In this interview, Francesco Perrone discussed the evolution of people’s concerns about privacy and what small and medium enterprises should do to protect themselves from GDPR warnings. Francesco is a Data Privacy, Security, and Compliance Manager based in Austria. He is also a Certified GDPR Practitioner and has a deep understanding of Data Processing Agreements (DPA) with a focus on cross-border data transfers to third countries and data governance. Now, enjoy the full interview below.

1. Firstly, thank you for taking part in this campaign. Can you give us an introduction about yourself, Francesco? How did you venture into data protection and privacy world?

Heavily influenced by my legal studies, I started my journey into the technology world as a contract specialist for one of the most sought-after IT companies on the planet, with an (absolutely favourable) obsession for information security. Due to an increasing public awareness on data security and privacy, led and strongly advocated by the European Institutions, I was assigned to oversee any potential impact on business processes, introduced by major changes to the international regulatory framework, which can be summarized with few but still influential letters: GDPR.

2. How many years have you been dealing with data protection and what has been the most important thing you learned through your job in 2020?

I dedicated my last 6 years to raise awareness for privacy as a fundamental human right and how to put in charge individuals, when it comes to understanding how and why our society is evolving, more and more shaped by data. The biggest takeaway from my last year is certainly the massive volumes of data used to achieve geopolitical power and the related likely changes to the “World Wide Web” into something more… let’s say “locally compartmentalized”.

3. What do you see as the main challenges for our privacy today and what can we as individuals do about it?

Privacy runs through awareness and training. We have a duty to educate our young people in this sense, so they can contribute to shifting the economic axes to a more ethical business model. Individuals in our time feel the need for a new notion of community and sharing. States should preserve such dimensions on the one hand by protecting data subjects from commercial abuses while assuring each citizen’s fundamental freedoms.

4. Can you discuss the evolution of people’s concerns about privacy and what do you think has changed in terms of these concerns?

One of the biggest mistakes nowadays is to think that privacy is a secondary right, since “I got nothing to hide”. There is still a wrong perception of negative impacts on our families and careers, misled by the belief that my data is something that doesn’t cost me money or efforts, therefore it is advantageous for me to give it away, in order to get free “candies”.

The world is rushing to a digital dimension, but our perception, worries, and way of thinking are still dramatically analogue. For example, no one would leave the door wide open or would allow young children to play with strangers, but we still struggle with our password management and give our kids tablets and phones to keep them quiet.

5. In your opinion, what must small and medium enterprises do now to protect themselves from GDPR warnings and build a strong long-term data strategy?

SMEs shouldn’t seek protection from GDPR or other pieces of privacy laws, they should rather leverage guidelines and instructions to build a new way of working, with an increased data quality and operations control. My standpoint is grounded on two key concepts: awareness and ownership.

As a professional, employee, or entrepreneur, you must be aware of your sector’s risks, your internal processes, the way you interact with business partners and service providers, and what are the principles that you want to follow. Each and every person that handles data must take ownership for the entire data lifecycle, since individuals entrusted you and your company with precious information, no matter if you work in customer care or at a board level.

6. Obviously, you are a busy person but how do you manage your work-life balance?

The curve can’t always be flat and since our time and energies are limited, we need to choose what matters the most to us. Sometimes I invest more time on a new project or idea, sometimes I like to enjoy a more “business as usual” situation, focusing on my family and friends.

Currently, I decided to (temporarily) shift to the first scenario, pursuing my MBA at Warwick Business School while working full-time, but I strongly believe that a good operation plan can provide you with high chances to better allocate your resources to the right things, even though those “right things” tend to vary, depending on your “time-of-life” and maturity.

7. How do you stay up to date with industry news and updates regarding data protection and privacy?

There are lots of “free of charge” (nothing is really for free) resources available on the internet, like whitepapers, newsletters, sector-specific webinars, and conferences. Additionally, a well-built network of colleagues and peers can definitely contribute to enhancing your expertise.

8. Your forecast of the global data protection landscape for the rest of 2021.

I find it fascinating how two giants like the U.S. and China, competing to clinch the market, are forced to consider exogenous factors like the European standards and their best practices. More and more, privacy laws all around the globe are going in the direction of complying with those standards and, sooner rather than later, multinational corporations and governments will acknowledge that privacy will reshape both global strategies and economies.

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.