The Data Management Industry Forum for Privacy

‘Privacy by design’ and ‘consent management’ are complex issues so we plan to shine a light on these first by organising a webinar to discuss what it means and to demonstrate tools and approaches that address these issues. Then a seminar in London on 14th November consisting of technical and legal experts together with senior representatives from privacy and governance functions in banks, insurers and investment firms.

Consent Management: Not only a new challenge as part of GDPR but a critical interaction with your customer

Are your current processes legal?

Will they still be legal in 2018?

Penalties of up to 4% of global turnover for inadequate consent management!

Every significant country or region is overhauling its laws for privacy and security, GDPR in Europe is an example of a fundamental redrawing of citizen’s rights and regulator’s powers. Effective management of consent is a cornerstone of GDPR. Failure to do so falls into the highest categories of penalties of up to 4% of global annual turnover. Organisations must adapt their culture, systems, processes, contracts, accountabilities and governance to ensure effective compliance.

There are numerous other examples. Only last week New York State Dept of Financial Services released its Cybersecurity Regulation, covering information security, data governance and customer data privacy. The Cybersecurity Responsibility and Accountability Act of 2016 is another example currently working its way through the US Congress.

Dealing with regulations in a siloed fashion doesn’t work!

Since 2007, the finance sector has had multiple waves of regulation regarding tax, AML/KYC, trading, fraud, conduct and so on. Countless BILLIONS OF DOLLARS have been spent on regulatory programmes. The result is ‘lost opportunity’ together with business processes, data systems and management structures that lack cohesion, are costly and prone to risk.

With clarity, we can learn from the past – and each other!

We can deal with the next wave of privacy and security regulations by learning from the past and each other. If we have clarity on the true underlying issues then we can plan, develop capability and execute our plans with efficiency and purpose.

There is a lot to do and less than two years to do it for GDPR. We urgently need to convene people from privacy, governance, data management, risk and compliance. We want experts with real insight who can convert WHAT the regulation says into HOW we can make the necessary transformations in a joined-up, cohesive manner. Our target outcome is about becoming EFFICIENT as well as COMPLIANT.

Data is at the heart of your organisation. Nearly all the provisions of the new regulations relate to management of data. Your response to the challenges of the new privacy regimes lies in better management of the capture, flow, retention and disposal of data.

The Data Management Industry Forum for Privacy is the hub for industry professionals to share insights and discuss solutions to the challenges presented by GDPR.

What are the challenges?

The essence of the new regulations is that organisations should respect the privacy of citizens and provide transparency and evidence that they are doing so. Key features include:

• Systematic and comprehensive management of ‘consent’ so that consumers are always clear about the use of the data they provide
• Privacy by design and default baked into culture and values
• New rights for the consumer (access, transfer, rectify bad data, object, forget)
• New powers for the regulator (inspections of flows, stores, controls, consents)
• Enhanced risk assessment and management of personal data
• New processes for control and notification of breaches

What are the answers?

A one hour webinar in which we will outline initial steps required to assess your starting position, the program process and showcase one way of addressing the customer facing issue of ‘Consent Management’ via an enterprise-scale data privacy and consent management system that helps organisations set and follow privacy policies and avoid violating the trust of their customers. Contents of the seminar include:

• GDPR requirements for privacy by design and management of consent
• A high level overview of GDPR requirements for governance
• The starting position: The current state of systems and consent management
• Example enterprise scale solutions for consent management.
• Question and answer session

Participants

• Sima Nadler, Senior Program Manager Privacy & World Wide Retail Research Leader, IBM, specialist in consent management systems and technologies.
• Dennis Slattery, CEO EDMworks, Governance and architecture specialist, publisher of the Data Management Agenda for Privacy
• Sue Baldwin, Executive Director, Head of Oversight, J P Morgan
• Phil Hingley, Financial Services Lead, EU Core Team IBM

A morning seminar in which we will discuss in greater detail the issues and challenges around ‘privacy by design and consent management.’ We will have a broader range of presenters and panellists including Chief Privacy Officers, Data Governance Leads and Heads of Risk and Oversight. There will be opportunity for deep dives into consent management solutions and round table discussions and Q&A sessions to establish requirements and current best practice. Contents of the seminar include:

• The Chief Privacy Officer perspective
• The Data Governance and Oversight perspective
• The legal requirements from GDPR
• The challenge for data architecture and design
• Example enterprise scale solutions for consent management

Participants

• Sima Nadler, Senior Program Manager Privacy & World Wide Retail Research Leader, IBM, specialist in consent management systems and technologies.
• Dennis Slattery, CEO EDMworks, Governance and architecture specialist, publisher of the Data Management Agenda for Privacy
• Phil Lee, Partner (Privacy, Security and Information), Fieldfisher. Specialisms are in data privacy, digital media and disruptive technologies
• Sue Baldwin, Executive Director, Head of Oversight, J P Morgan
• Garry Manser, Head of Data Governance, Visa
• Phil Hingley, Financial Services lead, EU Core Team IBM
• Sue Geuens, President, Dama International