The GDPR deadline is around the corner. To get ready for it, organizations should be close to finishing the preparations for the change in how they handle the personal data of EU residents.
Typically, this is a complex consultancy project (as it should be) and is handled by the consultant lawyers and IT guys. So why a litigation lawyer would go the extra mile and take data protection and privacy rights course, gets involved in building up the project and delivering speeches and training’s on GDPR?
Initially, it started as a private interest in technology and the way I can take care of my personal data I shared with Facebook, LinkedIn, Instagram, Waze and a bunch of other apps I enjoy to use. It resulted back then that there was so very little I could actually do as all Privacy policies were more like take it or leave it.
If I wanted to use those apps I had no other option than to give them any data they required (name, email, location and my preferences in travels, fashion and whatever I browsed) without actually knowing what they were doing with my data. And, let’s face it, who reads hundreds of pages of Terms and conditions to find out if there are any information on the subject? It is too much for a normal person.
But with GDPR there is hope. I have no longer to worry (so much) about my personal data. It is now the responsibility of Facebook, Waze or whoever asks for my personal data to handle them with great care and to inform me on what they are doing with them. I have control. Because GDPR is about more control for the individuals, the rightful owners of the data. For a professional GDPR is a beauty, the king of European regulations.
But, beside that, my background as a litigator (currently the Head of litigation department within @Jinaru, Mihai & Notingher), allowed me to see the risks for the companies outside the regulation framework and the litigious potential that lies ahead from GDPR non-compliance.
As every business is subject to GDPR, companies are required to allocate more resources for data protection and governance. For some companies the impact of this regulation will be marginal, while for others its implementation could trigger important spending. For these companies a non-compliant company in the same or a similar area of business is an unfair concurrent.
And this is just an example of the actions that can be foreseen. There are already discussions aiming at a unification on the legislation on the class actions lawsuits, US style, at EU level as currently the procedural tools on class actions are different (restricted to specific areas – e.g. the protection of consumers, similar to US, or very particular).
So, the larger Council of Europe Data protection and Privacy Course for Legal Professionals training and certification seemed as natural to me as is my involvement in the GDPR implementation for our current clients in Romania and abroad. Additionally, I got involved in trainings and in workshops made under NOD Academy umbrella or with our IT partners, Risksoft.
Maria Ilin
08.01.2018