Discover exclusive, practical insights into privacy and GDPR in Sypher's Data Protection Conversations.  

Today we are talking to Stefan Suceveanu, Legal Counsel and Data Protection Advisor at Zitec, a trusted name in the world of custom software, eCommerce and digital marketing, with a solid track record of over 750 projects and clients spanning 30 countries. 

Stefan's extensive expertise in the areas of law and data protection is an asset to his contributions to the IT industry. 

What do you think is the biggest challenge for DPOs, regardless of industry?  

One of the most important challenges faced by Data Protection Officers (DPOs) across industries is cultivating a culture of awareness and respect for personal data processing. This goes beyond mere regulatory adherence.  

It entails fostering an environment where individuals not only comprehend the gravity of handling personal data in line with legal mandates but also internalize its significance. This consciousness becomes particularly critical when faced with potential discrepancies or breaches.  

In such scenarios, it's crucial for individuals to have the discernment to promptly recognize the issue and escalate it to the relevant authorities without delay. Essentially, the DPO's task is not just to implement protective measures but to instil a proactive, informed, and responsive mindset among all data handlers. 

What is your professional advice on how to overcome this?  

To tackle the challenges of data protection, here's my straightforward advice: 

1. Hold regular awareness sessions: Make these interactive and relatable. Use real stories to show why protecting personal data matters. 
2. Do frequent checks on key data areas: This helps catch any mistakes early and teaches the team how to do things right. 
3. Host Q&A sessions: Give everyone a chance to ask questions and clear up any confusion. The more everyone knows, the better they can protect data. 

The goal is to make data protection a natural part of how everyone thinks and works, not just a box to tick. 

Is there a challenge specific to your industry (please specify which industry)?  

In the IT industry, where technology often outpaces regulations, integrating privacy-by-design and privacy-by-default principles becomes essential. Privacy-by-design ensures that every product development stage prioritizes data protection, preventing potential regulatory issues, and building user trust. Meanwhile, privacy-by-default means the tightest privacy settings are applied automatically when a customer starts using a new service, offering immediate protection without added effort. 

It's not just about compliance, it's about genuinely safeguarding user data and building relationships based on trust in our ever-evolving digital realm, something we are quite fond of at Zitec. 

“A particular challenge for the IT industry in relation to data protection is to develop applications that incorporate privacy-by-design and privacy-by-default principles.” 

What's your professional advice on how to tackle this? 

Firstly, proactive risk anticipation is key. Before even writing the first line of code, teams should evaluate potential vulnerabilities and threats. This involves not only understanding technical risks but also understanding how users will interact with the application and where potential privacy pitfalls might lie. 

Secondly, adopting a data-minimization mindset is essential. Always question and assess the necessity of every piece of personal data requested or processed. Only gather what's truly needed, ensuring the app doesn't store excessive information that could pose risks down the line. 

In essence, marrying foresight with a minimalist approach will place IT professionals in a solid position to develop applications that inherently prioritize user privacy. 

What is the most time-consuming activity you carry out as a DPO?  

One of the most time-intensive tasks I undertake as a DPO is the awareness-raising activity. It's not merely about informing colleagues and stakeholders about data protection principles but also about ensuring that the information is tailored, engaging, and resonates with each audience. Building a genuine understanding and cultivating a culture of data privacy requires continuous effort. 

It demands creating materials, organizing sessions, evaluating feedback, and refining our approach based on evolving needs and challenges. While it is time-consuming, it's also incredibly rewarding, as fostering a well-informed team is fundamental to safeguarding data effectively. 

Which compliance management activity do you enjoy the most, and why?  

My favourite part of compliance management is document drafting. I like it because it keeps me updated with the newest changes in the field. Every time I write, I get to learn and make sure our guidelines are fresh and current. It's a great mix of learning and ensuring we're on the right track. 

What is your least favourite compliance management activity and why?  

When it comes to compliance management, it's hard for me to pinpoint a "least favourite" activity. Each task, no matter how challenging, contributes to the bigger picture of ensuring data protection and integrity. While some activities may be more demanding than others, I view each as an essential piece of the puzzle. So, I approach them all with the same enthusiasm and commitment. 

What is your go-to source of information?  

When I'm seeking reliable and up-to-date information, my primary touchpoints include the European Commission website and the insights from WP29. Additionally, the Authority's communications provide valuable perspectives on current issues. Beyond these official sources, I also frequently turn to various conferences, which offer a blend of expert opinions and real-world case studies.  

Furthermore, articles from specialist publications are invaluable, as they often delve deep into nuanced topics, providing a comprehensive understanding of the evolving data protection landscape. These combined resources ensure I maintain a holistic and informed viewpoint. 

What does success mean to you?  

To me, success isn't just about ticking boxes or reaching goals. I see it as feeling truly content and at peace with who I am and the efforts I've put in. It's an inner satisfaction, more than anything external. 

Thank you for your insights, Stefan! 

___
#SypherPrivacyTalks. Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.