In this article we want to spotlight a data protection officer based on 10 questions they were asked by DPI. Laurence Turner, lawyer at Kellerhals Carrard, former student and current “Stay Tuner” at DPI, is happy to answer them.
1. How did you end up in the role of DPO?
Swiss companies have been subject to the extra-territorial provisions of the GDPR since 2018 and have therefore been aware of European legislation for several years. In Switzerland, the new data protection law will come into force on September 1, 2023, largely inspired by the GDPR.
The prospect of the entry into force of this new law and better visibility of the consequences of the GDPR have prompted economic players to question their compliance, the impact of legislation on their customer acquisition and management processes. but also of their employees, suppliers,…
This is how I had the opportunity to follow the necessary training (particularly thanks to the Data Protection Institute) to support our clients, who are mostly SMEs and startups, in this direction.
2. Which part of a DPO’s duties do you prefer?
As a lawyer in Switzerland, my role is little different from that of a DPO. Indeed, my role as an external advisor allows me to support our clients in their compliance program.
What I find fascinating in this role is to awaken customers to the notion of personal data and above all to convert what they consider to be a regulatory constraint into a commercial and reputational opportunity.
3. What event in the privacy landscape has affected you the most so far?
Hospital cyberattacks are untolerable to me.
4. What do you think is the biggest challenge for a DPO?
The DPO must solve a complex equation between compliance and pragmatism, which is a very difficult exercise. The other challenge it faces and will face more and more is the constant development of IT tools.
5. In your opinion, which technological evolution has the most impact on data protection (positive/negative)?
The proliferation of applications intended for the youngest in our society who are not the slightest aware of the danger they may contain vis-à-vis their privacy. This creates habits of behavior that must be accompanied by a solid education.
6. What are your experiences in the contact between the DPO and the data subject/data protection authority?
I have been able to observe that people are becoming very aware of their rights, which is a good thing and restores a certain balance, a new balance of power between the prospect, the visitor to a website, the customer and the small or large companies which massively processes data. It also appears that some may try to abuse these rights so we must remain vigilant.
7. What is your golden tip for putting data protection and information security at the top of the management agenda?
Two points seem convincing. On the one hand, once again, the conversion of constraints into opportunities. The effectiveness of data mapping, their rationalization, the abandonment of quantity in favor of the quality of the data collected, their traceability resonate positively in the minds of decision-makers.
On the other hand, the inseparable link between data management and the risk of a cyberattack is an infallible argument for placing this theme at the center of our attention. Of course, this generally requires an important investment, but when put into perspective with the operational and legal risks, it is quickly justified.
8. What is your Swiss army knife as DPO?
Nice game of words ! I am of the opinion that the knowledge, interest, curiosity and attentiveness that we must show vis-à-vis the activity of our customers are the key to good collaboration and the success of a compliance. Only to this extent can we help them build a proportionate and appropriate data protection program that will work and put respect for personal data at the heart of their business.
9. How do you keep up to date with new trends in technology and GDPR legislation?
In French-speaking Switzerland, we benefit from the Newsletters of Swissprivacy. The Swiss Association of DPOs organizes numerous meetings and series of conferences during which DPOs, lawyers, and any data protection practitioner can exchange views.
Faced with many questions still unanswered, not yet settled by case law, nothing beats the intellectual emulation of passionate people! Beyond our Swiss borders, the sites of the data protection authorities are a source of a lot of information. And hats off to the incredible preparation and research work of the Stay Tuned collaborators!