'Few businesses have considered the full impact of GDPR on their ability to perform day-to-day analytics'
Aoife Sexton, Chief Privacy Officer at Trūata on the challenges many companies still face six months after the introduction of GDPR
What's your name?
What position do you hold?
Chief Privacy Officer at Trūata
How long have you held the position?
Since June 2018. Prior to that I ran my own law firm and also co-founded and ran a data protection consultancy firm.
What are your day to day responsibilities?
Trūata is an Irish trust that was founded by Mastercard and IBM earlier this year, which offers a new and unique approach to data anonymisation and analytics. As Chief Privacy Officer my job is to ensure that privacy/data protection requirements are addressed as part of Trūata’s operations. I identify business and technical requirements resulting from new and evolving privacy laws and regulations;
I work with a team of data scientists looking at new and innovative way to anonymise personal data, while retaining data utility. The work is cutting edge both in terms of our approach to achieving compliance with data protection laws but also in terms of achieving a balance between anonymisation and data utility and ultimately being in a position to deliver aggregated, actionable insights and reports to our customers.
I am passionate about the fact that Truata is focused on finding new innovative ways for companies to ensure a balance between preserving individuals privacy whilst at the same time continuing to innovate.
With the quickening pace of technological advancement, including AI, IOT, Smart cities etc I believe there has never been a more acute need for companies to strive to achieve this balance and to act ethically in so doing.
What is your professional background?
I have been working for over 25 years as a lawyer in or with international technology companies. In more recent years, I have been focused on helping well-established and emerging tech companies to adapt their business models to accommodate ever-changing data protection laws.
I am a Solicitor, and a graduate of UCD (BCL) and the College of Europe, Bruges, Belgium. I am a Certified Data Protection Practitioner (PC.dp) as well as holding the CIPP/E certified qualification with the International Association of Privacy Professionals
I am actively involved in educating peers and industry in general about data protection and privacy. I lecture on data protection at the Law Society of Ireland’s school of law as well on its postgraduate courses. At every opportunity, I try to encourage the next generation of lawyers to consider data protection as a specialisation as I believe we need excellent advocates coming up through the ranks to grapple with the increasingly complex area of technology and privacy.
Tell me about yourself away from work?
Away from work my focus is on family and spending time with my husband and two daughters. I try to also carve out some time to catch up with friends.I am very lucky to live by the sea and close to the Wicklow mountains so I try to get out to run/walk with my dog and clear my head.
Tell us something very few people know about you?
Some years ago I had an eventful encounter on he Great Barrier Reef. I attracted the attention of a large fish with sharp teeth that was intent on stalking my every movement. I couldn’t swim without it following me and since I was underwater I couldn't really hide. It ended up taking a sharp bite out of my foot and sent me racing for the surface. Luckily for me after the initial bite, he decided to swim off. Clearly, I didn’t make for fine sea cuisine!
You are speaking at our GDPR Summit on November 6th. What are you speaking about?
During the GDPR Summit I will be talking about what does GDPR mean for Big Data, Analytics, AI and Machine Learning. During the session I will address the question of how companies can continue to conduct analytics on data while meeting the standards of data protection envisioned by the GDPR.
6 months on from the GDPR deadline, what challenges do you see now for organisations implementing the new regulation?
For many companies there was a real rush, with the 25th May deadline looming, to focus on the more obvious GDPR compliance issues like updating website privacy notices, updating standard contract terms and conditions etc. However, I think few businesses have considered the full impact of GDPR on other more complex aspects of their business like their ability to perform day-to-day analytics to get value from their disparate data assets whilst at the same time complying with GDPR. For many companies, the real work on the more complex aspects of GDPR compliance is only just beginning.
Aoife Sexton is speaking at the Sunday Business Post’s GDPR Summit on November 6th in Croke Park. Visitwww.gdpr18.com for full details.