³ÉÈËÓ°Òô

On 17^th May, the ³ÉÈËÓ°Òô  training and networking group met for the second event of the year. The session, which was facilitated by Sophie Gould, included an icebreaker workshop on understanding business strategy, a practical legal skills session on how to prepare for GDPR and a guest speaker Q&A session. 

Understanding business strategy

The event kicked off with an introductory workshop on understanding business strategy, led by Lex Fackrell, Senior Strategy Associate at ³ÉÈËÓ°Òô.  

Strategy is a widely-used word, yet its widespread use can obscure the necessity of pinning down its essential components. Lex explained that, in essence, strategy is:

• A plan of action designed to achieve a particular goal or set of goals or objectives
• Aimed at gaining or attempting to gain, a position of advantage over competitors
• Management's game plan for strengthening the performance of the enterprise

A well-thought-out strategy means you understand priorities and in this way it keeps you focused and in the right direction for your business. Whilst having a strategy can never be an automatic guarantee of success, it helps you to be mindful of what’s important for your business in order to achieve desired results. Allowing you to make efficient use of your time, energy and resources.

Some key tools for putting together an effective strategy are:

• Understanding the internal and external factors:
  • External: Market size, competitors, geographies, buying channels etc.
  • Internal: customer base, product set, financials, operational assets etc.
• Undertaking a SWAT analysis - listing the key strategic issues/factors inside or outside the organisation that significantly impact the long-term competitive position of the organisation
• Strengths - potential factors that make your company more competitive than your direct competitors
• Weaknesses - potential limitations and defects ingrained in your company and/or weak factors relative to direct competitors
• Opportunities - future factors that allow your company to improve its relative competitive position
• Threats - future factors that reduce your company’s relative competitive position

Following this introduction to strategy, the attendees broke up into smaller groups where they looked at a case study, discussed the external and internal factors and applied the SWOT analysis.

To close off the Workshop, Lex shared some practical tips on how in-house lawyers can impress their strategy team. In particular, it was discussed that skills of key importance are:

• In-depth knowledge of the business - getting in the mind set of other departments such as product development and finance
• The ability to look at problems from a commercial perspective

Legal skills session: GDPR

In the second session, Emma Drake from Bird & Bird provided a practical guide on how to prepare for the European General Data Protection Regulation (GDPR) which will apply in the UK from 25 May 2018. In particular, looking at some of the key changes and what the legal team can do

Some of the key changes:

• New principal accountability
• Documentation (Art. 30), all data controllers (and processors) must now keep a detailed internal register of all processing activities – include destination countries and retention limits
• Privacy by design (Art. 25), companies will require a framework of policies & procedures to ensure compliance, such as gating questionnaires and readiness assessments – especially for data minimisation and new systems
• Privacy Impact Assessment (Art.35) and DPOs, for 'risky' processing, formal risk assessments must be carried out which may need referral to the regulator. If certain risky processing is part of your core activities, you will need a DPO
• Automated decision making
• Individuals 'have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her'
• Where a business undertakes automated decision making there must be At a minimum, safeguards include a right to human intervention, ability to express own point of view and to contest decision
• Consent rules are stricter
• Consent must be granular for each purpose of processing and must be presented separately
• Services cannot be made conditional on consent for unrelated processing – no bundling
• Data subjects must be able to withdraw consent as easily as it is given
• Notification obligations – need quick response
• All organisations will now be required to report certain data breaches to the regulator and to individuals
• This will require controllers to put in place – and test – a breach management plan
• Data portability
• Individuals have a right to obtain a copy of their personal data in a structured, machine readable format and in some circumstances individuals will have the right to have that data transferred directly by the data controller to another data controller

So what can businesses do to prepare?

1. Establish a GDPR project

• Identify high impact topics & stakeholders
• Seek board approval
• Project planning

Access and of the GDPR Planner for everything you need to do to prepare your business for the new GDPR.

2. GAP analysis

• Run stakeholder workshops
• Conduct information gathering
• Reporting back

3. Implementation

• Agree and implement system changes (or workarounds)
• Develop policies, procedures & notices
• Appoint DPO
• Create record of processing
• Review data sharing
• Training

Guest speaker Q&A

In the final session we were joined by Annie Flower, Executive Director in the Legal Department at Goldman Sachs. Annie is a member of the Goldman Sachs Women’s Network, and also serves on the Legal Business Services Committee, which represents paralegals within the Legal Department. Annie was first runner-up in (FHY) Inspirational Women in Law Award in 2016, and she also serves as an Ambassador to the FHY Project.

Annie shared her insights on how to succeed in-house. Some of the top tips included:

• Show commitment and willingness
• Work well as a team - it is important to be seen as someone who can cooperate with others
• Communication skills are absolutely key - practice the skills and increase your confidence
• Attention to detail, don’t rush through things to get it done quickly
• Resilience
• Make sure you enjoy what you do!