In photo, Clockwise from top left: Wei Shi of Telecoms.com, Joerg Thomas who leads the Data Protection Office at Huawei, Ramses Gallego, International Chief Technology Officer, Cyber Security at global software & IT company, and Felix Wittern, Partner at the multinational law firm, Fieldfisher
Graphic and Photo Collage from THEPHILBIZNEWS/MAS
By Victoria “NIKE” De Dios
There is no denying that the coronavirus pandemic disrupted the lives of everyone we know across the globe. It has caused anxiety as health and safety concerns coupled with economic and income uncertainties weighed down every individual setting back a broad spectrum of businesses.
This inevitably forces everyone and every organization to assess how they conduct their business in order to adapt and survive the “now normal” as the adverse effect of the pandemic remains uncertain and there is no definite time on when we will all go back to the normal life that we are used to.
While many remain bullish in the advent of the new year 2021, we cannot just look forward and be hopeful without understanding what we can learn from the past.
Last January 20, Huawei hosted a webinar including an expert panel to discuss the lessons participants can learn from in 2020 on data protection and the trends to watch out for in 2021.
Illustrious speakers included Felix Wittern, Partner at the multinational law firm, Fieldfisher; Ramses Gallego, International Chief Technology Officer, Cyber Security at global software & IT company, Micro Focus and Joerg Thomas who leads the Data Protection Office at Huawei.
Interestingly, the panel offered a comprehensive view, providing the legal, technical and business implications of growing changes and stricter enforcements in data protection laws on corporates in the telecoms industry. Citing the dangers of increased litigation, the panel highlighted how co-operation, focus on technology and transparency would help corporates prepare for challenges going forward.
The shifting sands of the data protection landscape in 2020 and what it means for 2021
Due to the need to disclose personal information for contract tracing and health monitoring, this has led to vulnerability of possible breach of data protection plus the possible lawsuits for those whose privacy and human rights have been violated as a result of the data privacy breach.
The Schrems II judgment and a looming Brexit put in play some key changes that will fully unravel in 2021. Added to this were data sovereignty strategies of governments, stricter enforcement of General Data Protection Regulation (GDPR) not to mention the impact of new technologies such as 5G and artificial intelligence (AI).
Felix Wittern, Partner, Fieldfisher explained the repurcussion of challenges and said, “There’s never a dull day in privacy! Take for example the Schrems II ruling that was announced in July last year – it poses one of the biggest challenges around international data transfers, outside the European Economic Area (EEA). As regulators themselves make sense of the evolving situation, MNCs that do not tread carefully will be liable for hefty fines. In fact, while COVID-19 actually slowed down enforcements, going forward I predict a lot of litigation in this space. Corporates will do well to co-operate with regulators as a common ground is reached rather than take a confrontational stance.”
He further touched upon issues such as data localization – i.e if data doesn’t leave the EU, the challenge of companies dealing with their subsidiaries in other countries still warranted attention. On the subject of Brexit, he mentioned how the final solution was still at least six months away as bridging to adequacy requirements were put under the test.
Technology: increasing the challenges but providing the solutions too
Meanwhile, Ramses Gallego, International Chief Technology Officer, Cybersecurity, Micro Focus provided a good overview on the technology front. He explained how data protection is not just one dimensional but encompasses three arenas – who (identity), what (data) and how and when access is granted (application).
He said, “Living in a cloud-generation era, we are increasingly dealing with the emergence of shadow IT or shadow data where content is backed up on multiple clouds, without the knowledge of data compliance departments. Corporates need to understand the dangers in this – legal departments cannot effectively protect what they don’t know exists! Only when corporates build an ecosystem that automates and orchestrates authentication, authorization and appropriate access can we hope to create a systematic and systemic solution to the issue of data protection.”
He emphatically stated that technology itself would help to create the circles of trust – beyond which data should not be visible, nor active. He spoke about encryption and
tokenization as effective risk mitigation strategies that corporates could adopt and that could stand up in a court of law in the unfortunate incident of a data breach.
He concluded by saying that we as we move from 2020 to 2021 organizations will need to transition from cyber security to cyber resiliency where they build the capacity to anticipate threats, withstand and resist attacks, recover quickly and evolve to the next stage.
Practical advice for businesses
Summing up a to-do list for undertakings, Joerg Thomas, Director, Data Protection Office, Huawei added, “We may witness an increase in class action-style lawsuits in the personal data space in 2021-22 as aggravated parties view judicial remedy as a potentially faster way to get redress when their data rights are violated.
Businesses need to be transparent about the transfer locations of personal data and the types of data being transferred, and take into account the legal requirements in the receiving jurisdiction. A return to “basics” is essential – records of processing activities (RoPa), privacy notices and cookies should always be up-to-date and compliant with governing laws. From a long-term sustainable point of view, organizations will need to adopt data minimization and privacy by design and default, and at all times ensure that business continuity management (BCM) plans are in place.”
At Huawei, everything is done to build a secure environment for customers and this includes staying abreast of the latest data rulings and regulations, identifying and mapping transfers as per the governing transfer mechanisms, providing appropriate guidance and templates, continuous study and evaluation of standard contractual clauses (SCCs) and advice on supplementary measures. For more information, click here.
The webinar was broadcast live on Telecoms.com. To access the full recording, please click here.