The PICCASO Privacy Awards celebrated the people and organisations making a significant contribution to privacy and data protection on December 8th, 2022.
The awards ceremony took place at the Grosvenor House ballroom in London and featured keynotes by Vivienne Artz OBE, and Liberal Democrat peer Lord Clement-Jones CBE, as well as a virtual message from Information Commissioner John Edwards.
The awards recognise privacy professionals working in a fast-growing and constantly changing sector. With technology and data playing an important role in society, the PICCASO Awards celebrate those working to keep personal data safe and support trusted innovation.
From over 140 finalists, 19 winners were selected by a judging panel that included Elizabeth Denham CBE, Stewart Dresner, and Joe Jones.
All PICCASO Privacy Awards finalists were individuals and organizations that are leading the way in advancing privacy thought leadership and innovation in data protection.
Here are some insights on data protection and privacy from each of the winners.
Privacy Leader of the Year: Technology
Q. What are some of the key trends that you see emerging in the technology sector with regards to privacy and data protection? And how do you think these trends will impact businesses and consumers in the future?
“We are seeing a big trend in understanding how privacy can apply in difficult and new areas. For example, artificial intelligence, the metaverse, virtual reality, and augmented reality.
“That’s a big trend, and privacy professionals are very much at the heart of it because we want this innovation to work for people. We don’t want to compromise on privacy.
“On the other end, we are seeing technology for privacy. We are seeing a lot of technology, such as differential privacy and homomorphic encryption, being used to increase privacy and data protection. Both elements are coming together.”
ESG Privacy Initiative
Q. How do you see the relationship between privacy and ESG evolving in the future? And how could organizations ensure that they continue to prioritize privacy in their ESG initiatives?
“Privacy within ESG has to become a key trigger that we need to think outside the box and logically about our information and how it can support the environment, social care communities, and so on.
“It has to be a time when privacy is leading the way, not sitting behind waiting to be asked a question. We have to be out there now saying that we can do this better if we come up with logical solutions.”
Best Innovative Privacy Project
Q. Your final policy brief will recommend new transparency measures across all publicly funded websites and apps. What is the potential impact of these recommendations on people’s privacy?
“Improved transparency, informed consent, and being compliant with the General Data Protection Regulation (GDPR).”
“Because GDPR is very strong, but it’s not being complied with because web developers, they’re not aware of the amount of tracking in the development environments that they create.”
Best Privacy Culture Improvement Award
Q. What motivated RX Global to invest heavily in improving its privacy and data protection compliance?
“The main driver for us was ensuring trust from our customers. In order for us to receive the data we need to improve our services, they need to trust us to protect it.
“The only way we can do that is if privacy comes from the top of the organisation.”
Best Privacy Programme Award
Q. What are some of the key innovations and best practices implemented by TCS in its privacy program, and how do you plan on continuing to improve the program in future?
“Not only have we done work within our own organisation but as a supplier in the industry to 300 customers, we’ve created a pure partnership through forums, engagement, and transparent discussions to smooth the transition.
“And in doing that, we’ve found great new opportunities and a real trusted relationship.”
Bridging the Privacy and Security Gap Award
Q. How do you see the relationship between privacy and security evolving in the future, and how does Royal Mail plan to adapt to these changes and continue to excel in both arenas?
“This evening, you are joined by Royal Mail’s CISO and Royal Mail’s DPO—and the guy that runs the Think Secure program that brings it together.
I think both teams have a shared goal of protecting the company, protecting our data, and we’ve been working really closely to communicate that to our colleagues. That’s how we work.”
Most Impactful Privacy Product of the Year
Q. What sets Zivver apart from other privacy products on the market and how do you plan to continue innovating and improving your offering in future?
“Our focus is on usability and empowering users to make the right choices and make sure they get privacy right, over seeing users as bad actors and a risk.
“That is a new way of thinking about how privacy is best managed.”
Q. How do you see the role of the DPO evolving in the future, and what challenges and opportunities do you expect to face in your role as DPO?
“We’re there to provide advice and guidance—but we’re not there to block.”
“We’re there to make sure that there is a legal pathway that people can use to actually develop products and services that benefit the data subject, that benefit data controllers, that benefit society in general.
“So we’re there to enable—we’re not there to block.”
Privacy Award for Achievement
Rosemary was unable to attend the awards ceremony, but Sarah Pearce, Partner at Hunton Andrews Kurth LLP, was there to collect the award on Rosemary’s behalf.
Q. What are some of the main trends you see impacting the field of data protection, and how do you plan to stay ahead of the curve and continue to provide valuable insights and expertise?
“I think children’s privacy is a key area that we’re going to have to keep an eye on—and for most people it’s a genuine interest.
“International data transfers will continue to be an issue, given the number of global organizations operating now and certainly amongst our clients.
“And for the UK, data reform and the data reform bill. Where’s that going? Are we going to divert from GDPR? What about the UK’s adequacy status?
“I think in order to keep ahead of the curve, it’s all about keeping top of all the developments and keeping abreast of them and keeping engaged.”
Q. What sets you apart as a privacy champion and how do you plan to continue advocating for the importance of privacy and data protection in the future?
“One of the things that I did was I took a B2C YouTube channel idea and applied it to privacy to help those struggling with privacy who aren’t normally privacy pros in an organisation.
“And so, that innovative approach to getting the message across in a simple way and helping people who are doing the job helps drive better compliance simply and easily. “
Privacy Executive of the Year
Q. You’re on the DCMS data transfers expert council. International data transfers are one of the biggest challenges in GDPR compliance. Do you think the UK can set itself apart in this area? And can you contribute to a privacy-respecting but workable international data transfers regime?
“I think that the UK is already in a better position when compared with EU countries to foster an ecosystem where personal data can flow internationally across different countries.
“And I strongly believe that the new policy on international data transfers that is being established by the UK government, with the help of the DCMS, is going to make the UK a data hub for companies.”
Privacy Team of the Year
Q. What sets the Lidl GB data protection team apart as an outstanding privacy team, and how would you plan to continue improving and evolving in the future?
“We always try to work with our stakeholders. We always try to enable the business to achieve its aims and its goals—but in a privacy-compliant way.
“Next year, we’ll continue to progress and continue to work with all of our stakeholders to ensure that we continue doing what we’re doing.”
Q. How do you see the field of privacy and data protection evolving in the future, and how do you plan to continue providing valuable insights and analysis as a writer and expert in this field?
“The field of privacy and data protection is undergoing a perpetual evolution and I expect it to continue for the coming decade as more laws are introduced and the existing regulatory environment coalesces.
“What organisations and individuals need throughout this period of uncertainty is clarity, focus and actionable insight so as to be best prepared.
“That is what the research community have a duty to provide, and it will be my driving force as the world continues to change under our own feet.”
Rising Star Award
Q. What advice would you give to other aspiring privacy and data protection professionals who are just starting out in their field?
“I’m an inspiring privacy professional, and I hope I can bring justice to data protection and enforce as much as I can on my part.”
Privacy Leader of the Year: Public Sector
Q. In your opinion, what are the most important issues and trends in the field of privacy and data protection that organizations in the public sector need to be aware of and prepared for? What are the trends affecting public sector data protection?
“We need to be more aware of and innovate on the use of privacy-enabling technologies, such as automation and technology, to make sure the data we collect is accurate and we keep track of it.
“In the public sector, we collect a lot of data, so we need to make sure we are looking after it.”
Privacy Leader of the Year: Legal
Q. How do you see the field of privacy and data protection in the legal sector evolving in the future? And how do you plan to stay ahead of the curve and continue to provide valuable insights and expertise?
“The field is going to change a lot. We are used to thinking about personal data in silos, but we will have to start thinking about all types of data and new regulations. Our job and the job of everyone in the room is going to change a lot in the next five to 10 years.
“We will have to think about AI, nonpersonal data, data sharing, data intermediaries, and trust. The field is changing, which is exciting.”
Privacy Leader of the Year: Consulting
Q. Data protection is changing very quickly, as a sector. How do you plan to continue staying ahead of the curve and giving the best advice as a consultant?
“We’ll continue to be one step ahead and take a wide view as consultants. The most important thing is to look beyond what we are being asked to do because whatever we do has an impact on the wider business.
“We often sit inside other things, so it is important to take a broad view and always remember that privacy and governance are in the peripheral vision of any business.”
Privacy Leader of the Year: Academic
Q. How does your work with the University of Portsmouth’s Cyber Crime Awareness Clinic help raise awareness about online fraud and protect people’s data?
“We have done a lot of work with various projects working with vulnerable groups in the community, such as young people, older adults, and businesses.
“We are trying to work as a grassroots organization and connect the public with larger organisations like law enforcement agencies and the National Cybersecurity Center.
“We also communicate between different organizations and groups on how to best work together to protect their data.”
Q. What advice do you have for individuals and organisations looking to improve their understanding and protection of personal data?
“We all need to switch on our ‘data human firewall’ by making privacy personal and real for each and every one one of us.”