Business Leader recently met up with Dyann Heward-Mills, CEO of data protection consultancy HewardMills, to discuss how her company is setting themselves apart in the industry, and what the future challenges will be.
Can you give us an overview of HewardMills?
HewardMills provides world class data protection officer (DPO) support for organisations. We help companies comply with data laws and regulations, including cybersecurity standards and regulatory requirements arising from emerging technologies.
We are truly global, operating across 71 jurisdictions and are celebrating our second anniversary at the end of March. It’s been an incredible two years and we’ve accomplished so much, having established operations in London, Dublin, Switzerland, Germany, Singapore, San Francisco and Ghana.
What services do you offer?
We are comprised of a multi-disciplinary team of data protection practitioners, lawyers, data analysts, social scientists, and cyber security experts with a wealth of data protection and privacy knowledge.
Our tailored approach for each client is structured around our four pillars; corporate governance, privacy operations, policies and procedures, and training. Through this we are able to operate a lean and agile model allowing our clients to flex up or down as their requirements change.
We both act as a DPO and support internal DPOs. Since the role out of GDPR in 2018, a DPO has become a mandatory role for many organisations and one that requires total autonomy from all stakeholders. This is where outsourced DPO agencies come in. We can cover the length and breadth of data regulations including training, policy reviews, conducting data protection impact assessments to ensure compliance and proactive protection against breaches.
Our team of experts are also able to deliver excellence in multiple languages including English, German, French, Portuguese, Italian, Spanish, Albanian, Cantonese and Dutch. Helping our clients to navigate the complex regulations across many different jurisdictions.
How have the data protection and cybersecurity markets evolved in recent years?
Over the past few years, new and changing laws coupled with rapidly developing technology have made it a tumultuous time for data protection and cybersecurity.
GDPR was a watershed moment in the world of data regulation but it was only the start of this new, more vigilant, era. While some of these regulatory frameworks are more mature than others, one thing has become clear, the world has moved forward from the relatively loosely regulated markets of early 2000s, when modern digital technology was still in its infancy.
What will be interesting over the next few years is how so many disparate countries, with vastly different cultural experiences and levels of regulation, will work together in a global marketplace.
What have been the main challenges facing the industry in recent years?
The rapid growth across every aspect of data regulation can make it difficult for companies to keep up. Many organizations may not even know if they’re compliant or not or whether they are under a mandatory obligation to appoint a DPO. Our aim is to support companies of all sizes to comply with relevant laws and proactively combat data breaches. This can be an especially overwhelming task for companies with a small team, or one person, that is responsible for everything to do with data privacy. This becomes even more complicated when organisations work across multiple jurisdictions with constantly evolving regulations.
There is also an industry wide shortage of cybersecurity and data protection talent. Cybersecurity is inherently asymmetrical, the hacker has speed and time, and the fact that they only need to get it right once, on their side. On the other hand, the defender must have all their bases covered, secure, and constantly updated against the latest threats.
What are the current trends within data protection – and what should companies be aware of in the near future?
There is a wave of new regulation going through approval stages in the coming months including Brazil’s LGPD, Thailand’s PDPA, India’s PDPB, and South Korea’s PIPA. All of which are likely to go through further amends later in 2020.
Data regulation is becoming more focussed and is increasingly homing in on specific industries. In particular, we will see the fintech and health-tech industries being put in the spotlight as regulators and consumers heighten their expectations on ethics, trust and transparency.
We expect to see a greater shift in roles and responsibilities within organisations when it comes to who is handling and accountable for data. The scope of work can become too complex for a single individual. This, along with the need for an independent data protection officer, will see a rise in the demand for out-sourced DPOs.
What are the future plans for the company?
We want our clients to see us as an extension of themselves. We are here to support and equip businesses to build in data protection by design and trust before things get too complex or regulator investigations, complaints and breaches happen.
As the world becomes even more intertwined with companies increasingly likely to operate across multiple jurisdictions, we look to continue to expand our services to all four corners of the world. Currently, we have feet on the ground in London, Dublin, San Francisco, Singapore, Switzerland, and Germany with ambitions to expand across the Americas, Africa and Asia-Pacific.