We also have some predictions for the year ahead…
Jenny Moseley, DPN co-founder
Highlight of 2018: The dawning of May 26th, so I could get some sleep!
Biggest surprise of 2018: The fabulous summer weather.
Prediction for 2019: Penalties? You ain’t seen nothing yet.
Sara Howers, DPO, CGI UK Ltd
Highlight: The collaboration, help and networking amongst a lot of the DP community, especially being offered to SMEs who clearly didn’t have the same bandwidth to get through their readiness programs.
Biggest surprise: Just how many DPO jobs were being advertised so late in the day, so close to the go-live date.
Amusing moment: There were occasional bouts of hysteria, but I’m not sure that’s what you mean!
Prediction for 2019: Disparity between different countries’ DPAs over their enforcement notices & level of fines.
Emma Butler, DPO, Yoti Ltd
Highlight: working for a company that genuinely takes data protection and data governance seriously.
Biggest surprise: that despite the focus on the updated law, many companies continue to routinely ask for way more information than is necessary.
Amusing moment: the slow realisation by some companies that Brexit won’t make the data protection rules disappear!
Prediction for 2019: DP compliance will (sadly) continue to be less about big picture outcomes and what’s in the best interests of the individual, and more about process, the minutiae of technical compliance, and people whingeing about getting e-mails they didn’t want.
Richard Lindsay, Director of Legal & Public Affairs, IPA
Highlight: the world did not explode on 25th May.
Biggest surprise: there don’t appear to have been as many confrontations between clients and suppliers (i.e. controllers and processors) over data processing agreements as I’d expected.
Amusing moment: I’m afraid that I can’t associate data protection with amusement – though my secret santa gift from our office Christmas party is a “GDPR Legend” T-shirt. That’s pretty amusing!
Prediction for 2019: I think the ICO will start looking at more industry sectors, and that organisations will be updating their data protection practices now that they’ve had time to understand how the law works from a practical perspective.
Stephen McCartney, EU Director of Privacy & DPO, Pearson
Highlight: was finishing off the GDPR preparation work and being able to lift my head from the floor for the first time in months!
Biggest surprise: was the first GDPR fines from the ICO being levvied for non payment of registrations fees and not substantive compliance issues.
Amusing moment: was Facebook following Google’s playbook for privacy regulators from 2011 – and getting the same results!
Prediction for 2019: ePrivacy will not be agreed by the EU by the end of the year, Privacy Shield will not be overturned, and Facebook will win their appeal against the ICO monetary penalty.
Andrew Bridges, Data Quality & Governance Manager, REaD Group
Biggest surprise: the avalanche of re-permissioning messages in the run up to 25th May was surprising and disappointing in equal measure. The irony of brands believing they were doing the right thing but in reality damaging their business and relationships with their customers needlessly – one data protection lawyer I know likened it to lemmings throwing themselves off a cliff. Hopefully some lessons were learned!
Prediction for 2019: now the furore over consent has died down – attention needs to be given to the other important areas covered by the GDPR – including data quality and Information Security. With over 2.5 quintillion bytes of data being created every single day worldwide and predications that by 2020, 1.7MB of data will be created every second for every person on earth, and the alarming increase in cybercrime, the importance of Information Security will be an essential part of corporate strategy. The investment in 2018 to create and maintain transparency now needs to include Information Security. The principles of Privacy by Design and Privacy by Default must also be taken seriously … data protection and data privacy will need to work in tandem for businesses to avoid brand damaging breaches and reputational damage.
(Andrew, you are forgiven for breaking the 50 word ‘rule’!)
Matthew Kay, Group Data Protection Officer, Balfour Beatty
Highlight: was becoming involved in the DPN.
Biggest surprise: was the media profile of the DPA 2018.
Amusing moment: was having no data at the summit of Kilimanjaro.
Prediction for 2019: is a high profile fine for a data breach issued by the ICO.
Simon Blanchard, DPN Deputy Chair
Highlight: we finally got to 25th May and all the merchants of doom were proved wrong!
Biggest surprise: cookie notification banners got bigger, but not always more informative or empowering.
Prediction for 2019: I’m not going to predict anything to do with Brexit! But I am hoping that the ICO’s update to the Direct Marketing Code will help answer some key compliance questions for marketers.
Julia Porter, Business Advisor
Biggest surprise: The time taken to review supplier contracts and the level of risk that companies will sometimes tolerate with their supplier relationships.
Prediction for 2019: Just like learning to drive the real lessons will be learnt once you’ve passed your test (or passed May 25th). There will be many more data breaches and some serious work by companies to invest in a coherent data strategy to recruit customers and prospects who really care about their product or service.
Philippa Donn, DPN Editor
Highlight: hiding in a wifi-less cottage in Snowdonia on 26th May.
Biggest surprise: that so many had never heard of PECR.
Amusing moment: the rather fabulous GDPR-song
And some more predictions for 2019…
Robert Bond, DPN Chair and Partner at Bristows LLP
2019 will see an increase in enforcements and fines in relation to data protection breaches and non-compliance. The risk of consumer class-actions for privacy infringements will drive compliance up the agenda and lead to greater attention to data protection compliance and governance and the need to not only adhere to the law but to also apply an ethical approach to data analytics and profiling.
Dominic Batchelor, Head of IP & Privacy, Royal Mail Group
Brexit uncertainty means a lot of effort will go into implementing safeguards for EEA to UK data transfers, mostly SCCs, even if not needed in the end (e.g. because of the Brexit deal agreed). Longer term, this may encourage interest in BCRs as a preferable approach in some group structures.
Charles Ping, Founder of Charles Ping Associates
Since it’s Christmas and we are surrounded by the shiny and sparkly my prediction is that those wearing Rose-Tinted spectacles will see the data protection world in it’s true colours during 2019
Noga Rosenthal, Chief Privacy Officer and General Counsel, NCC Media
I predict that better privacy practices will be a competitive differentiator in 2019.
And finally, a serious word from Rosemary Smith co-founder of the DPN & Opt-4 Director
Where do DPOs go on holiday for Christmas?
Su DATEN land? (German DPOs only)
N ICO sia
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.