My work focuses on promoting the strategy, implementation and management of the personal data protection and Artificial Intelligence governance model at Telefónica, ensuring compliance with the General Data Protection Regulation and the Artificial Intelligence Regulation or any other regulations that apply to these matters in the countries where the Telefónica Group operates.
This involves working with multidisciplinary teams, developing global and local policies, supervising the implementation of measures identified in audits, managing security incidents affecting personal data and advising on all types of Telefónica Group projects and initiatives, especially those related to privacy, Artificial Intelligence and digitalisation.
The job requires a cross-functional approach to align interests, roles and people and to reconcile the company’s business objectives and ethical principles, particularly those relating to customer and employee privacy and Telefónica’s Artificial Intelligence principles. It is a very rewarding job because it allows you to interact with many different people and to collaborate and learn a lot.
Why is data protection important?
Data protection is essential to guarantee people’s privacy and digital rights. At Telefónica, we must consider it a strategic pillar that reinforces customer trust, protects their assets from threats and risks, and contributes to the continuous improvement of our business management.
Transparency, legality and proportionality are key principles in privacy management. In addition, regulatory compliance avoids penalties and strengthens our brand.
How is data protection managed with Artificial Intelligence?
Data protection management in AI projects is based on a specific governance model that regulates the entire life cycle of AI systems: design, development, acquisition, marketing and use.
We apply the lessons learned and best practices we have developed in privacy governance to the governance of Artificial Intelligence. We provide training and awareness-raising on the subject to identify use cases and analyse their risks; in short, to reflect on the impact of technology on people.
European regulations (GDPR and AI Regulation) require very important safeguards, such as data minimisation, proportionality, legitimacy and transparency. We must have processes in place to ensure that AI respects fundamental rights and privacy.
The challenges and the implementation of data protection face in different countries with different legislations
The main challenge is managing diversity: each country may have specific requirements or different interpretations by national authorities. Sensitivity to certain aspects of the regulations also varies between countries.
International data transfers are a particular issue. In this regard, we addressed the development of the Group’s Binding Corporate Rules (BCR), which were approved, after much work, by the European data protection authorities.
The day-to-day work is quite intense. It consists of coordinating the activities of the Global DPO Office with other areas, legal, technical, regulatory, sustainability, audit and communication teams, etc., and coordinating with data protection officers from other companies in the group.
It includes identifying and planning new initiatives and projects that improve governance, supervision and management of privacy and AI, and resolving issues that arise in the management of these projects.
Of particular relevance is internal dialogue to advise on customer and employee queries, resolve complaints and manage individuals’ data protection rights when requested.
The professional profiles
The most common profiles are related to law, as well as engineers and technical profiles. The hybrid profile that combines law and technology is usually ideal. In any case, beyond knowledge, the most important thing is soft skills related to communication and personal relationships, assertiveness and empathy.
