We are very happy to announce that entrerpreneur and tech leader, Will Jackson will speak at PrivSec Global, this month.
Streaming live May 22 and 23, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.
Will Jackson is CEO at C2 Risk, a firm specialising in GenAI SaaS solutions for Cyber & Privacy Risk Management. He appears exclusively at PrivSec Global to discuss the best steps to compliance when using Privacy Impact Assessments (PIAs).
Below, Will answers questions on his professional journey and the themes of his PrivSec Global session.
Could you briefly outline your career pathway so far?
My journey into the risk management industry was certainly unconventional. I spent more than two decades in the technology and services industry, establishing myself as a well-known and respected figure within the enterprise business space.
I have held C-suite and senior management positions in large international organisations, both as a supplier and a consumer of technology and services. My professional experience has predominantly been in consultancy, software and technology, and business and IT services across various industry verticals such as oil and gas, banking and insurance, manufacturing and engineering, retail, government, healthcare, distribution, transportation, and higher education.
My transition into risk management wasn’t a direct leap but rather a gradual evolution. While working in the HR and payroll infrastructure for a multinational HR & payroll software and outsourcing company, I was deeply involved in managing sensitive data belonging to large international enterprise clients, and ensuring its security was one of the top priorities. This experience laid the groundwork for my eventual pivot into risk management. I saw an opportunity in the market for what C2 were solving and most importantly, how they were solving it.
What are the main challenges that organisations face when mastering Privacy Impact Assessments?
Privacy Impact Assessments (PIAs) are crucial tools for organisations to assess and mitigate privacy risks associated with their operations. However, mastering PIAs comes with its own set of challenges typically listed below:
Complexity of Regulations
Privacy regulations such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) are complex and constantly evolving. Ensuring that PIAs comply with these regulations requires a deep understanding of their requirements, which can be challenging for organisations, especially those operating in multiple jurisdictions.
Scope Definition
Defining the scope of a PIA can be difficult, especially for large organisations with diverse operations. Identifying all the data processing activities and systems that need to be assessed requires careful planning and coordination across different departments.
Data Mapping
Conducting a thorough data inventory and mapping exercise is essential for a comprehensive PIA. However, organisations often struggle to accurately map all the personal data they collect, store, and process, particularly in complex IT environments with interconnected systems.
Risk Assessment
Assessing the privacy risks associated with data processing activities requires expertise in privacy and data protection principles. Organisations may find it challenging to accurately assess risks such as data breaches, unauthorized access, or non-compliance with privacy regulations.
Resource Constraints
Conducting PIAs requires time, expertise, and resources, which can strain organisations, especially smaller ones with limited budgets and staff. Allocating sufficient resources to PIA activities and integrating them into existing business processes can be challenging.
Stakeholder Engagement
PIAs involve multiple stakeholders across different departments, including legal, IT, HR, and compliance. Coordinating and obtaining buy-in from these stakeholders can be challenging, particularly if there are competing priorities or lack of awareness about privacy risks.
Documentation and Reporting
Documenting the PIA process and findings in a clear and concise manner is essential for accountability and compliance purposes. However, organisations may struggle to maintain comprehensive records and produce meaningful reports that demonstrate compliance with privacy regulations.
Continuous Monitoring and Review
Privacy risks are dynamic and can change over time due to factors such as technological advancements, organizational changes, or regulatory updates. Therefore, organisations need to establish mechanisms for continuous monitoring and review of PIAs to ensure they remain effective and up-to-date.
Addressing these challenges requires a proactive approach, ongoing commitment, and investment in privacy governance frameworks, training, and technology solutions to support PIA processes.
In what ways do PIAs expedite the compliance journey, and what other benefits come with getting PIAs right?
Privacy Impact Assessments (PIAs) can expedite the compliance journey and offer several other benefits when done correctly:
Proactive Compliance
PIAs allow organisations to identify and address privacy risks before they escalate into compliance issues. By conducting PIAs early in the development or implementation of new projects, products, or services, organisations can proactively address privacy concerns and ensure compliance with relevant regulations.
Risk Mitigation
PIAs help organisations identify and assess potential privacy risks associated with their data processing activities. By understanding these risks, organisations can implement appropriate controls and safeguards to mitigate them, reducing the likelihood of data breaches, regulatory fines, and reputational damage.
Enhanced Trust and Reputation
Demonstrating a commitment to privacy through thorough and transparent PIAs can enhance trust and reputation among customers, partners, and stakeholders. By prioritizing privacy and data protection, organisations can differentiate themselves in the marketplace and build stronger relationships with their stakeholders.
Cost Savings
Identifying and addressing privacy risks early in the development or implementation process can help organisations avoid costly rework or remediation efforts later on. By integrating privacy considerations into their business processes from the outset, organisations can minimize the risk of non-compliance and associated financial penalties.
Competitive Advantage
In an increasingly privacy-conscious world, organisations that prioritize privacy and demonstrate compliance with relevant regulations can gain a competitive advantage. By leveraging PIAs to assess and communicate their privacy practices, organisations can differentiate themselves from competitors and attract customers who value privacy.
Legal and Regulatory Alignment
PIAs facilitate alignment with legal and regulatory requirements by helping organisations understand and address their obligations under relevant privacy laws and regulations. By documenting their compliance efforts through PIAs, organisations can demonstrate accountability and due diligence in the event of regulatory scrutiny.
Improved Data Governance
PIAs promote good data governance practices by encouraging organisations to document and assess their data processing activities, data flows, and data protection measures. By establishing clear processes for managing personal data and conducting PIAs regularly, organisations can enhance their overall data governance framework.
Innovation Enablement
While PIAs are primarily designed to assess privacy risks, they can also support innovation by identifying opportunities to enhance privacy and data protection measures in new projects, products, or services. By integrating privacy considerations into the innovation process, organisations can foster a culture of responsible data stewardship and ethical use of data.
In summary, PIAs expedite the compliance journey by proactively identifying and mitigating privacy risks, thereby helping organisations avoid costly compliance issues and reputational damage.
Additionally, getting PIAs right can lead to enhanced trust, cost savings, competitive advantage, legal and regulatory alignment, improved data governance, and enablement of innovation.
Don’t miss Will Jackson debating these issues in depth in the PrivSec Global panel: Privacy Impact Assessments: Achieving Comprehensive Compliance.
Privacy Impact Assessments (PIAs) serve as crucial tools for organisations to evaluate and mitigate the privacy risks associated with their operations, products and services.
This panel discussion will delve into the intricacies of mastering PIAs and achieving comprehensive compliance with privacy regulations and best practices.
Also on the panel
- Alexander Alaraj, Group Data Protection Officer, IKEA Retail (Ingka Group)
- Matthew Goodbun, Senior Privacy Consultant, BSI
- Ellie Dowsett, DPO, Best Companies
- T.B. (Puma) Smagge, Privacy Officer, Data Protection Officer, Functionaris Gegevensbescherming
Details
Session: Privacy Impact Assessments: Achieving Comprehensive Compliance.
Time: 14:15 – 15:10 GMT
Date: Wednesday 22 May 2024.
The session sits within a packed two-day agenda of insight and guidance at PrivSec Global, livestreaming through Wednesday 22 and Thursday 23 May, 2024.
Discover more at PrivSec Global
As regulation gets stricter – and data and tech become more crucial – it’s increasingly clear that the skills required in each of these areas are not only connected, but inseparable.
Exclusively at PrivSec Global on 22 & 23 May 2024, industry leaders, academics and subject-matter experts unite to explore these skills and the central role they play in privacy, security and GRC.
No comments yet