Joanne Howie, deputy general counsel (global) at AXA Corporate Solutions, said that these rules need to be taken seriously because they raise the level of risk faced by almost all companies in a potentially significant way.
Ms Howie said it is not “crystal clear” at this stage exactly how the fines included with GDPR will be applied in practice. She also warned risk managers not to be lulled into a false sense of security by recent words from the ICO that suggest it prefers to use the carrot rather than the stick. “They will use a sledgehammer if they need to!” said Ms Howie.
The lawyer said that responsibilities need to be made clear at each and every company. Risk managers will have an important role to play in GDPR programmes and must work with data protection officers, IT and others to identify and assess the risks of non-compliance, she continued. But boards need to make sure that the message comes right from the top. “Everyone has a role in data protection compliance,” stressed Ms Howie.
Julia Graham, deputy CEO and technical director at Airmic, the UK risk management association, agreed with Ms Howie that 2018 will be a big year for the GDPR and urged members to take it seriously.
During a later panel debate on the rise of the digital age, Ms Graham said the one thing that might persuade directors to take the GDPR more seriously is the real threat that failure to comply and carry out duties could void D&O cover, always a matter likely to grab their attention.
Ms Howie’s message to risk managers that Brexit provides no relief from GDPR was loud and clear. “Brexit will not give us a lucky escape unfortunately. The GDPR will be applicable despite Brexit. Given the timeline, on current estimates, the UK will be formally subject to the GDPR for at least ten months. All other indications both from government and the ICO are that they intend to retain the GDPR at least for the short to medium term following Brexit. Importantly, in order to be considered an adequate jurisdiction for receipt of personal data from the European Union, the UK must have an ‘equivalent’ level of protection. It therefore does not look like it is going away,” Ms Howie explained.
Full article on Commercial Risk (subscription required)
© Commercial Risk Europe
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article