The event brought together over a hundred people at the initiative of Partech Ventures, as an occasion to hear data compliance stakeholders’ views regarding the EU’s General Data Protection Regulation (GDPR) taking effect in May 2018. Amongst the participants in this round table: a public institution (CNIL), large companies such as Accenture – who kindly hosted the conference in Paris - and Nordea, and innovative solution providers from Partech’s portfolio: Privitar, Waterline Data and Ecovadis.
Jean-Marc Patouillaud, Managing Partner at Partech Ventures, introduced the event by explaining the need for regulation in a society where privacy is at stake at each moment of the end-user’s life, as digital experience and data generation is more and more ubiquitous.
« Privacy is not about hiding, but it’s about choosing which info we provide. It’s the basis of intimacy! », he said, defending the spirit of regulation. He also reminded the audience that innovation will always arrive before regulation as a matter of fact.
Fabrice Asvazadourian, Managing Director Lead France and Benelux at Accenture, then explained that many clients of his firm are not only preparing their compliancy to GDPR, but also considering the “after-May” implications necessary to stay compliant. If technology is obviously part of the answer to these challenges, he affirmed that the main question for Accenture’s partners was “Should I do this myself or with solution providers?” which is a big cost control strategic decision.
CNIL President Isabelle Falque Pierrotin opened the panel by saying that GDPR must not be seen as an administrative burden but as long-term investment. In her opinion, Europe may be late in terms of digital, but users’ considerations have changed and people are now expecting regulation.
« The time of blind checking is over, it’s a good time to introduce a European model! she argued, with GDPR, Europe is catching the train and demonstrating that a high level of innovation is possible while keeping with privacy principles »
She admitted that GDPR will be a big change, but reassured the audience that CNIL and all the European institutions will work as a collaborative force and cohesive support network to companies.
« Regulators have been mostly focused on sanctions, and now they’ll be advising companies. »
Lastly, Isabelle Falque-Pierrotin informed the audience that the EU law will apply equally to non-European companies as well, as they target European users, so no competition will be enforced by GDPR.
Alasdair Anderson, Head of platforms at NORDEA, came to discuss how his bank is leveraging data governance and privacy investments to accelerate business intelligence. He first reminded the participants that banking activities are massively rich sources of data based on trust and reliability. Therefore, banks are naturally quite invested in data protection, and higly sensitive to new regulation outcomes.
« GDPR is the latest of a long way of costly measures ». Alastair noted that since 2008, the top 20 banks have paid more than €200B in enforcement fines.
The focus for Nordea has been on turning this investment into a competitive advantage, working with companies such as Privitar and Waterline Data, to take the best of the opportunities the big data revolution has provided.
He concluded his intervention warning the audience that as innovation will never stop, there’s always going to be more, it will never be secured enough.
Kaycee Lai, COO of Waterline data, then explained that the challenge of GDPR is that since all the articles of the directive work in tandem, compliance must be total, there is no middle ground. He added that the most difficult task for the companies collecting data will be reporting (identifying their data as sensitive or GDPR-friendly).
« The big thing is reporting: be able to show what you have and what you’ve done so far »
He also underlined the positive impact of GDPR from his point of view: companies will have to find a way to turn down the data they do not need in order to conduct safe analytics. « GDPR is a good way to put yourself at the level. »
Privitar’s CEO Jason du Preez forecast that data will be a trillion Go by 2020, and because data is about people, there is still a problem with many organizations lacking clear data strategy.
He then made the point that organizations are evolving from intuition-based decision making to become increasingly data-driven. He emphasized that these organizations will need to ensure their platforms include scalable controls to protect against privacy risk.
« Respecting individual privacy creates value, but where there is value, there will always be fraud »
David Leboni, Head of Research at CyberVadis, warned the audience that the work doesn't end once you have got a contractor and outsourced a part of your accountability. « That’s a major mistake big companies make » he added.
He shared Cybervadis experience and opinion that GDPR will change supply chain liability, meaning organizations must look again at the controls they place on data sharing with third parties. “Your own data security is as good as your business partners’ own data security”.
The audience, composed of Chief Digital Officers and Data Compliance Experts from major companies, had several questions at the end of the conference. Two interesting concerns were about the possibility of informing between competitors, and obviously the cost for SMBs.