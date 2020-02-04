OneTrust DataGuidance’s ‘Thought Leaders In Privacy’ interview series is filmed across the world with leading privacy professionals discussing their advice for staying ahead of the curve and how privacy connects on a wider level with businesses and society. The series captures ideas from a range of subjects including; GDPR requirements, cookie law, data security and breach notification, risk & compliance and emerging technologies.

We spoke to Alexandra Cebulsky, Senior Legal Counsel, Global Data Privacy at Accenture in September 2019. Accenture is a Fortune 500 listed company, that offer professional services in strategy, consulting, digital, technology and more. Alexandra describes some of the impacts of data privacy regulations on areas such as third-party risk management as well as explaining the developments she has seen within Accenture’s clients in regard to data privacy and data management.

GDPR Compliance

Alexandra explains how Accenture’s clients have shifted their focus towards data privacy and data management since the implementation of the GDPR, however she notes that this is not always from a compliance point of view but often from an organisational or operational position to drive improvement within the company.

There is also a focus on staying on top of emerging technologies and regulations surrounding their use, as Alexandra comments;

“…[Our clients] respond to certain new trends in technology like digitalisation or other technology trends like IOT, which more and more, need an answer about how you manage data and handle the data.”

It is this shift in perspective that builds into the wider need for organisations to have a solid structure to compliance processes, how third parties are managed, and how efficiency can be encouraged within an organisation’s ongoing privacy compliance.

Third Party Risk Management

Recent regulatory changes have led to data privacy having a greater effect on third party risk management and Alexandra details that processes such as due-diligence and a greater focus on a vendor’s own privacy program poses a number of questions to the data controller as well as suggesting ways to answer these.

“I personally believe that the focus from our side, at Accenture, as we are obviously a third-party, is to leverage certifications, because they can at least testify, to a certain extent, our operational readiness and organisational readiness on how we have implemented certain controls.”

Although there are no specific GDPR certifications available, Alexandra notes the importance of existing certifications, in areas such as security compliance, that become an significant component of a privacy program.

Watch the full interview with Alexandra where she expands further on how she foresees the privacy landscape changing over the coming years, developments in jurisdictional privacy laws and the relationship between data management within emerging technologies.