By Hilary Wandall, TrustArc General Counsel & Chief Data Governance Officer
I provided some highlights of the first day at the 39th ICDPPC conference in Hong Kong. Now I will share some additional insights.
It was a remarkable week in Hong Kong with current and former IAPP Board members and other privacy friends and colleagues most of whom I’ve known for decades, but also a few I had the pleasure of meeting for the first time as we explored global issues and local culture together.
Over 750 delegates representing more than 65 data protection authorities, the United Nations, industry privacy leaders, think tanks, universities and civil society joined together to discuss the connections between western and eastern approaches to privacy and impact on policy and regulation across the globe. Conference host, Hong Kong Privacy Commissioner Stephen Wong, summarized the experience well with a thoughtful keynote and a special tutorial for current and former members of the IAPP board on the different approaches to writing “privacy” in Chinese at the closing data protection authority luncheon hosted by the IAPP on Friday afternoon.
The growing significance of regulatory interoperability to drive cooperation, simplicity – and by extension – prioritization, including a broad range of approaches from CBPRs and Privacy Shield to GDPR certification, BCRs and adequacy, dominated panel discussions from the main stage to side events such as the Centre for Information Policy Roundtable on CBPRs and GDPR. In addition to our own Josh Harris, TrustArc Director of International Regulatory Affairs, who spoke at multiple sessions on CBPRs, CBPR participating companies, such as Apple and Cisco, discussed the importance of CBPRs to global accountability at both the Roundtable and on the main stage.
GDPR preparedness also permeated discussions, including those at the IAPP KnowledgeNet on Wednesday, where we heard the perspectives of local and regional colleagues in Hong Kong and Asia Pacific, respectively, on coordinating with their privacy teams in Europe and the U.S. for effective implementation. It was a special honor to join IAPP Board Member and Promontory Managing Director, Simon McDougall, to discuss the operational impact of GDPR. Most expect that the impact of GDPR on both regulators and organizations will only have begun to be understood over the next year, and that May 25, 2018 will be only the beginning of GDPR compliance.
I am looking forward to the timely opportunity of next year’s 40th ICDPPC, which will take place in Brussels, to get a comprehensive read out on global progress on both GDPR implementation and regulatory interoperability and to exploring how our work on comprehensive DPIAs will tie into next year’s theme of digital ethics.
Until then, learn more about GDPR compliance and how TrustArc can help your organization here: TrustArc GDPR Privacy Solutions.