At a conference April 18 at Santa Clara University, legal and compliance professionals from Facebook, Uber, Salesforce and Dropbox shared how they are dealing with new EU data-protection rules.
For tech companies, there is a new sheriff in town, and it’s the European Union, wielding the consumer-data-protection rule, General Data Protection Regulation (GDPR), which takes effect this coming May. Although the rules apply only to EU customers—regulating how their information is collected, processed, stored and shared—companies in Silicon Valley and worldwide must comply with GDPR for their EU customer base. Many small – to medium-sized businesses face challenges to comply, while still achieving cutting-edge innovation.
At an evening conference April 18, practitioners from leading Silicon Valley tech companies joined a panel discussion to share how they are operationalizing compliance with this new rule, while still innovating at scale. The panel comprised of Stu Eaton, director of legal at Uber, Andrew Rausa, senior product and privacy counsel at Facebook, Amanda Katzenstein, product and privacy counsel at Salesforce.org, and Tolga Erbay, head of risk and compliance at Dropbox. They spoke to a packed room of nearly 150 audience members in the Benson Center. The conference was co-hosted by Santa Clara University School of Law’s High Tech Law Journal and Privacy Law Student Organization, and co-organized with the International Association of Privacy Professionals (IAPP)’s San Francisco Bay Area KnowledgeNet Chapter.
Rafae Bhatti, a board member of both the Privacy Law Student Organization and High Tech Law Journal, moderated the panel. He noted that it marked the second annual speaker series event co-organized with the IAPP, attracting a large number of industry professionals and providing an opportunity for students to connect with them. The Dean of the School of Law, Lisa Kloppenberg, gave opening remarks and welcomed the attendees.
The panelists provided practical advice on best strategies to getting up to speed on compliance with GDPR before the May deadline, pointing out the hardest challenges and how to overcome them. Stu shared his experiences on how to ensure privacy in the product development lifecycle when building multiple products and features at scale. Andrew discussed how enforcement priorities are shaping compliance approach for tech companies, and what should companies be immediately concerned about. Amanda talked about reviewing the obligations related to subcontractors and employees. Tolga explained the role of risk management frameworks in demonstrating compliance. A candid and lively question and answer session followed the panel, and the panelists even stayed over the alloted time to cover the questions posed by a very engaging audience. (A link to a detailed report capturing the event proceedings, including the Q&A, is included below.)
The event was co-sponsored by BigID and One Trust. The IAPP offered CPE credits and the University offered CLE credits to the attendees of the program.
Dean Lisa Kloppenberg speaking at event.
Press coverage: The Recorder
Report: An event report composed by Privacy Certificate student Tay Nguyen can be found here.
