Data Protection Leader Magazine | July 2022
Data Protection Leader is the bi-monthly magazine from OneTrust DataGuidance featuring interviews with some of privacy’s top voices as well as expert insight and analysis on trending topics in data protection, cybersecurity, and beyond. In this issue, Danique Knibbeler, Max Mohrmann, and Sarah Zadeh from NautaDutilh N.V. discuss the privacy and security issues related to the metaverse. Alex Sharpe from Sharpe Management Consulting LLC provides us with insight into breach liability in an employment context. And Grigoris Sarlidis, Partner at A.G. Erotocritou LLC discusses the benefits of implementing a privacy training program. This issue also features an interview with Melis Mert, Managing Associate at BTS & Partners as well as insight into the American Data Privacy & Protection Act (ADPPA) and other articles from the OneTrust DataGuidance privacy analyst team.
Addressing the international data transfers heatwave
In this issue, Eduardo Ustaran, Partner at Hogan Lovells, provides us with his take on international data transfers in light of recent developments from European supervisory authorities.
“In my experience, measures such as robust contractual assurances and privacy governance on the ground can go a very long way. It is vital for regulators to support this, as otherwise there is a risk that individual stakeholders may see this as an impossible challenge to tackle. Now is not the time to discourage global players from contributing to the solution by deploying absolutist regulatory stances.”
Are employers liable for breaches resulting from employee actions?
Alex Sharpe, Principal at Sharpe Management Consulting LLC, discusses how organizations can develop a framework for breach notification, as well as five steps to help protect, detect, and recover, in the event of a breach.
“Now that 'cybersecurity' is a board-level conversation, the question of whether employers are liable for breaches resulting from employee actions is frequently discussed. While the answer is straightforward, what to do about it is much more nuanced.”
Privacy and security concerns in the metaverse
In their article, Danique Knibbeler, Max Mohrmann, and Sarah Zadeh, from NautaDutilh N.V., discuss the GDPR and other global privacy laws and how they interact with the metaverse.
“Based on the current data legislations and proposals, we see room for improvement, namely in providing clarity in relation to the interplay between the different legal frameworks which apply to the metaverse. In addition, due to the use of, and interoperability between, the platforms and devices, the metaverse is prone to security risks and risks with respect to the processing of personal data, especially in regards to the unique profiles of end-users.”
Implementing training and awareness
Grigoris Sarlidis, Partner at A.G. Erotocritou LLC, discusses the importance of security awareness training, sets out key types of training that firms may consider adopting in order to strengthen their data security, and shares some tips for making employees become more privacy-aware.
“In today's world of hacking, phishing, malware, and other (technology and non-technology related) never-ending threats, the need for security and privacy training is more important than ever. The reputational damage caused by a data breach can be unquantifiable and have grave consequences on revenue and business continuity.”