We are delighted to present an exclusive interview with Federico Rossi. Federico is specialised in Data Protection, Privacy and Corporate Compliance and currently holding the position of Senior Privacy Counsel and Group Data Protection Officer. In this interview, you will uncover some of Federico’s insights on the evolution of people’s concerns about privacy, what we can integrate into our day-to-day tech habits to better protect our privacy and others. Enjoy the full interview below.

1. Can you give us an introduction about yourself, Federico? How did you venture into the data protection and privacy world?

I am a UK and EU lawyer specialised in Data Protection, Privacy and Corporate Compliance. After an initial period of my career in the private practice market focusing on global M&A’s transactions, I understood immediately the importance and impact that the GDPR would have made, not just in the EU, but also globally. Consequently, I chose to move In-House and to specialize in Privacy and Data Protection.

2. How many years have you been dealing with data protection and what has been the most important thing you learned in 2020?

I have been dealing with Privacy and Data Protection matters since before the GDPR enforcement in March 2018. Around that time, only few companies understood the impact that such Regulation would have made on their business operations.

After three years, I am glad to see that the greater part of the companies is currently rushing to build in-house Privacy teams. They recognized that GDPR is effectively directing the market of “EU Personal Data” handling and I can see that several countries are following similar principles for their local regulations.

3. What can we integrate into our daily tech habits to better protect our privacy?

I always suggest my business partners to see things from a Consumer’s point of view: now every individual is focusing even harder on how their information is collected and used by a company. Thus, you should consistently wear two “hats” when planning any new business initiative: what would we be able to do more to make the Consumer more secure?

4. Can you discuss the evolution of people’s concerns about privacy and what do you think has changed in terms of these concerns?

People now are considerably more careful about their Personal Data collection and use. With GDPR, they have been granted full powers and control over their information, so the mindfulness on protection rehearses by an association should venture up thus. With numerous data breaches happening day by day, organisations shall understand that data protection is directly linked with the brand reputation of a company. The higher security standards are applied, the most esteemed is a brand.

5. As an expert on this subject, are you confident that global businesses will be willing to fully comply with this regulation in the years to come?

EU Supervisory Authorities have been granted by GDPR with solid enforcement powers, and some key tech players already endured huge fines. Notwithstanding, the market is full of “small fishes” so I would expect the Supervisory Authorities to concentrate more not just on “big names”, but on any organisation and their accountability compliance.

6. In your opinion, what must small and medium enterprises do now to protect themselves from warnings and develop a strong long-term data strategy?

If an organisation wants to be compliant, it should invest in Privacy. Data Protection does not only mean reducing compliance risks and mitigate the impact of data breaches. It must become a revenue generator factor in an organization’s operation. Personal Data is valuable like a “raw oil” that organisations shall refine lawfully to get the best out of it.

7. How do you stay up to date with industry news and updates regarding data protection and privacy?

That is the difficult part! With organizations operating globally and new laws/guidelines that are published daily, a certain part of my job is to keep up to date and make sure that this is duly communicated to the management. You should also start thinking to review any existing template or policy to the latest standards.

8. Your forecast of the global data protection landscape for the rest of 2021.

We are experiencing a busy period in the Privacy sector, not only in Europe and the United Kingdom. In Europe, we have the ePrivacy Regulation that will shape the new digital future; at the same time, we expect a UK equivalent to boost international data transfers from/to after Brexit. Nevertheless, we foresee also regulatory changes after Schrems II between the EU and the USA. Furthermore, we have also new Privacy regulations coming up in important markets like South Africa (POPIA) and India (PDP Bill).

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.