Magali Feys, Chief Strategist - Ethical Data Use at Anonos speaks at PrivSec London on Ethical Data Use

Presentation Transcript
I'm Maggie Feys. I am Chief Strategist Ethical Data Use with Anonos. And I also have a private practice as a tech lawyer. I specialized in IP, IT, and data protection.
What are the priority areas for data professionals to address as they bid to develop cyber security and privacy within an organization?
They have been stressing on, and that's okay, on security. But I think also the time now has come to see that also data protection by design and by default must be there and so that when we are innovative, that we also have to be innovative when it comes down to privacy and data protection.
How do you think organisations can improve collaboration between Data Protection and cyber security teams?
I never liked the approach that GDPR or whatever is coming, and to frighten people. I think if you make it into a positive endeavor that you will really get people around the table. Make sure that people also understand because cyber security, sometimes it's really technical. And if it's not laid down in layman terms, then I think for people it's just not their thing, where in their daily basis they have to think about. So I think, first of all, the awareness and then make sure that you have different teams around the table, so that it doesn't become only an IT project, but it's really an intertwined project throughout the entire company.
What do you think are the main compliance challenges organisations face and what steps do you think they can take to help resolve them?
If you have, for example, with regard to GDPR, if you have a good action plan, and we, for example, we divided it in 10 steps, then each steps is easy embraceable and takeable. Then of course, it also comes down, I think the legal stuff is actually quite easy to get around. There are, of course, some exceptions that will have or need some creative thinking and analysis. But I think when it also come down to the technical part that really, companies must do their best now also to comply with that on a technical level, and implement also the technical parts. And when it comes down to cyber security, I think a lot of companies or controllers, they really stress on “you have to be ISO certified”. I think in some of the sectors, it does make sense. But when working, for example, with startups, I think you need to also do a balancing, and the way that the balance is between, is this appropriate for this company to work with.
Are consumers waking up to the value of personal data and the importance of keeping it secured?
My generation and the generation if I can say so behind me is doing so because yeah, we were brought up with computers in the digital age. And we do understand also the dangers. I think also once again, we have much more in schools, they're stressing on awareness sessions. So there, with that, my generation and the generation behind me, we really see that they start, that they care, and that they make conscious decisions on how they, they want to, for example, share their data by using cookies and things like that.

When it comes to other generations or other people there, I see that honestly, they do not, they aren't that aware, but also because I think they do not understand. And I say that with all due respect, but they don't see the entire danger behind and the ways of, for example, in AD tech - data transfer, and data process, and real time bidding happens. And I think a lot of people still think that, for example, the fact that they receive ads on their Facebook profiles, that is sort of coincident, or it was because she just went to that site, but they have no idea of the entire process behind that. And we see that a lot when people come down with I don't have anything to hide. And I don't think that data protection or privacy is about what you want to hide or not want to hide. But it's the fact indeed what companies, banks, for example, or ad tech companies can do with your data. And if we don't get aware, and don't push them into the fact that they have to be ethical about it. That can be, of course, it can have some consequences. And I don't think everybody is that aware.
What are your future predictions within your industry for data protection and cyber security?
I think when they're introduced to it and then say to the main public, GDPR, now, we see a shift into people, because they also become aware through the fact that they have to do it within the company, and all of a sudden they are a part of GDPR compliance group within the company. So you get that awareness little by little. And also now with a lot of the hacking incidents happening. We also now are stressing on cyber security, where I think two years ago, people weren't only talking about cyber crime when it came down to the criminal activities or something. But cyber security wasn't some word that was that mainly used, and now people are really starting to see that this is a main focus and I think we have a work cut out for us from a legal perspective and ethical perspective and a technical perspective, in order to embrace innovation and always keep along with the legal, the code of conduct, the ethical principles ahead of our time because the days of legislation running behind innovation and technology that should be over.