What's your name?
Sharon O' Reilly
What position do you hold?
GRC/GDPR Consultant IT Governance
How long have you held the position?
What are your day to day responsibilities?
Providing consultancy and audit services to clients on EU GDPR, ISO 27001, ISO 9001 and various other standards. I also deliver GDPR training and will be delivering ISO 27001 training in Ireland later in 2018.
What is your professional background?
BSc and MSc Science
10 years experience in Pharmaceutical/Medical Devices Industry.
16 years experience with my own consultancy company working with a wide range of industry sectors in Ireland helping Irish companies to implement governance frameworks particularly in the areas of data protection and information security.
Certified and experienced trainer.
Tell me about yourself away from work?
I have a passion for music - particularly live music and follow new Irish music closely.
Tell us something very few people know about you?
My husband and I were victims of identity theft in the UK in the 90's.
You are speaking at our GDPR Summit in April. What are you speaking about?
I will be hosting a round table on the subject of the practical journey for SME's seeking to comply with the GDPR and offering advice based on experience as to how Irish SME’s should approach GDPR compliance in a way that is both appropriate and effective. A key topic I believe is to assure companies that a common-sense and risk-based approach to compliance is acceptable and that this type of approach will help them to create a governance framework which will be sustainable in the long-term.
What challenges do you see for organisations implementing the new regulations?
There are undoubtedly many challenges but uppermost I believe is changing organisational culture and getting real-buy-in from all members of the organisation. People and awareness are absolutely key.
Other challenges include:
- Finding/sourcing the right people to drive compliance programmes
- Determining exactly what personal data is being held and where it is. This is not as straightforward as it may seem – most organisations are holding much more data and particularly copies of data than they think.
- Understanding the risks in this area and implementing appropriate controls in order to reduce those risks.
- Designing a compliance framework which is appropriate to their organisation and is robust enough to allow compliance to be managed well beyond the May deadline.
Sharon O'Reilly is appearing at The GDPR Summit. The agenda and further details for this important national event at Croke Park on April 12th, are available at www.gdpr18.com