About

GDPR and Data Management are Key topics in today's hi-tech world, the main issue we have is data privacy and how to navigate the abyss. David Clarke shares so much value in this episode about GDPR and Data Management. This is a must listen for all executives and anyone wanting to understand the minefield of GDPR and Data Management. It will alleviate many of the myths around it and some of the panic... WARNING — AI Transcriptions May Cause Grammatically Correct People Serious Stress In today's episode, I'm interviewing David Clarke. And he is a GDPR data protection cyber security expert, and the founder of the GDPR Technology Group. David has operated across FTSE 100s, SMEs and startups, within lots of lots of different industries. And it's a very interesting conversation where we talk about data management, privacy, all the key topics that anyone living in today's society needs to think about, especially if you've got kids this is a really, really important episode. Well, thanks for joining me, David. David Clarke 1:14 Thank you. Pleasure to be here. Nathaniel Schooler 1:16 So I know people probably sick of the words of GDPR. But you know, that's something that you've actually specialized in. And I think people would like to hear a bit more about it really, because you've been focusing around that area for the past few years. And I know, you got a background in cyber security. And I think a lot of people are still kind of behind with the GDPR. David Clarke 1:41 They are and there's plenty of work to be done in many companies. And, you know, at the end of the day, I guess the key is in the title or the regulation. Data protection is looking after people's data. And generally, to make that work, we do have to have a good basis in cyber security, because if we can't put the locks on the door; there's no point kind of talking about privacy. It's almost like giving someone curtains, and they don't even have a window, you need the foundation there to make it work. Nathaniel Schooler 2:12 Right. So where did where do you start? David Clarke 2:18 Ideally, start at the top. And we talk to the board or senior management to work out actually where the scope is? Where the risks are? We then get agreement on where the risks are. And then we put together a plan, starting with is where is your data? And for many companies now, this is highly complex, because everyone's using cloud services, they may have a bit of legacy data. That could be anything that's a few weeks old in reality, it's just maybe on a different system. And of course, how do you know how that data is being used? Who's got access to it? Can you deliver the data, subject rights, so we kind of do this type of analyses. The GDPR talks about, technical and organizational measures, I think there's probably another layer in between, which is the operational measures. And we try and give a company a measure of that, because although you can't really say, this is at 50%, or 60%, where you can do is say, we've made an improvement in the last three months, and we're now improved beyond whatever we were thinking before. So it's a relative measurement. Nathaniel Schooler 3:31 Right. So it's so it's bit like sort of a due diligence procedure? David Clarke 3:37 Actually. I think that's, that's a good way to describe it. Having been on the kind of wrong or right side of many big audits by the big kind of audit companies, the questions are going to be similar. And you know, can you can you answer the questions? And can you go down a number of levels? And if you can fulfill that you've done the best you possibly can. And I think that's really all they're asking for is that you understand it. You know, what to do; things do go wrong, I think it's fully understood things will go wrong horribly, sometimes, but at least you understood what to do and how you control it. Nathaniel Schooler 4:13 Yeah,