Exclusive Q&A with GDPR Expert, Mark Evans
Published 5 months ago by Robert Taylor
GDPR is causing quite a stir in the business world at the moment! It’s for this very reason we’ve decided to host an event dedicated to exploring the challenges, legalities and opportunities that GDPR could present us.
We sat down with our key speaker, Mark Evans – named one of the top 100 CIOs in 2016, to get to know him a little bit better ahead of the event:
Hi Mark, why don’t you start by telling us a little bit about yourself. How did you get into the IT world?
As Black Country born and raised, I started working in IT straight out of university as an IT manager in the NHS. I then went into contract roles, which led me to work in regional IT support management for Orange and as the Global Infrastructure Director for a container shipping company.
What would you say are some of your biggest achievements?
Being an early adopter of Cloud technology – I would say I’m proud of moving my current employer from on-prem to Private Cloud, then Private to Hybrid, followed by Hybrid to Public. The aim now is to remove all servers and operate everything on a SaaS basis.
Beating Apple, GlaxoSmithKline and PepsiCo to industry awards for “team of the year” and strategy awards was rather special too.
Impressive accolades! How would you define your current role?
CIO in all but name. In short, I define the IT strategy for the business in order to support or drive the general business strategy.
You reference “digital health” quite a lot, what exactly is it?
“Digital Health” is how I define the prevailing operating environment for an individual or a business with regards to threat actors from the malware, hacking or privacy exposure arena.
A person or business has “good” digital health if they adopt best practise for anti-malware software, patching of OS and patching of network hardware. This includes security of physical and digital processes where they pertain to data, as well as adopting an informed, robust approach to protecting themselves against threats such as spear-phishing and social engineering, for example.
What does it mean to have poor digital health?
“Poor” digital health is where an individual or business, by act or omission, fails to put in place the proper defences against threat actors.
That ties into our next questions nicely, what’s your general approach to GDPR?
I make it a point to embrace the challenge and recognise the opportunity. GDPR is here to stay, in one form or another, and it can/will become the standard by which a business lives or dies.
My attitude has always been “If your business model can only survive by using my personal, private data without my agreement then you don’t deserve to be in business – it’s tantamount to theft.”
What have your challenges been with GDPR?
Navigating the well-informed misinformation! Sharing the correct information with colleagues.
I must say that it can be hard biting my tongue when confronted by salespeople who don’t understand the challenges but purport to have a “one stop solution for compliance”.
What do you think is going to be the biggest GDPR challenge that businesses face?
Getting the appropriate people in the same room to thrash it out and aim to get a robust set of mitigating factors in place. Too many people think that they are the sole source of information (IT practitioners and lawyers).
Too many people believe that it’s some other person’s problem. I firmly believe that anyone who uses/touches/processes data for a business needs to be included in the conversation.
Why is it so important for businesses to adjust to the new legislation?
Forget the fines. The real threat is reputational. If a business is shown to be poor in the protection of personal data then they will find that their competitors will use that as a stick to beat them with.
It will be a war of attrition in which the “lowest common denominator” won’t be price/cost, it will be GDPR conformance. Trying to price the business service cheaply at the cost of not considering the obligations under GDPR is not a viable business model.
Powerful stuff, Mark! Thanks for speaking to us.
If you’d like to hear more of what Mark has to say about GDPR, come along to our ‘GDPR: Leave your ego at the door’ event in Birmingham on Thursday the 12th October at 6pm.