2023 UK Data Privacy Intensive: What Did We Learn?

Lionbridge understands the importance of keeping data secure under any circumstances. The ability to process information on behalf of our customers is part of the lifeblood of Lionbridge. We recognize that security, privacy, and compliance are the foundations of trust in our information-centric world. That's why we're proud members of the International Association of Privacy Professionals (IAPP), the largest and most comprehensive global information privacy community and resource.

Each year, the IAPP holds a Data Protection Intensive conference to discuss the most relevant topics in data protection and privacy, featuring educational talks by key thought leaders and professional authorities from around the world. The 2023 UK Data Protection Intensive (UK:DPI) was held in London from March 8-10, where UK policymakers, information commissioners, privacy activists, and other government officials advised a record crowd on best practices, emerging trends, crucial issues, new technologies, and opportunities in the field of information privacy. The event also included breakout sessions on operational and policy topics and a full networking program schedule.

Lionbridge's own Javi Perez attended the conference to mentor new privacy professionals and exchange knowledge with other industry leaders. As Director of Privacy and Compliance, Javi is responsible for ensuring Lionbridge is compliant with data protection laws in all areas of operation. He identifies new and emerging legislation and assists with the implementation, review, and amendments of our privacy policies and services. His attendance at the 2023 UK:DPI allowed Lionbridge to gain valuable insights from global data privacy and security authorities.

In this recap Q&A, Javi shares what he learned at the 2023 IAPP UK Data Protection Intensive.

1. What was your experience at the 2023 UK:DPI?

I had the privilege of coordinating three speakers’ sessions as a Track Chair. I also led the session “Diversity in Privacy,” which focused on the different professional backgrounds one can apply to data privacy practices, such as technical, compliance, risk, legal, etc.

Most importantly, I was able to meet new privacy colleagues, with whom I had the opportunity to exchange ideas and opinions on different topics.

2. Did you notice any key themes or recurring terminology throughout the conference?

Trust. This is the most important term any company must consider. Trust from customers and employees is everything, and if you lose it, it can be very difficult to recover. As a business, it's crucial to remember that your customers are trusting you with their information. You have a duty to process it only for the agreed purposes, safeguard it, and dispose of it once it has fulfilled its purpose.

3. What should companies consider when communicating their Privacy and Data Protection commitments internally and externally?

Consider humanizing the content in your communications. Using technical language, or “legalese,” can make your content difficult for the average person to understand. Tailor your message to your audience. Communicate your commitments and objectives clearly and transparently. Use simple language so anyone can understand what you will be doing with the information they entrust you with.

4. What are the most important initiatives/actions a company must undertake in 2023?

Make sure to stay on top of training and awareness within your organization. All employees, irrespective of their position, need to know the importance of personal data, both from their customers and employees. Take a step back and assess the effectiveness of your training. Identify improvement opportunities and ask yourself: Is there a way we can improve on our current initiatives to make them more impactful? Look into your privacy and security training, identify opportunities, and engage with different areas of the business for success. Training shouldn't be limited to once a year. It should be a constant engagement between the Data Protection Officer (DPO) and employees, with an open line of communication. Be present, meet employees face to face (if possible), and ask for their feedback. A successful awareness and training campaign is dependent on relevant and resonant content.

5. What does a successful Privacy by Design implementation look like?

Transparent and strong collaboration between the DPO, product owners, and IT.

All parties must be engaged from the conception stage to identify the purpose of the initiative/technology, its defined use, data flow, end-to-end data lifecycle, limitations, and applicable controls. Perform a Data Protection Impact Assessment and designate the parties responsible for implementing those controls. This should not be a one-time collaboration. Instead, it must be a continuous engagement between different areas of the business to ensure the appropriate controls from the people, process, and technology perspectives are implemented. Data Protection should be viewed as a business enablement rather than an obstacle.

How Lionbridge Strives to Protect Your Data

Our mission is to earn and preserve our customers’ trust. Led by our Chief Trust Officer, Lionbridge's dedicated security and privacy teams are committed to protecting our digital and physical environment. We ensure that any data received from our customers is protected and all regional compliance requirements are met with ISO 27001 and 27701 certifications.

We recognize there are regions that impose stricter privacy and compliance requirements for businesses. To meet these differing standards, we have created a Global Privacy Program led by our Data Protection Officer based in Ireland. This program ensures Lionbridge meets our regulatory commitments across all regions in which we offer services.

No matter where you are located, our experts adhere to the highest standards of compliance to ensure the security of your information.