GDPR: 'For many organisations, the challenge is where to get started'

What's your name?

Paul Breitbarth

What position do you hold?

Director of EU Certification Research and Senior Solutions Advisor at Nymity

How long have you held the position?

Since June 2016

What are your day to day responsibilities?

My responsibilities are twofold. First of all, I’m responsible for Nymity’s accounts and potential customers on the European continent – to help select companies the right combination of solutions and to stay in touch with their privacy officers throughout the year to ensure their compliance needs are supported. In addition, I lead a number of Nymity-funded research initiatives into demonstrating compliance to a rule of law, and into the development of a certification mechanism for privacy compliance programs.

What is your professional background?

I’m a lawyer with a Master’s degree from Maastricht University in the Netherlands and a diploma from the University of Bordeaux, France, with a focus on constitutional and European law. At the start of my career, I worked for a number of years as a deputy committee clerk in the Senate of the Netherlands, where my interest in privacy and data protection grew. Subsequently, I served for almost seven years as senior international officer at the Dutch data protection authority. My main responsibilities were related to the European police and justice cooperation, but over the years I took on responsibility for several developments in the private sector as well, including the data protection reform and the Privacy Shield.

Tell me about yourself away from work?

Away from work, I work some more. I am a visiting fellow at Maastricht University’s European Centre on Privacy and Cybersecurity. For six years, I am also an elected member of the provincial parliament in South-Holland, the region surrounding Rotterdam and The Hague in the western part of the Netherlands. In my spare time, I love to cook, read, go to the theatre or spend time with friends, preferably at the beach.

Tell us something very few people know about you?

I’m pretty transparent on the things I like to share, but some things I just keep to myself.

You are speaking at our GDPR Summit in September. What are you speaking about?

I will be speaking about the need to demonstrate compliance under the GDPR and ways to do that. The new European regulation is not only an instrument with a risk-based approach, it is also founded on the principle of accountability. This means nothing more than that companies should take responsibility to meet the requirements of the law, and should be ready to prove they do so upon request. It could be one of your customers asking for more information about how you process their data, it could be a business partner making a due diligence assessment, or your regulator, who comes to call to inspect you. In all situations, you will need to be able to show how you are processing data, and why you are doing this the way you do. During the GDPR Summit, I will explain an effective and efficient way to help organisations demonstrate compliance, and increase the overall privacy compliance in the organisation at the same time.

What challenges do you see for organisations implementing the regulations?

For many organisations, the challenge is where to get started. There is not a silver bullet available that will solve all your problems with one click. To become a compliant organisation takes time, and if you haven’t started already, you should get started now. Make sure you know which data processing operations your organisation is carrying out, and ensure you have your policies and procedures to deal with personal data in order.

Another challenge is probably the budget. You will need people to do the work - at the very least a data protection officer for most organisations will be helpful to get the project started. Depending on the size of the company and the complexity of your processing, you may also want some software solutions to help you get the work done. Privacy compliance will require an investment, not once, but on a continuous basis. But then again, the reputational damage if something goes wrong, will probably cost a lot more than investing in compliance.

Paul Breitbarth, Director of EU Certification Research and Senior Solutions Advisor at Nymity will be participating inThe GDPR Summit on September 12th at Croke Park. For more information on this important summit please visitwww.GDPR17.com