Chris Butler spoke on the GDPR Panel at the ICSA Subsidiary Governance Conference in London

On 16th November 2018, Citco GSGS Client Service Leader, Chris Butler, hosted a key panel discussion at ICSA’s Subsidiary Governance Conference 2018. The conference set out to tackle some of the biggest issues facing multinationals and their corporate secretarial teams at the moment, including GDPR, Brexit and liability for human rights in foreign jurisdictions.

The panel in question, featuring Chevron’s Europe Data Protection Officer, Simon Owens, and independent governance and risk consultant, Latha Balakrishnan, alongside the Citco group of companies’ own Chris Butler, tackled GDPR and the picture emerging six months on from its implementation.

The panel went on to outline four key principals to follow to ensure compliance with data protection laws. These were:

  1. Providing a robust audit trail of all internal and external arrangements
  2. Establishing a clear ‘line of sight’ between those responsible for data protection and all internal and external parties
  3. Ensuring the quality of information provided by subsidiaries and commercial partners is sufficient to answer any questions regulators might have
  4. Creating a culture of corporate accountability, recognising that it is everyone’s responsibility to ensure compliance

For large companies, clearly, the stakes are high. Not only does the complexity of data protection grow exponentially with the number of entities under management, but the potential fines are huge. Reports in October alleged that Facebook could receive up to $1.6bn in fines for data breaches post-GDPR.

The scale of the potential consequences for firms found to be at fault stands in deep contrast with confident firms are that they can ensure compliance. Chris Butler commented during the panel: "People in organisations are simply not aware of what they should and shouldn't be doing when it comes to data privacy."