 Rhaid? Felly, yma'r gwaith cymryd ar y ddweud y ffordd, oedd y ddweud y ffordd yma, ac mae'r ddweud yng nghymru yn Caterymy Nill, sy'n eich fod yn ymdweud y 3C compliance. Felly, mae'n ddweud o'r companydau sydd yn y gallu ddyddol. Dwi'n gwybod yma, ac mae'n gwybod eu cael ei ddweud o'r cyffredig. Caterymy'n ddweud i'r unrhyw yng Nghymru, I want to present you some service, some numbers. But in fact I'm more interested in who of you is from the European Union, my choice. Okay, who of you is not from the European Union? Okay, so who of you is from Spain? Okay, oh yes, I was looking for you. And who is from Switzerland? Okay, and is there somebody from Israel? Were you not from... No, nobody, okay. So you will see later why I'm asking these questions. Interestingly, a Spanish company which is called NetAq America last year found out in a survey that according to their survey 70%, 70% of European companies are not prepared for GDPR. That sounds horrible, that sounds like a very terrific situation. Another survey I found was a survey from McKinsey last year as well. They were asking several executives worldwide if they feel prepared in general for data protection. And the answer is that one third of these executives didn't feel prepared for data protection on a long run. So they also felt the need to do something. This is a problem I find in Spain. Many companies think they have to do something, but most of these companies don't really know what to do. I want to give you some examples. Just this morning while I was taking my first coffee, I read in the newspapers in El País that there was a new study done. I mean, people just nowadays tend to love to do studies about what is the best Spanish company in treating data. So the surprises, any guests here, a Spanish company you know and you think which is treating very well. Oh wow, well done. Did you read the survey? No, no. Good guess. Sorry I don't have something to do. Get here but... Exactly, it's Telefonica. And you want to have another guess? Why do you think it's Telefonica? No. Sorry. I found out this morning. So according to the survey and I have achieved it because I didn't have time to remember it. Sorry to memorize it. They have the best politics of data protection. They get 1, 2, 3, 4 stars out of 5. They are fully compliant with the law, with the Spanish law. They don't notify the consumer which I don't think is very good. In this point is Foto Casa, one of the prizes. And then again coming back to transparency. Earlier you mentioned transparency. In transparency issue they also won the 2 stars out of 2s. And also about the promotion of the privacy of the consumers. They are getting 1.5 stars out of 2. Actually I'm quite surprised about this because I'm on the panel of responsible business of Telefonica so I advise them. They know what I think about them that's why I can tell you openly that I'm surprised because last year we had the topic data trust on our panel and I can assure you that GDPR was not on the topic. None of us, we are 50 members of the panel, asked questions about the GDPR. It was not mentioned, it was more about the trust. Another issue I wanted to tell you which I find very interesting who of you has got a shredder at home? Please raise your hands. So the rest you don't have a shredder at home? So you might be surprised that 57% of Spaniards have their own shredder at home and 61% out of these 57 bought their own shredder last year. Why I'm telling you this? I'm telling you this because we are realizing that the consumer, the end consumer is taking very seriously the aspect of data protection. They tend to use this data shredder in order to shred sensible data like the bank notification and so on and so forth. Yes, I was told I'm also a member of the Institute of Board Members in Spain. There are many companies represented from small-sized companies and also the big corporations. All of them, last Monday we had a meeting and we were discussing data. All of them, we had one thing in common. We didn't know what to do with GDPR. We don't feel prepared, we don't know what to do. One owner, founder and owner of a medium-sized company told me, I think the biggest problem is that we don't know what to do with the data we already have of consumers and that I think that after the entrance into force in May that I'm not allowed to have. So she's worried that she has got data that she's not allowed to have. So I think there's still a long way to go in order to really explain the companies what GDPR is, what companies have to do. And I also feel like it's feeling like a myth that all the companies think that this ends on the 28th of May. This is my own feeling that everybody is running now, running, running or not, or not doing anything because they think that on the 28th of May something is happening and that they don't really know what. Also, the other aspect, because I'm here with two heads. The one is as the lawyer consultant, the other one is the president of EULA, the European Women Lawyers Association. Interestingly, we were asked by the Bulgarian Data Protection Authority if we want to work together with them as EULA in order to develop a program for small and medium-sized companies within the European Union. Why did they ask us? Because they thought it would be important and interesting to have women within this process. Of course, I like this very much. Please don't ask me as Ms Matlow was asked last year in April if she's a feminist. I think this is not the point about this. But I would like to quote Mary Bird in her new book, Women in Power, where she described that she was treated badly in Twitter. I think we really also have to protect women and children within this whole data protection issue. The next point I would like to talk with you about is best practices. After the horrific numbers 70% of companies that don't feel prepared, I would like to talk with you about best practices. Do we have best practices to see how data protection could work or how could we inform and train each other? I, for example, really like Elizabeth Danham, the data commissioner of Dupay. I think she's really living challenging times living with Brexit and GDPR. So I really also think she's doing a good job. What she's doing is she's trying to explain what GDPR is and she's also trying to take out the myth of GDPR. For example, that GDPR is not a way to pay millennium back. I also would like to mention the Spanish Data Agency because they have developed a tool for small and medium-sized companies in order to help them to get ready for the 28th of May. I've tried it myself. It's really very, very simple, but I think it's the only agency within the 28 European member states that made the effort to prepare in order to prepare something. In the BBC, or according to the BBC, Israel, Finland and Switzerland are the worldwide best countries in relation with data protection. Interesting. That's why maybe, why wire has its headquarters in Switzerland, right? Okay, so I thought so. Thank you. I tried to get in touch with colleagues from Israel, Finland, Switzerland in order to ask, why do you think this is the case? Unfortunately, they haven't answered me. I could think that the sanctions are quite high in these countries and maybe also the consumers in general are very much aware of the importance of data protection. What are the challenges that we face when we talk about data protection? Well, on the first hand, I'm talking with companies and now I'm talking again as a lawyer, I'm a company lawyer. Of course I'm feeling not to know what to do now as a business owner. Who of you is business owner? Okay. So I think the challenge is really in order to kind of understanding what do we have to do in order to get prepared and also this fear of these high sanctions you mentioned before. Eyeing of the opinion that without sanctions nothing works. I can see this again as the president of the European Women's Law Association with EU gender equality law, there are nothing moves without sanctions so sanctions are necessary. And the enforcement just works better with sanctions. On the other hand, I'm also very optimistic and I'm really sharing your opinion and I agree with you that GDPR is a great chance for all of us and also for our businesses because GDPR compliance can actually boost digital business within the European Union. Why? Because I think on the one hand we can now do this job of having a look at what data do we actually have? Do we need all the data that we have? So it's like a catharsis that we can do within our company. I think also it's easier for our companies in order to work outside our Member States because of the harmonisation. I also think that GDPR can be a catalyst for taking necessary steps to build strong digital capabilities in order for example to get data management systems for our clients so it can also bring opportunities for us. I think to make a summary, the GDPR won't have finished on 28th of May. I think there's still a long way to go. I think what we need is a lot of training, training and training as in other corporate compliance aspects. I think that's very normal and I think we should just all try to make this effort and I think it's worth it. Thank you very much.