Whenever compliance practitioners gather, the conversation usually centers around shared problems, collaborative solutions, and an overall “we’re all in this together” vibe.
I was definitely feeling that vibe at the Compliance Week Europe conference in Amsterdam, but there was another sentiment that was equally pervasive among attendees: a stunning lack of clarity around two of the biggest issues facing the compliance community.
The 6-month-old General Data Protection Regulation (GDPR) and Britain’s upcoming divorce from the European Union both have a tremendous impact on European compliance, but strategizing solutions around either one has proven to be difficult due to a lack of guidance and, in the case of Brexit, just plain chaos.
On GDPR, we brought in the vice chairman of the European Data Protection Board, whose message was, essentially, that they’re still trying to figure out how this regulation is going to work in practice. For those looking for answers (and there were many), that wasn’t exactly reassuring.
Interpretation and enforcement of the regulation is up to the data protection authorities in each of the 28 nations in the European Union, and no real precedents have been set that could indicate which aspects of GDPR are more likely to be enforced most stringently in which areas.
We also heard from a prominent data privacy activist, who said he expects the level of enforcement throughout Europe to be uneven and unpredictable. He called out European regulators for being lax on data privacy in the past and questioned whether GDPR would have the teeth many predicted it would when it was enacted.
And then there’s Brexit, the soap opera that provides endless fodder for the British tabloids but almost no clarity for those tasked with making sure companies are in compliance with the rules that will govern the new relationship between Britain and the European Union starting next March.
British Prime Minister Theresa May and her cabinet presented their Brexit plan to the European Union, which approved the deal in late November. The fun, however, is just beginning, as the plan in its current form seems to have little chance of being OK’d by the U.K. Parliament, and EU leaders have no appetite for making adjustments. From overseas, it seems to be a game of chicken between politicians. From the front-row vantage point of the U.K. compliance community, it’s nothing short of a nightmare.
One CCO at Compliance Week Europe put it bluntly: “We’ve made plans for every possible Brexit outcome, but we’re not crazy enough to start implementing anything until we know for sure which way this is going.”
For a group whose job it is to ensure rules are followed and who appreciates stability and transparency, compliance officers in Europe find themselves blindfolded by uncertainty and in need of a flexible game plan on a pair of issues that will have a huge impact on how they do their jobs in the foreseeable future.