​Interviewed DPO: Andrei Hanganu, Country Data Protection Manager at Enel România

Andrei Hanganu is a Data Protection, Security and legal professional with a comprehensive background in both private, and public environments. He has practical and operational experience gained in the Telecommunications, Outsourcing, FMG, Banking sectors.

What are the tips & tricks for engaging the management and the business in a data protection program? How can a data protection professional bring on board the management and the business when it comes to implementing data protection rules? Did it become easier over the years?

What worked for me in most cases was to present a data protection program not as a way to achieve regulatory compliance but rather a way to gain marketing edge. Having a strong data protection program in place shows customers, employees and other stakeholders that an organization is not only focused on profits but on gaining and maintaining trust. Any business professional will tell you that customer trust is hard to obtain and can be lost in a heartbeat. Being a part of the business not only a passive observer and consultant a data protection professional is able to contribute to building and maintaining customer trust.

As privacy gained momentum in the last years, I would say that the challenges faced by a data protection professional became more complex. It never gets easier, and it should not, as if something becomes routine means that the “magic” is gone.

Can you please describe the main challenges faced in the last 4 years regarding data protection and detail how you overcame them?

One challenge is to become part of the business and not being perceived as another regulatory “overlord” that teaches businesses how to avoid fines. A privacy professional should be a part of any business that values customer trust and the trick is to “get under the skin” of the business, show what you can bring to the table and how your actions can make a product or service better.

How do you see the future of data protection, in general and in your organization? Do you see any trends & developments in terms of data protection that will ease or make more challenging the work of a data protection professional? Is, for example, the rapid adoption of technology and the increased need for more tailored marketing campaigns keeps you awake at night?

As customers increasingly become a values and scares commodity, I believe that adding customer trust in the equation will become business as usual and the importance of data protection will increase.

The field will greatly expand especially with the development of new technologies such as NFTs just to mention one from the top of my head. Other technologies will become more accessible and will penetrate a wider customer base which will bring once again to the table the challenges related to trust.

It is incredible how a few years ago we would speak about IoT as a new development and how now it has become a part of almost everybody`s life. This is just one example where technology becomes an intimate part of life and where there is life there is the need to privacy, so the future is bright I believe.

I don`t see data protection as a “hand break” but as an enabler to make technology better and safer for customers and humanity in general. So, I embrace new theologies that make life better, even tailored advertisement if made right can be a significant improvement for customers as the time needed to decide to use a specified product or service can be shortened and time is one commodity that has become scares nowadays.

How would you describe the evolution of the data subjects’ requests in the last 4 years? How would you describe the level of awareness in terms of data protection? Did it increase over the last 4 years?

The number of data subject requests have definitively increased over the past 4 years as data subject become more aware about the value that their personal data.

There is without doubt an increase in the level of awareness but still most requests are not directly linked to data protection but rather a way to “get back” to the Companies for other matters such as poor customer services.

Request such as give me copies of all my data or delete everything about me are in most cases made just to put the company in difficulty and have no other purpose to serve to the data subject.

I believe that companies have the duty to educate their customers to use these tools in ways that would benefit them. Data subject requests should be a tool to be used to the benefit of the data subject and not a “scarecrow” for companies.