Meet the expert: Cristiana Deca to speak at PrivSec Global

Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.

Cristiana Deca is CEO and Data Protection Expert at Decalex Digital. An entrepreneur by design, Cristiana is a full stack data protection expert, and also the founder of the first Romanian privacy compliance company focused exclusively on privacy and data protection.

Cristiana Deca appears exclusively at PrivSec Global to discuss AI and how workplace policies can adapt to meet the emerging technology’s compliance and responsibility demands. Below, she answers questions on the topic and sheds light on her professional pathway.

Could you outline your career journey so far?

I am a graduate of the Faculty of Law at the University of Bucharest, holding a master’s degree in European Law with a specialization in Design Thinking from M.I.T.

Ten years ago, I co-founded Decalex, the first entirely Romanian company specializing in data protection compliance services. Motivated by my passion for the intersection of fundamental human rights and technology evolution, I obtained an international certification from the IAPP as an expert in European data protection law (CIPP/E).

I am also the co-founder and former vice president of the Romanian Data Protection Professionals Association (ASCPD) and represent Romania in the European Confederation of Data Protection Organizations. In 2021, I was appointed to the board and Compliance and Ethics Council of EIT Health and am frequently invited as a speaker at international privacy and cybersecurity conferences.

Known for my organized approach and meticulous attention to detail, I am passionate about the fundamental right to privacy. Along with my partners, I have pioneered professional data protection services required by companies and their employees.

An entrepreneurial spirit always seeking the latest initiatives in GDPR and cybersecurity, I combine an analytical, optimistic nature with a readiness for innovation. I consistently bring new ideas to my partners and team.

Decalex, co-founded by me and my partners Cristian Deca and Ciprian Harabagiu in 2013, has become a benchmark in data protection compliance, cybersecurity, and business consultancy after a decade. This year, the company is set to launch Romania’s first digital application for employees and companies, providing comprehensive, user-friendly access to GDPR compliance resources.

What are the big compliance challenges facing organisations who want to embrace AI technology?

The foremost compliance challenge for organizations adopting AI technology is the absence of specific legislation, creating a void in the legal framework. Without clear laws, companies bear the responsibility of anticipating all potential negative impacts of AI solutions, evaluating the harm these may pose to consumers, and how they may affect fundamental rights.

A well-defined set of guidelines and frameworks is essential for the responsible operation of AI, with a strong emphasis on transparency. Moreover, the ethical and compliant use of personal information by AI systems represents another significant hurdle, as organizations must navigate complex privacy concerns and ensure the protection of individual data rights.

What strategies should companies be implementing in order to mitigate risk and work towards responsible use of AI?

To mitigate risk and ensure responsible use of AI, companies should first implement comprehensive governance frameworks that define clear policies for AI ethics, data handling, and compliance with existing privacy laws like GDPR. This includes setting up oversight committees or ethics boards to review and approve AI deployments, ensuring accountability and transparency. Regular audits and updates to these policies are crucial as technology and regulations evolve. Additionally, companies need to invest in ongoing employee training to foster an organizational culture that prioritizes ethical AI use and compliance.

On the technical front, organizations should adopt strategies such as employing AI explainability and fairness tools to identify and mitigate biases in AI algorithms. Establishing robust data encryption and anonymization techniques will protect personal information, adhering to privacy standards. 

They must also engage in active collaboration with stakeholders, including legal experts, ethicists, and data scientists, to stay ahead of emerging risks. By integrating these practices, companies can navigate the complex landscape of AI, balancing innovation with ethical responsibility and legal compliance.