What’s Been Done for Data Privacy Since GDPR? - InterSystems


Search the portal for all insights below:

Generic filters
Other Sectors

What’s Been Done for Data Privacy Since GDPR?

A growing number of consumers are concerned about their privacy and the security of their personal information.

Research from the Global Web Index finding that 51% of European respondents are concerned about the Internet eroding their personal privacy, while 60% worry about how their personal information is being used by companies. With big data breaches, such as recent ones that exposed the data of almost 400 million people and health and credit card information easily available on the dark web, it’s no wonder fewer people are willing to part with their personal information.

As a result, privacy continues to be the most important aspect of data management a year on from the introduction of GDPR in Europe to protect consumers’ privacy and safeguard their data. Owing to GDPR and high-profile data breaches, people now realise the importance and value of their data and, consequently, they are demanding greater control over it with some are unwilling to give up their information at all.

Although organisations have already put processes in place to drive compliance with GDPR, they must recognise and acknowledge this consumer trend and continue to enhance their processes and policies to sustain a data privacy program which ensures the proper protections and safeguards. Failing to do so could result not only in fines from regulatory agencies but also the loss of their customers’ trust. So, what are businesses doing to improve privacy? And, what does information ethics mean for data privacy?


A growing number of businesses have been trying to put data privacy on the radar of their entire employee base. In these organisations, it is becoming everyone’s mission to understand the provenance and use of information, with everyone taking accountability for how the organisation collects, uses, and shares personal information.

This culture of accountability is something that is also being extended to how organisations talk to their customers about data privacy. Businesses are now being more open and inclusive, telling customers about what they are doing with personal information and how they are protecting it. This approach is championed by leaders like Shell CEO, Ben van Beurden who believes transparency and ethical behaviour are integral to gaining public trust.

New roles

Businesses are increasingly looking at the idea of ethics in relation to data privacy and security, and as such, more and more organisations are thinking about not what they could do with data but what they should do with data. And this should is not from the perspective of doing more with the data, but rather, doing more to add value to the relationship with the consumer.

Part of this involves the growing complexity concerning who should have access to personal information, for what the personal information can be used, and whether data should be used for anything other than its initial purpose, even if that is for the benefit of the consumer. Consequently, businesses must take a clear view on these issues to maintain trust with their consumers. This is driving some businesses, like ourselves, to develop new roles with the sole purpose of protecting privacy.

Here at InterSystems, we have appointed a Data Protection Officer, to ensure we not only maintain compliance but also trust through the ethical use of personal information. The creation of these roles, sometimes called a Trust and Ethics Officer or a Chief Ethics Officer, sends a strong message that trust, and by extension, privacy, security, and ethics, are at the forefront of the culture of an organisation.

Governance frameworks

Governance frameworks ensure appropriate behaviour in the creation, storage, use, and deletion of information through the integration of processes at all levels of an organisation. Organisations are implementing these to look at the issues of privacy and security and how the related business processes can be consistently and reliably implemented across an organisation. Within such a framework, businesses focus on the collection, use, and disclosure of personal information and, with regards to security, setting a concentration on the confidentiality, integrity, and availability of that information.

A year on from GDPR, and compliance and data privacy remain at the top of the agenda for most organisations. Ultimately, maintaining data privacy is an ongoing battle. As a result, companies are implementing new processes and ways of working, as well as developing a culture of accountability that supports the company’s efforts to maintain a data privacy program led by a Data Protection Officer, Trust and Ethics Officer, or Chief Ethics Officer. In time, we will see more follow suit, with trust and ethics driving decisions on the processing of personal information.

Ken Mortensen

Data Protection Officer Global Trust and Privacy, InterSystems. As an attorney and engineer, Ken Mortensen is a privacy and security professional with over 20 years of legal and over 30 years of IT experience. Based in Cambridge, Mass., Ken currently leads Global Trust and Privacy at InterSystems as the Data Protection Officer. He works globally across the company to enhance information privacy, governance, and cyber risk processes. Before InterSystems, Ken served in a number of chief privacy and security roles at PwC, CVS Health, and Boston Scientific.
Please click here to opt-in for marketing communications, newsletters, event invitations and more