Here’s what we learned.
DG: What is your role at MarketStar and what inspired you to pursue legal work at an enterprise business?
MK: For the past 14 years, I’ve managed the legal responsibilities at MarketStar, and the majority of my time consists of drafting, negotiating, and managing client agreements. Currently, I’m Vice President and General Counsel.
After law school, I started my career at a corporate technology software company and always loved the mix of legal and business for each company I’ve worked for. The business landscape’s dynamic is always changing, particularly with technology clients, and it’s fascinating to learn more about this fast-paced and ever-evolving field.
DG: As General Counsel, how do you help support customer growth at MarketStar?
MK: The corporate environment lends itself to a unique role as General Counsel. To protect the company from undue risk, I balance the needs of the business as well as the very real responsibility held by my position. Truly, it’s a fun challenge to support growth and provide nimble resources to our teams supporting clients, while at the same time, ensuring that we’re legally compliant and minimizing risk.
This role requires a comprehensive understanding of both business needs and relevant law and dynamics in the marketplace. Our clients rely on our company to provide a complete solution, and that most certainly includes privacy and security.
DG: After the introduction of the GDPR, what changes have been made for the administrative processes?
MK: Our company has evaluated our existing policies related to security and privacy, and with extensive input from our teams, we’ve strengthened and modified many of our processes. As one example, we implemented quarterly internal audits of each team to ensure compliance and strengthen our training efforts and results.
Following our GDPR implementation, we’ve shifted our focus — placing a critical eye on how to implement best practices. This is especially important, as essentially, many of the changes require an entirely new perspective.
DG: How have you seen the data privacy landscape change from a legal perspective over the past 3 years?
MK: The data privacy landscape has seen a dramatic change in the past three years and seems to be accelerating exponentially. Companies are responding to GDPR and the increased visibility and concern related to individual privacy rights. In fact, the volume of contractual language devoted to privacy and security has increased significantly to the point that the terms related to those areas now often vastly exceed the remainder of the legal terms. Now, I spend considerable time on security issues, and the trend is increasing at a very rapid pace.
DG: How can businesses succeed in an ever-changing landscape with new legislation being implemented in different regions?
MK: It’s essential to have a trusted resource to turn to for guidance in this area, as the continual and rapidly changing nature of the legislation isn’t something one person can be an expert in while maintaining another role. Knowing and understanding the laws is only the first step in successfully managing the extensive implementation issues.
For MarketStar, the discussions and actions focus on working from a best-practices model, knowing that when a significant piece of legislation is enacted, it makes the most sense to structure all of our policies and processes based upon the highest standard. To be successful, a business must engage a core and expanded team representing each business unit in the company.
As a team, the company can then rapidly and strategically address the constant changes, interpret the legislation to assure that the process actually aligns with requirements, effectively train our employees and continually monitor the needs going forward.
DG: From a legal perspective, what risks arise with the introduction of the GDPR and potential regulation in the US for business that have user data?
MK: GDPR majorly impacted companies with a B2B focus. It’s required an extensive change in the way we source leads, how we service our Clients, how we store data, how we engage third parties, and how we comply with the requirements. As a result, we have had to shift our mindset and creatively address a path to compliance that allows for continued success.
Generally, it’s strengthened our commitment to and our assurance of data privacy compliance regardless of the source of the data or whether GDPR applies. We’re evaluating tools, third parties, and processes with a different lens. To succeed at avoiding risk, MarketStar understands this can only be achieved with a combination of effective tools and employee training.
Check out our previous Interview Series with Richard Merrygold, Director of Group Data Protection at Homeserve!