In the middle of last year, I was facing a big change, as I had already invested several months of time in starting my own business in July 2023. What started out a little hesitantly worked out relatively well and I found my first project, which I successfully completed at the end of 2023. More details on this at a later date, however.

The question I had at the end of the year was what to do next. I had actually hoped that becoming self-employed would give me a certain degree of self-realization, which has not yet fully materialized. But I didn’t see how this would go hand in hand with taking on a similar full-time project.

In the end, I realized that I had only been working for some time and I felt stuck. Something new was needed, something that would involve software development and data, but not just programming.

Why data privacy?

In addition to data processing, information security and data privacy have been topics that I have found quite exciting for some time.

Many will consider it a tiresome topic, because since the GDPR came into force in 2018, many myths and a lot of uncertainty have spread in all areas where data is processed. Above all, however, one symptom that most people identify as a result of this regulation is bureaucracy.

Nevertheless, I had less of a feeling that data privacy was a nuisance. For some years now, the trend in IT has been to focus more and more on data-driven development. Efforts are being made everywhere to obtain as much data as possible in order to drive forward applications with artificial intelligence or to analyze customers precisely so that profits can be maximized.

What usually falls by the wayside in all this development is data privacy. Unfortunately, we have seen how this can end in numerous data leaks in the past. And my fear is that we are only at the beginning here.

A judge's hammer rests on a resonance block. Both are made of dark brown wood, probably oak. Behind it lies a stack of two books. The upper book is bound in a light brown leather cover and the lower one in a slightly darker leather cover. A fabric bookmark hangs out of the lower book. All the items lie on a white background. The privacy of personal data is a fundamental right, Image source: succo from Pixabay

The decision to include the offer as a data privacy officer in my portfolio was therefore made relatively quickly for the reasons mentioned above. Above all, however, because it is an interesting change from the developer profession.

So I completed a certificate course at TÜV Rheinland Akademie GmbH straight away in the new year to deepen my knowledge and gain a basic overview of the subject. This lasted 40 teaching units and ended with a final exam.

Nevertheless, a lot of input is provided during this time, which can admittedly be quite dry if you disregard the numerous practical examples. Data privacy is a legal subject, which means that you deal with the applicable laws and try to apply the explanations logically to practical cases.

Someone who is not passionate about this will not be able to get to grips with the job of data privacy officer. For me as a mathematician, however, it is something that I have to admit I really enjoy.

New rulings regularly change the landscape

Data privacy is not a rigid construct. In fact, I have the impression that the pace of development in this area is similar to that of technology. This is mainly due to the fact that the laws and requirements are defined. In specific cases, however, the interpretation can be very subjective and argumentative.

The transfer into practice must therefore always be considered on a case-by-case basis. And so there are always court rulings that can change a general opinion. Even disagreements between lawyers and data privacy experts are the rule.

Anyone who wants to live data privacy must therefore always stay up to date. This is because it is often easier to classify implementations on the basis of case law. So I now regularly spend time following such decisions and plan to comment on some of them in the blog. This is what makes the topic so exciting for me, because there are always surprising twists and turns.

A large part of IT lives in gray areas

The picture shows how a small strip of paper with the word illegal written in capital letters is lying on a white table. To the right of it, someone is laying another strip with the word legal. The definition of legality is often a balancing of interests, Image source: Fathromi Ramdlon from Pixabay

Ultimately, I am left with the realization that, although data privacy is now a top priority in the EU, there are still many grey areas in IT.

It starts with the fact that many companies predominantly rely on US services whose legality is based on the shaky foundations of the EU-US Privacy Framework. In the same way, many applications are not designed so that data can be accessed at any time, let alone deleted, with little effort.

Things only get rolling when a court ruling removes a gray area and companies are faced with horrendous fines. Of course, and even lawyers agree on this, the perfect data privacy company does not exist in practice. However, at least when it comes to sensitive data, companies should pay attention to principles such as data economy and confidentiality.

This is not least due to the fact that the supervisory authorities give you credit if you actively strive for data privacy. You should also have a certain ethical attitude towards your customers that respects their fundamental rights rather than the profit you are seeking from your business activities.

Profit and data privacy are not mutually exclusive. Good data privacy can also be a selling point vis-à-vis US competitors. You just have to take care of it in good time and with an active process. Just like brushing your teeth.

Are you wondering whether you need a data privacy officer or are you looking for an external service provider? I will advise you on this and offer you customized training courses for employees. Contact me at any time for a free initial consultation.