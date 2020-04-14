The OneTrust DataGuidance ‘Thought Leaders in Privacy’ interview series is filmed across the world with leading privacy professionals discussing their advice for staying ahead of the curve and how privacy connects on a wider level with businesses and society. The series captures ideas from a range of subjects including; GDPR and CCPA requirements, data security and breach notification, risk & compliance and emerging technologies.

We spoke to Fabrice Naftalski, Partner, Attorney at Law and Global Head of Data Protection at EY Law in February 2020. Leading the EY Law services on data protection laws globally, Fabrice works on contractual and regulatory projects in connection with the use of information technology and assists French and European clients in data protection compliance programs and tools. He has been a lawyer for 20 years and is a former member of the IAPP Europe Advisory Board. Fabrice shares his recommendations for complying with data protection laws on a global level as well as sharing his thoughts on the key developments he foresees over the coming years.

Global privacy program management challenges and recommendations

Fabrice notes that there are two challenges for organizations operating across several countries: first, organizations need to find ways of keeping regularly updated regarding regulatory developments in each of the countries and to avoid potential fines. The second challenge relates to interoperability of frameworks.

Fabrice highlights, “The good news is that there is a set of common standards and, to a certain extent, the GDPR’s principles and requirements are present in other laws, and therefore this can be a starting point.”

Fabrice continues to recommend that a clear picture is built of the variations in regulation that apply to the business. Once this is well-defined, Fabrice recommends working toward a set of common standards that apply across jurisdictional regulations.

“The fact that we have similar requirements will facilitate onboarding of all stakeholders. Stakeholders from many countries but also stakeholders from many businesses and that is an important point.”

Going beyond the appointment of data protection officers and privacy champions, Fabrice notes that ensuring buy-in across the business and raising awareness of the common standards within the teams that actually handle personal data is key.

The future for global compliance

Looking ahead, Fabrice believes that one of the more interesting areas of developing privacy regulation is with respect to new trends in technologies. Specifically on artificial intelligence, Fabrice notes the challenges that are already being faced with the use of this technology.

“Artificial intelligence is a challenge in terms of its ability, in terms of ownership of the data, and in terms of ethics. And one issue will be to assess to which extent new pieces of legislation will be able to address these types of challenges.”

Fabrice is unsure whether new AI legislation is necessary, as there is already plenty of existing IP and software orientated legislation to keep up with new developments, in addition to data protection legislation which can be adapted to reinforce the ethical use of such technology.

Watch the full interview with Fabrice where he talks further about how organisations can manage and adapt global privacy programs to continued emerging regulation to as well as the emerging global privacy laws he is tracking.