I’m watching the American presidential race with some amusement, or is that bewilderment, as I’m sure most people with half a brain are. Some of the sheer drivel being espoused makes you wonder how the entire crowd doesn’t burst into hysterics and cry with laughter at every public gathering! I’m always left waiting, no, praying for someone to shout Trump down from the solid gold soapbox that his dad gave him, by bellowing “build a wall around Mexico, that’s hilarious, what a joker”… but it never comes.
The problem is, many Americans don’t think that Trump’s just a warm-up act at the half time show at the Super Bowl. They see status, power, influence, experience, entrepreneurship, and ultimately they do listen to what he says, and that’s where the problems start. It’s very easy for us to sit back and leave unchallenged, what we see and hear on the news or on social media, because when it comes down to it, nobody is actually stupid enough to believe this obvious nonsense, are they?
So, what has all this got to do with data protection…
I draw the parallel with the election because in the same sense, never before has so much attention been lavished on our profession from all quarters, as it is now. Legislators, regulators, politicians, activists, lobbyists, professionals and citizens have been slogging away for years in a WWE style wrestling match, trying to come up with an agreed set of data protection rules that protect individuals’ fundamental rights and freedoms but allow the free-flow of the rich personal data that greases the wheels of business… and finally we are there, sort of!
The General Data Protection Regulation has now traversed the halls of power and will come into force on 25 May 2018, but you probably know that already! You probably also know there are increased fines for breaches and non-compliance, increased transparency and accountability requirements, and increased data subject rights… but here is my question to you: How do you know about all of this? Who have you been getting your information from? Which Gandalf-like data protection wizard have you been looking to for guidance?
I know that’s more than one question there but it’s an important point. Where we choose to educate ourselves is fundamental to ensuring, as professionals, that we interpret the law correctly, educate our senior stakeholders on risk, and drive forward industry conversations on tricky issues like ad blocking and consent. We should guard our information sources jealously and ruthlessly root out rotten apples that needlessly spoil the bunch and drive down the quality of debate, all for their own gain.
Let me put the problem into context for you. Anyone who reads a John Grisham novel, sets out with the expectation of being thrilled by a plot that runs away at break-neck speed but once they put the book down, they aren’t going to head out to Walmart with the kids in bullet-proof vests, just in case the novel’s hero comes barrelling down the road chased by battle-hardened villains. It’s fiction and they know it.
The single biggest threat to the honest progression of our industry is that as many more people look to get into the data protection game, so do the chancers and rogues. All they need to do is walk and talk like a professional and LinkedIn does the rest! A lot like Trump, these “experts” create buzz to attract attention but all that glitters isn’t privacy gold.
So, beware the step-by-step guides, articles and blogs that write with authority, confidence and a sprinkling of pizzazz but seem vague on specifics or make obvious mistakes. The sniff test is a good place to start. If it seems a little off, it probably is and the advice you’re being encouraged to believe from “peer-reviewed” journals could have been penned by someone who doesn’t know a pixel from Pixar or a cookie from Sesame Street. That said, much of what appears in your LinkedIn newsfeed will be the genuine article and there are some fantastic experts out there.
So, where should you go to find golden nuggets of wisdom? Well, it can take years to find good information sources and what you need will depend on specialism, sector, how you’re regulated, region and maturity of your compliance programme. You’ll go wrong at times but occasionally you’ll come across something quite special.
Below is a list of some resources I use. You can set up alerts to make sure you don’t miss anything but sometimes it’s about getting out there and seeing what you can find. Do yourself a big favour though, dig deeper. Satisfy yourself that what you’re about to tell the CEO has come from a source that deserves your trust. Be cautious and protect your profession’s integrity. Quality, like cream, will always rise to the top!
- Panopticon blog from barristers’ chamber 11KBW
- Information Commissioner’s Office – enforcement action
- Bird and Bird’s law firm’s Data Protection updates
- Hunton and Williams email updates
- Data Protection Network
- Computer weekly
- IAPP daily newsletters
- Amberhawk newsletters
- Information Rights and Wrongs
Authored by Michael Bond – Data Protection and Privacy Advisor, News UK & Governance Board Member, The Data Protection Network (CIPP E, CIPP US, CIMP)
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.