I started life in BT’s customer communications team, intending to stay for about two years, but ending up doing 11 years, working in advertising, marketing and sales, mostly for SMEs. I then moved to Cable & Wireless to develop the company’s attack on the SME market, working in sales and marketing before running contact centres globally for all enterprises, with board member responsibility for CRM.
Tired of travelling and leaving my family (twins then aged eight), I changed tack in 2003 and became a shareholder and director in a four-person data protection and data management business, which became DQM Group and then DQM GRC.
DQM GRC was one of the first companies to recognise data as a valuable business asset that needs protecting before it can become an essential asset for driving business potential. Our consistent approach to delivering pragmatic data privacy solutions has ensured we now operate globally, supporting many medium and large scale organisations to ensure they avoid becoming data privacy disasters and become data driven.
In the last few years, finally seeing data protection recognised as an important boardroom issue with the introduction of the GDPR/Data Protection Act 2018. Having spent the past 16 years talking (largely to deaf ears) about its importance, it’s great to see traction at last in all companies and, for the most part, companies recognising that data protection is a long term commitment and not just a flash in the pan. It has also been massively rewarding to develop solutions and provide support to our clients which has helped them to embrace data protection by design and default.
Having spent 2019 helping boards and senior managers recognise the importance of data privacy by design – and realising this is the core of a company’s privacy programme – I’d have to say Dr Ann Cavoukian, whose privacy ideas back in the 1990s are even more important today.
Not really. For those of us in data protection consultancies, 2019 should have been a year of consolidation in terms of ensuring data protection remains a focus for all companies and not something to be forgotten post May 2018.
The degree of enforcement action in the UK – whilst welcome in terms of highlighting large scale breaches such as BA and Marriott Hotels – didn’t help to keep data privacy as a boardroom issue. Too many companies saw it as a “one and done” exercise. The lack of data protection fines for SMEs (save some for PECR) meant it has slipped in focus.
Challenging. The enforcement actions against Facebook and Google will mean companies may need to better examine their whole approach to adtech, cookies and consent. Without some of the capabilities previously used extensively by analysts, other approaches to website analytics will be required. From a first party data perspective, marketers will have to work harder for the engagement they want from their customers.
Companies recognised while they can legitimately market to their customers, there needs to be a “relationship” – which means sending emails and texts to people who were customers 12 months ago but have not bought since should be done with care.
The increased use of AI across all areas of business, provided consumers’ privacy is respected. Examples such as Google’s DeepMind, and the various NHS Trusts who shared data, shows both the benefits and pitfalls of large-scale data sharing and the need to ensure there is complete transparency, particularly where sensitive data is involved.
Ensuring developers respect the need for data protection by design and default. Typically, this means ensuring tech teams realise that data needs to be handled with care and that any transformation considers the key principles of data minimisation and anonymization, and recognises the importance of data security.