budget and other resources.

While some unprepared organizations may need to beef up spending in the near-term, others may end up refining their programs over the coming years as they realize their initial investment wasn’t as strategic as it probably needs to be.

ILTA Blackberry and CAPP Presentation
At the San Diego ILTA Presentation of “Preparing for the California Consumer Privacy Act”

Decision makers, consider the following:

  • What’s our true risk exposure based on the personal data we already collect, sell, barter, manage, etc. on behalf of our business partners?
  • Can we do this all in-house or should we outsource some of it?
  • Do we have any existing talent and software that might help streamline some of the CCPA’s major workstreams like data mapping?
  • What kind of fundamental changes are we willing to make to our IT infrastructure?
  • Do we fully automate self-service requests through API’s and is that even the right idea, long-term, given our risk, the evolving nature of IT and emerging legislation?
  • How can taking a principle based approach to privacy using concepts like data minimization to insulate us going forward?

Click here for a free CCPA Roadmap from Compliance and Privacy Partners.

Clearly, all of us subject to the law need to protect our business and expect some activity, whether it be through consumer requests or even the limited right of private action afforded by the CCPA. That doesn’t mean you turn your entire organization upside down and fork over hundreds of thousands of dollars in licensing ransom! Change management on this scale first requires proper risk analysis, roadmapping and getting stakeholders to buy-in and be accountable.

Then what’s my next step?

Before you embark on this journey to become a privacy-centric company, the real question you should be asking yourself is….

Are there consultants and affordable software solutions out there that will leverage our resources and best minds to help us implement a proportional strategy that protects us? 

The answer to that last question is YES!

Slide4
CAPP’s California Consumer Privacy Act Roadmap

Long-term solutions need to be fact-based and reasonable, recognizing the unique facets of your culture and business model. Big, complex and expensive isn’t always better.

It’s true there are some amazingly fancy privacy software products out there. But do you really want to spend a quarter to half-a-million dollars a year to fend off what might ultimately be a handful of consumer requests and opt-outs, when you can do the exact same thing with a far less expensive and better tool?

The bottom line…

There are so many vendors playing in the privacy space today and way too many folks are impulsively investing either too heavily or disproportionately in them just to “check the box.” Yes, of course you need to “check the box,” but running headfirst into this regulatory challenge could leave you with a budget nightmare and organizational headache you’ll soon regret.

The bottom line is your investment needs to be proportional to your risk profile and the complexity of your infrastructure and organization. Even then, you may not need a solution that costs you hundreds of thousands of dollars when you could be compliant and sleep comfortably for under $50,000 a year.

Call us today at 323-413-7432, schedule a free consultation or visit us at www.capp-llc.com to learn more about our tailored privacy compliance solutions.

Posted in: , , , , ,
No comments
GRC Information Governance Privacy Records Management

California Dreamin’ – A Free Roadmap For your CCPA Journey

By Rafael Moscatel, CIPM, CRM, IGP

What is the CCPA and why should you care?

In response to recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size. Yet each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.

What you need to know and do to ensure compliance with California’s new Consumer Privacy Act

New regulations governing use of customer and personal data needn’t be burdensome.  Rather, they help reduce expenses and monetize the information lifecycle, identify opportunities for better governance to avoid fines and litigation exposure and foster trust to enhance customer experiences. Download this FREE detailed CCPA roadmap to see how you can get your company on the path to compliance.

This slideshow requires JavaScript.

Our CCPA and GDPR engagements include:

  • Data and resource mapping
  • Conducting gap and risk assessments
  • Controls evaluation to standards
  • Establishing governance with clearly defined roles and responsibilities
  • Policies and procedures review
  • Domestic and International legal review of privacy and security policies to fit the organization’s risk profile and culture
  • Consumer data request and delivery mechanism (including website notices)
  • Providing education and training
  • Design of role-based access control (RBAC) rights
  • Privacy impact assessment (PIA/DPIA) during product design

Third Party Due Diligence Support

  • Pre-contract due diligence and consulting
  • Cloud services guidance
  • Managed security services (build or buy guidance)
  • Third-party management program/policy

Our consulting and software solutions enable clients to comply with CCPA provisions 1798.110(a)(4), 1798.100, 1798.105, 1798.110, 1798.120, 1798.145, 1798.140, 1798.150

Call us today to see how we can help you with:

  • California Consumer Privacy Act of 2018, Amendments and Rulemaking
  • HIPAA/HITECH Security, Privacy and Breach Notification Rules
  • Generally Accepted Privacy Principles (GAPP)
  • EU’s General Data Protection Regulation (GDPR)
  • ISO/IEC 27001-2:2013
  • CIS Top 20 Critical Security Controls (CA AG requires)
  • SEC OCIE Cybersecurity Initiative
  • NIST Cybersecurity Framework
  • U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation)
  • Applying Risk Management Program Management and Principles
Posted in: , , ,
No comments
Information Governance Information Technology Privacy

Williams Data Management to Host Data Protection Lunch with Compliance and Privacy Partners at Century City Chamber of Commerce

By Rafael Moscatel, CIPM, CRM, IGP on

Media Contact: Ally Bertik ally@marketingmaven.com (310) 405-0358  

Williams Data Management to Host Data Protection Lunch at Century City Chamber of Commerce

Leader in Data Protection Partners with Cyber Hygienist and Technology Expert to Discuss How Fiduciaries Can Prepare and Protect Their Businesses for Data Breaches

­­­­­­­­­­­­­­­­­­­­­­ _____________________________________________________________________________

LOS ANGELES.  – (September 18, 2019)  Williams Data Management, southern California’s leader in data protection, has partnered with Rafael Moscatel, managing director of Compliance and Privacy Partners, and George Baldonado, president and CEO of Oasis Technology, Inc. to host a “Data Protection, A Primer For Your Fiduciary: It’s Your Business, Protect It!” lunch​ in conjunction with the Century City Chamber of Commerce. The panel will take place from 11:30 a.m. to 1 p.m. on October 3, 2019 at Greenberg Glusker, 1900 Avenue of the Stars, Suite 1400 in Century City, California.

Data Protection Pro, Douglas C. Williams, president and CEO of Williams Data Management will discuss how small businesses can take advantage of a data breach reporting service powered by CSR Privacy Solutions, Inc. to enable companies to protect Personally Identifiable Information (PII). Other topics will include the California Consumer Privacy Act (CCPA), cyber security protection and data governance.

“We are thrilled to lead the conversation for fiduciaries on how to better protect their businesses,” said Williams. “Our goal is to keep your information safe, secure and available regardless of what it is or where it is stored. We hope to provide a clear solution for companies in all industries moving forward, especially with our new data protection suite that provides a pathway for self-assessment and structural gap analysis for internal management.”

Guests will have the opportunity to network with business professionals, engage in this informative panel with expert sources and enjoy lunch provided by Williams Data Management.

To learn more or register for the data protection lunch, please visit https://business.centurycitycc.com/events/details/data-protection-a-primer-for-your-fiduciary-it-s-your-business-protect-it-1704.  

About Williams Data Management

Williams Data Management is southern California’s leading source for data protection management. The company educates, consults, has the source materials, and provides the structure for self-assessment and corporate plan structure for information breach notifications in the United States. Over the last decade, the firm has become an expert solution provider, offering professional records management, data protection, imaging and digitization, cloud storage and certified data destruction services to all sectors and sizes of businesses.

Williams holds numerous certifications for data compliance and destruction including SSAE16, NAID “AAA” Certification, and is a member of PRISM. For more information, visit www.williamsdatamanagement.com or call 888-478-FILE.

About Century City Chamber of Commerce

The Century City Chamber of Commerce is one of Los Angeles’ most active, involved and relationship-driven chambers. The chamber places a special emphasis on its members working together to build effective relationships and relevant programs that help individuals and companies expand their marketplace reach. Under the clear and powerful guidance of many energetic committees and councils, the Century City Chamber has grown to encompass representatives from virtually every industry, helping to make Century City one of Los Angeles’ most prestigious business communities. From the largest corporations to mid-sized businesses and emerging entrepreneurs, its diverse members thrive with one another and with key decision makers.

#           #           #

Posted in: , ,
No comments
Business Processes Data Governance Privacy Records Retention Policy

7 Ideas For Preparing Data In The Age Of Privacy and Information Governance

By Rafael Moscatel, CIPM, CRM, IGP on

7 Ways To Prepare Data In The Age Of Privacy and Information Governance

7 Tips for Data Preparation in the Age of Information Governance

Content may still be king, but now the rights to some of it may belong to the people! In response to the EU’s General Data Protection Requirement (GDPR) and recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size but each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.

Notably, while many companies are already familiar with records retention laws, these latest controls also introduce a duty to destroy data once no longer required for a legitimate business purpose. For entities that have grown accustomed to leveraging cheap digital storage, this new responsibility presents a number of logistical hurdles.

However, directives on how you may use your customer’s data or any other information you store doesn’t necessarily have to be burdensome. In fact, these new guardrails present numerous opportunities to implement better governance, monetize the lifecycle of information assets and foster trustworthy relationships that can actually enhance the customer experience.

These 7 tips can help prepare your data to support an IG strategy:

  1. Automate Retention Schedules – Legal and compliance requirements are the cornerstones of corporate governance programs. Yet tracking the multitude of historical and emerging state, federal and international laws and regulations that affect your data decisions can be a monumental task that even the most robust law departments aren’t prepared for. Consider leveraging SaaS software to keep your Risk, Compliance and Legal staff current on the latest citation changes to these nuanced instructions. These tools empower you to defensibly destroy and cleanse costly data no longer useful to your organization.
  2. Cover Your Assets – Satisfying new compliance requirements like GDPR and CCPA means it’s not enough to simply know what kinds of records you keep, you need to know what systems they’re kept in and how that data flows between them. That’s why Chief Data Officers and Enterprise Architects are increasingly embracing asset management tools that not only perform diagnostics on their application stack but allow them to inventory their attributes and map related processes that inform long-term strategic roadmap planning. Tools like these also help support application rationalization projects which in turn aid in classification and disposal of unneeded data.
  3. Introduce Big Buckets – The biggest challenges with enforcing retention across an enterprise are “event triggers” that complicate how long sets of records must be retained. For example, an employee file might be held X years following a termination “event.” Big Bucket strategies allow you to simplify and group “like” records together to support more efficient destruction actions while assuming some risk. Work with your governance partners to determine reasonable standards for a Big Bucket policy and quantifying the acceptable amount of risk your company is willing to assume to achieve cost and efficiency benefits.
  4. Enforce Legal Holds – Cleansing your data lakes and silos to save costs and minimize risk is an exercise in defensible destruction but requires awareness of outstanding legal holds. A company that spoliates evidence subject to a legal hold, even without malice, can be fined and suffer adverse inference litigation rulings resulting in unfavorable judgments. Additionally, healthy oversight of records under a preservation hold doesn’t just make good legal sense, it can also help better identify opportunities for even more defensible destruction, cost reduction and risk mitigation.
  5. Activate File Analysis – The tricky thing about new laws like the CCPA is that they require companies to find and produce data for the consumer wherever it exists. That can be a cumbersome test for many entities that have hundreds or thousands of repositories. Luckily, advanced File Analysis tools can plug directly into your network and help quickly identify sensitive and personally identifiable information (PII). They can also help you deduplicate records and find redundant, obsolete and trivial data clogging your systems, also known as ROT. These tools produce a tangible ROI that management can point to as a prime example of why IG works.
  6. Embrace Content Migrations – Unless you’ve only lived in one home your entire life, you’ve probably experienced the cathartic process of cleansing your old wares in preparation for a move. Bringing in a new content management system is not much different and it’s a unique opportunity to apply retention to your data, discard ROT and provide employees with more accurate knowledge resources.
  7. Bake-in Best Practices – Information Governance is not a “one and done” proposition, it’s a rinse and repeat discipline that only works when management sees to it that organizational culture is along for the ride. These days a basic understanding about data handling is vital for every new hire. Concepts like records retention, data protection and privacy should be part of any overall corporate training plan.

By complementing policy frameworks and toolsets with the types of Information Governance approaches noted here we can better enable our workforce to hone their knowledge skills, achieve defensible destruction and improve audit outcomes. In effect, we are future proofing ourselves for a business world destined to face increased scrutiny and under siege from data breaches and privacy issues with seemingly no end in sight. IG is the bright light at the end of that tunnel.

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.

Originally published in Document Media Magazine, July 2019.

Posted in: , , ,
No comments
Ethics GDPR Information Governance Privacy Professional Development

UPCOMING PRIVACY WORKSHOP IN LA 7/31: Leveraging a GDPR Compliance Investment for CCPA / Privacy By Design

By Rafael Moscatel, CIPM, CRM, IGP on

UPDATE: Presentation Slides Included Below

ARMA-GLA Summer Spotlight Workshop

LEVERAGING A GDPR COMPLIANCE INVESTMENT FOR CCPA / PRIVACY BY DESIGN WORKSHOP

Part I – Join European attorneys and privacy compliance experts from Brussels based law firm Ethikos to learn how to leverage GDPR compliance investments for California’s new Consumer Privacy Act. In this presentation they’ll review key data protection concepts and privacy by design strategies already in place across the EU and explain how they’re now spreading throughout the United States. Find out what you need to know about the rules of transferring data and records internationally, PII records retention requirements, rules for managing content on customer facing websites and the impact of these new records management guidelines in contract negotiations.

SELECT THE LINK BELOW TO VIEW THE WHOLE  PRESENTATION.

ETH-CAPP-2019-LA-PbD

Part II – Meet solutions engineers from Active Navigation who will show you real world examples of how state of the art privacy software helps apply concepts and rules from GDPR and CCPA directly into an information lifecycle program. Learn about machine learning classification, consent validation, uncovering dark data and many more intricacies of implementing a privacy framework as part of your Information Governance roadmap.

Presenters

Miguel Mairlot, Ethikos Law Firm, Brussels

Miguel Mairlot is a trusted compliance expert, with significant breadth of experience across Europe. He provides clients with advice and support on all aspects of their compliance program. His areas of expertise include Asset Management, Wealth and Insurance businesses to cover cross-border regulatory issues, risk management, contractual documentation and product development, advising and influencing senior stakeholders at executive committee level, enabling them to meet their responsibilities across a range of group policies and local requirements, including MiFID II, GDPR, AML, ABC and Sanctions. Before Ethikos, Miguel has worked for prestigious international law firms and financial institutions as Head of Compliance. Miguel speaks English, French, Dutch and is a Certified Compliance Officer (Febelfin Academy) since 2013 and a Data Protection Officer. He has written and spoken widely on compliance and financial law topics and teaches at the Cooremans Institute. He also serves on the Editorial Board of “la Revue de Droit Bancaire et Financier”.

Posted in: , ,
No comments
Artificial Intelligence Information Governance Information Technology Interview Professional Development

Building the Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray of the City of Burbank

By Rafael Moscatel, CIPM, CRM, IGP on

Building a Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray, CIO of the City of Burbank

Eleventh in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.

Kevin Gray is the Chief Information Officer for the City of Burbank, leading an IT department responsible for administrative and network management, geographic information systems and technical services for more than 1400 city employees across 15 departments. Before assuming this role he served as VP of Global Media and IT for Viacom, one of the world’s premier entertainment companies, overseeing an international team located across six continents. He received his Bachelor of Science from California State University, Long Beach and is a certified Scrum Master and PMP. I spoke with him over lunch this May about aligning governance with business strategy, balancing risks and opportunities in AI and his insights on career growth.

Kevin, you began your career path at Orion Pictures administering Unix systems and then directed data center ops for DreamWorks. How did this early hands-on experience with application design and DB administration prepare you for future IT leadership positions at Viacom and ultimately the CIO role with the City of Burbank?

Well I started out on a service desk actually, really at the entry levels in IT, and I’ve been lucky to have grown up through all aspects of it. I think climbing that ladder one rung at a time definitely helped give me a clear vision to see across all the disciplines of technology.  It enabled me to see the forest through the trees, the big picture, gave me the ability to design operations, develop strategy… and equipped me with a vision to incorporate it all. And now I can more thoughtfully pull together a clear plan for how to run an organization, understand how to innovate, how to drive change through both a specific business unit or an organization. Experience is what best prepared me to lead.

One of your focal points has always been the importance of properly aligning IT governance with an organization’s business strategy. What are some of the practical ways IT teams accomplish this goal and how critical is the relationship building component that accompanies that synchronicity?

I think the most practical way to accomplish this is to focus on the people. Focus on the people developing the strategy and look at how their business is trying to implement it, because the most important thing is to be in alignment with the shared goal, in alignment with the people you’re partnering with. You have to be a true partner with the business. And that has to be the focus, not the technology. The technology is the secondary piece. Technology is what you use to try to find the solution for the business problems that they’re trying to solve. And those business problems don’t always stay the same, they change. They change based on economic conditions, they change based on market conditions, they may change based on who might be occupying the seat that you’re trying to partner with.

smart-city-1200px

So, you have to stay close and you have to stay connected. That allows you to stay aligned. Then you can figure out the solutions that are going to help solve that business problem. You have to be agile. You have to be able to switch directions. When the business switches direction, you have to be able to switch direction. And I think too many times, IT organizations, they don’t stay connected. They believe that they’re trying to solve this business strategy, that they’re trying to solve the business’ problems. But then the business problems change, the strategies change, and they’re suddenly not connected and eventually they’re heading down the wrong direction for another three to six months, which is a lifetime in technology.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Posted in: , , ,
No comments
Artificial Intelligence Data Governance Ethics Information Governance Information Technology Professional Development

Book Review: Infonomics – How to Monetize, Manage, and Measure Information As An Asset For Competitive Advantage by Douglas B. Laney

By Rafael Moscatel, CIPM, CRM, IGP on

Are CFO’s finally ready to heed the advice of their Chief Data Officers and begin adding information assets to the balance sheet?

Although the commonly used quote “There is nothing more powerful than an idea whose time has come.” is regularly and erroneously misattributed to Victor Hugo, originating from his account of the French coup d’état of 1851 that brought Napoleon III to power, I feel it’s almost appropriate for Douglas B. Laney’s passionate argument on Infonomics. It’s an idea he’s been meticulously developing and arguing for almost two decades and has at last fully articulated in his latest book published by Taylor & Francis entitled Infonomics: How to Monetize, Manage, and Measure Information As An Asset For Competitive Advantage. Laney previously published his thoughts on Infonomics in Forbes back in 2012.

This brilliantly researched book, supported by industry giant Gartner, is steeped in both a mastery of information technology as well as economics, in particular accounting methodology and complementing business disciplines that range from supply chain economics to compliance frameworks.

Laney, with brevity and unfailing pragmatism, weaves his impressive understanding of the business of information, it’s flow and it’s enormous potential into a convincing pleading that I believe is a must read for not just the aspiring digerati, but any CFO, Chief Data Officer or executive hoping to survive and thrive in the Information Age.

Continue reading “Book Review: Infonomics – How to Monetize, Manage, and Measure Information As An Asset For Competitive Advantage by Douglas B. Laney”

Posted in: ,
No comments
Information Governance Privacy

40th International Conference of Data Protection and Privacy Commissioners

By Rafael Moscatel, CIPM, CRM, IGP on
40th Annual Data Protection Conference

Reflections on the 40th Annual International Conference of Data Protection and Privacy Commissioners

Guest Post by Abby Moscatel

It’s been about a week since Rafael and I returned from Europe, where we attended the 40th International Conference of Data Protection and Privacy Commissioners at the European Parliment’s Hemicycle in Brussels, Belgium.

The thought leaders posed the single most important question facing us today: What kind of world do we want to live in? You see, we are at the tipping point where the internet will know more about us than we know about each other, or even ourselves. And yet there is no recognized universal ethical and moral code for how we deal with all of the data that is being collected about us. How do we handle it? Right now, Data Kings hold the cards. Companies provide free services to gather our information.

Apple CEO Tim Cook was correct when he said that we are now in a time where our data is being weaponized. We see it in our news feeds. No matter what you believe, you get socials and content that affirms your position, and makes the opposite position something you must resist.

Tim Cook at the 40th Annual Conference of Data Protection Comissioners

Hong Kong artificial intelligence researcher Pascale Fung was also right when she said that unless we get all of the world leaders together, it won’t matter.

Now, we have the GDPR. And, here in the US, we are starting to get patchwork legislation, like the California Consumer Privacy Act, heavily resisted by Big Tech in favor of a federal privacy law.

I want to live in a world where I own my data, control access to my data, and where I can delete my information. If a company or individual breaks a law, then I want a private right of action. Most importantly, I want to live in a world where we have a universal agreement on digital ethics.

What kind of world do you want to live in?

Posted in: ,
No comments
Data Governance Ethics GDPR Information Governance Privacy

The Olympics of Privacy in Brussels!

By Rafael Moscatel, CIPM, CRM, IGP on

Debating Ethics: Dignity and Respect in Data Driven Life, the 40th Annual Conference of Data Protection and Privacy Commissioners

Two Americans walk into a EU Privacy Conference…

Just a few weeks ago, a colleague reached out and reminded me “the Olympics of Privacy” were being held at the EU Parliament in Brussels in late October, and also if I’d like to attend. Well, how the heck am I supposed to turn down an invitation like that? After all, this is the year of GDPR, the NYDFS, the new California Privacy legislation and the ICDPPC has leaders like Mark ZuckerbergSundar Pichai, Tim-Berners Lee, Jagdish Singh Khehar and even the King of Spain all lining up to share their thoughts.

We want to stimulate an honest and informed discussion about what digital technology has done and is doing to do to us as individuals and as societies, and to consider future scenarios. We want to better understand the impact of technology on people of all generations, in all parts of the world, including the way people think, interact with others, develop their opinions, create art and write, how they buy and sell and how they participate in civic life.  – Privacy Conference Statement

Mark and Sundar are likely showing up because they realize the stiff penalties now associated with data security and privacy violations and the rest of the speakers realize that we are on the cusp of a digital and ethical revolution of sorts, one which will affect generations to come. In fact, Debating Ethics: Dignity and Respect in Data Driven Life is probably the most important privacy conference of the 21st century. My wife Abby Moscatel, an attorney and ethicist heard about this lineup and quickly said, yeah… I’m coming with you to this one!

Continue reading “The Olympics of Privacy in Brussels!”

Posted in: ,
No comments
Archives Data Governance Ethics GDPR Information Governance Information Technology Privacy

You Think You Don’t Know Enough About GDPR? You Are Right and Here’s How

By Rafael Moscatel, CIPM, CRM, IGP on

The EU has taken the first step in protecting the data and privacy of its residents. Through the enactment of the General Data Protection Regulation (GDPR), people are now able to have the protection they are looking for online. This means changes for businesses everywhere that are planning to reach consumers in the EU.

Companies need to look at the way that they are handling the personal data of their customers and have an action plan in place to ensure their privacy is protected. Without a strong understanding of what the GDPR means and how it affects your business, you could find yourself in a situation with the EU that you didn’t count on.

Fifteen members of Forbes Technology Council discuss some of the more unexpected consequences of the new GDPR regulation. Here’s what they had to say:

1. Restriction Of Privacy And Innovation

GDPR is the latest version of Y2K compliance — long on speculation and fear, short on reality. In my opinion, regional enforcement of global technology is an impossibility and will restrict — not enhance — privacy, freedom and innovation. The result will be regions of non-compliance (GDPR havens), enormous expense and uncertainty. – Wayne LonsteinVFT Solutions

2. Roadblocks For Blockchain Data Storage

GDPR could impact the decisions and data sets being stored and collected in emerging private and public blockchains. This may create roadblocks for companies looking to embrace blockchain to store any data that may fall under GDPR. – Aaron VickCicayda

3. Opt-In Fatigue

One of the most unexpected consequences of GDPR is the wave of new regulations in jurisdictions outside of Europe, including California, New York and perhaps soon in Asia. Another unintended impact is “check the box” fatigue where opt-in consent language is presented so frequently on websites and apps that consumers don’t read the consents and just check the box, waiving their privacy rights. – Silvio Tavares, CardLinx Association

4. Poor Customer Service

One GDPR byproduct distortion or unintended consequence is excessive regulation leading to poor customer service. The pendulum has swung too far and will be moderated by citizen feedback. – Jeff BellLegalShield

5. Small Businesses Getting Hurt

The companies that are best prepared for GDPR are the big ones: Facebook, Google, Amazon — those that have the money to pour into their tech and legal teams for ultimate compliance. The small and medium-sized businesses, however, may be less prepared, making them more vulnerable to potential fines and penalties. – Thomas GriffinOptinMonster

6. The Slow Death Of Free Services

If a service is free, then your data is the product. We all love using Facebook, YouTube and the many other social media platforms. However, we fail to realize how these businesses operate. If regulations strangle business, then the alternative is a paid model. Just look at YouTube and how it’s strugglingwith its paid subscriptions. – Daniel Hindi, BuildFire

7. Talk About Similar Regulation In The U.S.

The most unintended consequence has been the multitudes of discussions about a similar impending regulation in the U.S. In fact, reading between the lines of Facebook’s testimony to Congress, it is clear to me that tech leaders realize more care ought to be given to sensitive data, and users should have more rights. They are preparing for coming regulation stateside. – Michael RoytmanKenna Security

Read more on Forbes:

https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpected-consequences-of-gdpr/#2ce5537f94ad 

 

Posted in: ,
No comments
GDPR Uncategorized

Exclusive Interview with Risk and Compliance Officer and Professor of Financial Law Miguel Mairlot

By Rafael Moscatel, CIPM, CRM, IGP on

First in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.

Miguel Mairlot is the Risk and Compliance Officer for Lombard International Assurance and a Professor of Financial Law.  I sat down with him at the beginning of the year to learn a little more about his experience in the field of Risk and Compliance and pick his brain on issues like GDPR, the future of privacy rules, the role of A.I. in “fintech” and any advice he can offer millennials looking to get started in the business.

What is it about the business discipline of Risk and Compliance that originally attracted you to the field and keeps you interested?

I spent the first 10 years of my career working in litigation, specializing in banking and finance laws. My expertise and knowledge of the MiFID regulation (Markets in Financial Instruments Directive) led me to work on its implementation for various financial institutions. At that time, legal and compliance tasks were usually performed by the same department. Although I’m interested and continue working on several aspects of the MiFID regulation, I devote most of my time on issues related to money laundering and the detection of serious tax fraud in the event of repatriation of assets.

How do you think companies should approach implementing GDPR and what do you think will be the greatest challenges here?

Any company subject to GDPR should take great care when implementing the requirements set out by this new regulation. Before its entry into force, data protection was not a top priority for many European companies. Now, the paradigm is about to change, due mainly to the hefty fines which can be imposed and the potential reputation damages which may result from a violation of the GDPR provisions.

Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe.

The implementation of GDPR will require the revision of internal procedures, the appointment of a Data Protection Officer in some cases and a mapping and assessment of all the data processes, as well as contractual changes. Among all these tasks, raising awareness among employees about the risks related to the infringement of the rules set out by GDPR might constitute the biggest challenge since this new piece of legislation is considered as a important cultural change in Europe. Continue reading “Exclusive Interview with Risk and Compliance Officer and Professor of Financial Law Miguel Mairlot”

Posted in:
No comments