Welcome to our video series, innovators in Privacy Tech! At our global user conference in London, PrivacyTECH, we interviewed the best and the brightest minds in the privacy industry for their insights on everything from the California Consumer Privacy Act (CCPA), the future of privacy, how to achieve sustainability in your privacy program and more.

Today we have Lawrie Siteman, Director at GDPR Specialists. GDPR Specialists is an organization of certified specialists for orchestrating the people, the policies, the procedures, the data sharing agreements and information surrounding the GDPR, its meaning, and its use. GDPR Specialists helps organizations manage the changes needed to take them to a compliant status.

Using GDPR to your advantage

Siteman notes that the way companies can benefit from the GDPR legislation and other upcoming legislation is they can look to see how it can enhance the business, rather than it being an inhibitor to the business. Through this, businesses can highlight the areas that need concentrating on and they can make their business more effective. Companies can improve the level of trust that customers have in them by the fact that they look after their customers personal data more intently and more carefully than other companies.

“Look at how the GDPR can enhance the business, rather than be an inhibitor.”

One of the key areas that Siteman thinks companies should address is the risk within the organization. It’s difficult for small organizations, and even medium sized organizations to understand that the risk is actually a combination of the likelihood that something is going to happen, coupled with the impact of it. Siteman notes that for example, if an organization has several million records of customers personal data, but it is a very minor level of data, such as names, that’s a far lower risk than if they’ve got a smaller number of sensitive personal data. Clearly that needs to be evaluated in a proper way so that they can take the necessary mitigation actions to prevent the risk being damaging to the organization should anything happen.

Siteman concludes by explaining that one way that companies can handle risk more effectively is to appoint someone within the organization to be an upper level management expertise in the level of risk. Those people then have to study or look up exactly what it takes to evaluate risk properly. It’s quite a simple thing to achieve, however the thing is there’s someone with the responsibility of determining the risk of various scenarios occurring within the organization and can advise the board on how to mitigate those risks. 

Stay tuned for our the next Innovators in Privacy Tech post and visit our LinkedIn, Twitter and Facebook.  For more information, request a demo today and learn why OneTrust was named a leader in the Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018