GDPR Two Years On: Compliance Lessons Learned

General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy

Attorneys Discuss Gaps That Still Need To Be Addressed


From left: attorneys Jonathan Armstrong, David Dumont and Kelsey Finch

Now that it’s been two years since enforcement of the European Union’s General Data Protection Regulation began, three attorneys – Kelsey Finch, Jonathan Armstrong and David Dumont – reflect on the lessons learned so far and the compliance gaps that still need to be addressed.

See Also: Restructuring Your Third-Party Risk Management Program

“The notion that GDPR would be cost-neutral for businesses has been wrong,” Armstrong says. “There are few benefits to businesses. This promised ‘single road’ where data protection law would be the same across the EU, therefore saving businesses millions, has been proven to be nonsense.”

In an in-depth video panel discussion with Information Security Media Group, the three attorneys discuss:

  • Whether citizens and businesses are better off since the enforcement of GDPR;
  • What challenges still remain;
  • How new technologies, such as artificial intelligence and facial recognition, will impact the nature of privacy.

Finch is senior counsel at the Future of Privacy Forum, based in Seattle. She leads the organization’s smart cities working group. Previously, she was an inaugural Westin Fellow at the International Association of Privacy Professionals.

Armstrong, an experienced lawyer with Cordery in London, is an expert on data protection and data security law. He advises multinational companies on risk, compliance and technology.

Dumont is a partner at the U.S.-based law firm Hunton Andrews Kurth who leads its Brussels privacy and cybersecurity practice. He assists multinational clients with GDPR compliance.

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips