"Many organisations are only just starting to draw breathe after a busy 12 months preparing for the introduction of GDPR"

What's your name?

Steven Roberts

What position do you hold?

Head of Marketing, Griffith College

How long have you held the position?

I’ve been in my current role for six years

What are your day to day responsibilities?

As Griffith’s Head of Marketing, I oversee all marketing, brand and communications activity in the Irish and UK markets, managing our national marketing, digital, PR and social media teams.

It’s a busy role, leading a combined team of 15 as we promote Griffith’s range of undergraduate, postgraduate and professional courses. I’m also actively involved in data protection on a daily basis as a lead member of Griffith’s data protection committee.

What is your professional background?

I have over 15 years’ experience working in senior marketing and strategy roles nationally and internationally across a range of sectors including education, heritage and tourism. I’m fortunate to have worked with great teams during that time and our work has been shortlisted for a variety of marketing awards.

I’m an active member of the Marketing Institute of Ireland, the Public Relations Institute, and the Association of Compliance Officers in Ireland.

As a certified data protection officer, I sit on Griffith College’s data protection committee. During the past 18 months I’ve taken a leading role in implementing GDPR compliance procedures across its three campuses.

I also sit on the ACOI’s data protection and technology working group and am a regular contributor to national and industry-based publications on data protection, marketing and privacy issues.

Tell me about yourself away from work?

Outside of work, I’m married with two small kids aged 6 and 4, so most weekends are spent travelling to and from various sporting activities and events. I’m a strong advocate of continuous learning so I always look to make some time for that each day too.

Tell us something very few people know about you?

I am a keen guitarist and occasional songwriter. I manage to find at least a few minutes to get in some guitar practice every day.

You are speaking at our GDPR Summit on November 6th. What are you speaking about?

I’ll be speaking on the ePrivacy Regulation, another key piece of EU data protection and privacy legislation. It is currently at draft stage and due to come into force at some point in 2019. In particular, I’ll be looking at the likely timelines, scope and impact it will have on businesses.

6 months on from the GDPR deadline, what challenges do you see now for organisations implementing the new regulation?

Many organisations are only just starting to draw breathe after a busy 12 months preparing for the introduction of GDPR. Recent research suggests most firms are still on that journey and many won’t achieve full compliance until year end.

There are plenty of aspects of GDPR where companies are seeking clarity. Dealing with subject access requests in a consistent way, and getting clarity on the boundaries of what is covered under legitimate business interests are just two examples. The continued uncertainty regarding the long-term future of the EU-US Privacy Shield is also problematic with regard to international data transfers.

With the likely introduction of the ePrivacy Regulation in 2019, a further layer of complexity will be added as companies seek to harmonise the requirements under that legislation with their existing obligations under GDPR.

Steven Roberts is speaking at The Sunday Business Post’s GDPR Summit on November 6 in Croke Park seewww.gdpr18.com for full details.