‘Some people still think that GDPR is another fake news story, like the Y2K bug,” says Julian Hayes, owner of Veneto Privacy Services. “The truth is that GDPR is the law and there are a multitude of regulations that need to be complied with.”
Hayes is a highly experienced data privacy and security consultant with more than 16 years working in the telecommunications and IT industry. As managing director of Veneto Privacy Services, Hayes provides in-depth data protection consultancy services to clients in diverse industries throughout Europe and the United States.
GDPR came into force on the May 25, 2018. This strict new data protection compliance regime comes with severe financial penalties for non-compliance and brings further risks for businesses' reputation as to how they deal with data protection matters. With the Data Protection Act 2018 now firmly in place, there are significant changes in the way companies across Europe and beyond may collect, process and hold personal data.
“Veneto Privacy Services is a leading professional services company providing expert data protection advice and consultation for businesses to meet compliance requirements with the General Data Protection Regulation (GDPR) and related legislation,” says Hayes.
Based in Dublin, Veneto is situated in the European hub of the data protection compliance activities and has strong operational engagement with contacts within the Commission for Data Protection.
Hayes has previously worked in a number of other senior roles, including reporting to the chief privacy officer of Vodafone Group in London. He was also privacy officer for Vodafone Ireland for many years before moving abroad for international experience. All of Veneto's executives have had dealings with regulators in many European jurisdictions.
Hayes talks about the threats faced by businesses in Ireland and abroad regarding supply chain risks as malicious parties look to target larger businesses by first exploiting their suppliers.
“Consider the information you share with your suppliers as you interact with them,” he says. “They likely know your gaps and process improvement plans, allowing them to build a vulnerability model of your business. These outfits play the long game and can invest months learning and adapting in true professional project management style, the timing and method of attack.”
Lots of companies don’t have the budget to hire a full-time data protection officer but still need to have the function fulfilled. “Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements and in some cases, legally required,” says Hayes.
“Veneto Privacy is a consultancy business for firms and we can respond to data breaches and security incidents. In the event of a compromise or availability breach or an attempt to gain access to a company’s system, we provide direct technical/notification support to meet the short window of 72 hours under GDPR and act as the company’s liaison with the authorities.”
Veneto Privacy provides an incident management service. “In the event of a compromise or availability breach or an attempt to gain access to your system, we provide direct technical/notification support and act as your liaison,” says Hayes.
“Companies often hoard information and data but this can become a compliance problem. It becomes a problem if someone gets access to information that they shouldn’t have in the first place. We can also undertake privacy impact assessments which are an important and very useful tool to demonstrate understanding of risks and providing compliant mitigations for personal data processing.”
Veneto Privacy also provides a streamlined information asset register to ensure a simple way to help companies understand and manage their information assets and the risks associated with them.
“We help companies by telling them how to streamline this data so that breaches are far less likely to happen,” says Hayes. “We offer both on-site and remote on-going privacy consulting services to ensure that security solutions are water-tight and up to date.”
Veneto Privacy’s customer base is in diverse sectors, from telecommunications and the pharmaceutical industry to children’s educational providers and real estate businesses. Veneto also partners with Privaon OY, a specialist firm in Helsinki providing leading GDPR training modules now available for the Irish market.
“Over the next 12 months we are looking to expand outwards and we are also developing a new software solution for firms,” says Hayes.