• Skip to main content
  • Skip to primary sidebar

Shamrock Information Security

  • Home
  • About
    • Biography
      • Publications
    • Certifications
    • Company details
  • Services
    • Information Security consultancy
    • Information Security auditing
    • Information Security interim positions
    • Data Protection and GDPR Consultancy
    • Data Protection / Privacy interim positions
    • Data Governance Consultancy
    • Data Protection (Information Privacy) Certification Training
  • Contact us!
  • Blog

2016-03-09 by Drs. Andor Demarteau

GDPR Comprehensive

For the last almost 4 years, the bureaucrats in Brussels have been discussing the way the privacy laws in the European Union should be harmonised. December last year they finally reached agreement on the new general data protection regulation (gdpr) that will, if formally adopted, replace the 95/46/EC data protection directive and all national laws that implemented this directive in their national frameworks.
The International Association of Privacy Professionals (IAPP) organised a 2 day training session on the 22nd and 23rd of February to bring me and other privacy pros up to steam on this new opportunity for job security in the coming years.

Okay, it was half a day less then I expected. But it was a jampacked full program that left no time (except lunch and coffee breaks) to be flooded with presentations on the new European privacy laws.
Interestingly, not surprising though, there was one common theme in the entire program. All presenters stressed that as we didn’t know the final text of the document yet, all or some information given in the presentations could very well be incorrect.
(update April 2016: the final text has been released and adopted by the European Parlement, how much has changed compared to the December 2015 text remains to be seen).

Another interesting point made by various speakers stressed that although the European Union really wanted to have one privacy law to replace them all, they did not succeed. Some 50 odd points will remain that will be decided on a per country basis. Some of them dealing with criminal law are understandable, though some others could very well have been incorporated and are probably more due to EU back room diplomacy then factual differences between the member states.

The GDPR also highlights several categories of policies and measures to be taken to protect personal data, including but not limited to the use of cryptography. This much to the dismay of one of the presenters who clearly had some difficulty with this, I must agree, difficult topic.
This though quite elegantly highlighted the need for privacy professionals with a strong information security background and understanding.

The last session was formed by a panel of data protection agency representatives who had to answer some quite interesting and relevant questions. The upshot of which seemed to be that most of the agencies are understaffed and may not have the power to fully enforce the current data protection laws in their own country let alone the new laws coming from Europe as well, although they will replace their local laws for the most part. This may well lead to less high-profile cases to be lead aside in favour of high profile and media interesting once. Although an understandable choice, this, in the end, may undermine more of our fundamental human right of privacy (article 8 ECHR) then we are willing to admit now.

And finally you sometimes see things happening that make no sense whatsoever. Whilst I have my thoughts about a privacy association accepting money from companies that take our privacy not too seriously and have a recent or infamous track record to show this fact very clearly. Letting somebody from one of those companies speak at your training event and specifically on the topic of compliancy really takes the biscuit.
Though the presenter in question may have had a very good track record in the privacy field and I am the first to admit you can certainly make mistakes in your career choices. Somehow having the company name of a notorious data protection violator next to your name really doesn’t help your believability now does it?

Filed Under: Noteworthy Series Tagged With: GDPR, IAPP

Primary Sidebar

Testimonials

IFS, DPC & GDPR

We were introduced to Shamrock Information Security during the development of the AVTN.TV Television News Project. As the projected demands on our systems; need to protect the company from Cyber Attacks; and ensure corporate practices were GDPR compliant increased, Shamrock became invaluable in advising us on the necessary structures and requirements. Their work is most evident within the relevant pages of the AVTN.TV Investment Proposal. I highly recommend their services, and wouldn’t hesitate to commission them in the future.

Phillip Covell, CEO, AVTN.TV

Phillip Covell
AVTN.TV

Great advice on all things to do with privacy and information security

I’ve worked with a lot of privacy and InfoSec professionals over the past couple of decades but few of them had minds as sharp and knowledgeable as those at Shamrock. For insightful and focussed advice on security/privacy matters, Shamrock is hard to beat!

William Hern
trust-hub

Training Feedback

Very knowledgeable trainer nice venue plenty of interaction possible.
If you are looking for an IAPP trainer I can commend this course to you.

Raymond Ford
GDPR Institute

CIPP/E training

I have a lot of experience this field, but there are always areas you are stronger and weaker on. Shamrock covered the exam content thoroughly, such that I was able to focus on the areas that would benefit from some revision.

I would recommend Shamrock training courses for beginners and experts alike.

David Nunn
trust-hub.com
  • Privacy
  • Cookie policy
  • Terms of service
  • Contact us!

Copyright © 2022 · Executive Pro on Genesis Framework · WordPress · Log in

Posting....