Friday August 7, 2020

Half of small to mid-sized companies not ready for data privacy laws

Privacy expert Paul Jordan says that as with any changes to an existing regulation, acknowledgement, acceptance and adoption can be a slow process – the GDPR is no exception

17th July, 2017
Managing Director Europe of the IAPP, Paul Jordan

What's your name?

Paul Jordan

What position do you hold?

Managing Director Europe of the IAPP – International Association of Privacy Professional. My mandate extends to Middle-East and Africa as well as neighbouring regions.

How long have you held the position?

I have been in the position since February 2015

What are your day to day responsibilities?

The IAPP European office is based in Brussels not far from the European Parliament. I have an external role representing the IAPP to the privacy and data protection stakeholder community across Europe: both public and private sectors. I oversee the implementation of our strategic planning in the region and lead all our efforts in expanding IAPP's footprint in Europe; from membership, customer, and local chapter care through to overall business development activity. In addition to this, I am responsible for our small but growing staff team as we look to satisfy an increasing market demand for IAPP products and services. As you can imagine with the advent of the GDPR, as well as the e-privacy regulation, we are kept relatively busy.

What is your professional background?

I have a business economics degree with a specialization in human resources management from the Vrije Universiteit Brussels (VUB) and Boston University. I began my career as a consultant with Deloitte, but have also worked in several corporate management positions, as well as for the European Commission in foreign affairs. I started working for, and representing business and professional associations over the course of the last ten years.

Tell me about yourself away from work?

Married with two boys, the bulk of my free time is spent with family. I do like to cook, and I try to keep up with general fitness through the gym and early morning runs: I do half marathons when I feel I can! I travel a fair deal and always have a book or two on the go; I enjoy reading history and historical fiction. There is always something you can learn from history.

Tell us something very few people know about you?

I have a creative side, and almost chose to study business and fashion in London all those years ago, my professional journey could have been very different.

You are speaking at our GDPR Summit in September. What are you speaking about?

I am speaking to GDPR readiness ahead of May 2018; what companies need to be doing to get ready. I will speak to how the GDPR is influencing the business landscape, and what practical measures companies should be pursuing to mitigate their exposure and risk.

What challenges do you see for organisations implementing the new regulations?

As with any changes to an existing regulation, acknowledgement, acceptance and adoption can be a slow process – the GDPR is no exception. Numerous studies in 2017 have shown that across Europe 50 per cent or more of SMBs (small to mid-sized companies) are far from being ready for GDPR. Barring the multinational and larger companies who by their very nature have significant data processing operations and cross-border business interests, getting the message for action across to the bulk of European companies has been a challenge; one needs to recognize the changing landscape of data protection and privacy issues and how that affects business (globally), particularly in an increasing digital age. Legal compliance is one thing, articulating it as business enablement and practice for companies is equally important. Obtaining senior management buy-in is critical, as well as establishing a starting point along with appropriate budgetary support as needed is key. Assessing and mapping the strategic importance of data protection to business models and continuity should not be underestimated; this can be a complex process. GDPR is a significant piece of legislation which stands to bring about considerable behavioural evolution for both companies and consumers.

Paul Jordan, Managing Director Europe of the IAPP will be participating in The GDPR Summit on September 12th at Croke Park. For more information on this important summit please visit

Share this post

Related Stories

Dublin-based Gamma went from Bizmaps to Eircode and is now incubating location-tech solutions for other sectors

Elaine O'Regan | 5 days ago

Dublin firm eXpd8 hopes the Thread Legal system, developed in collaboration with Microsoft, will be a launchpad for expansion

Elaine O'Regan | 5 days ago

Ciara Garvan launched WorkJuggle in 2016 for professionals looking to take control of their work-life balances

Elaine O'Regan | 5 days ago