Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.
Cristiana Deca is CEO and Data Protection Expert at Decalex Digital. An entrepreneur by design, Cristiana is a full stack data protection expert, and also the founder of the first Romanian privacy compliance company focused exclusively on privacy and data protection.
Cristiana Deca appears exclusively at PrivSec Global to discuss AI and how workplace policies can adapt to meet the emerging technology’s compliance and responsibility demands. Below, she answers questions on the topic and sheds light on her professional pathway.
- Workplace AI policies: Does your company need them? - Day 1, Wednesday 29th November, 13:30 - 14:15pm GMT
Could you outline your career journey so far?
I am a graduate of the Faculty of Law at the University of Bucharest, holding a master’s degree in European Law with a specialization in Design Thinking from M.I.T.
Ten years ago, I co-founded Decalex, the first entirely Romanian company specializing in data protection compliance services. Motivated by my passion for the intersection of fundamental human rights and technology evolution, I obtained an international certification from the IAPP as an expert in European data protection law (CIPP/E).
I am also the co-founder and former vice president of the Romanian Data Protection Professionals Association (ASCPD) and represent Romania in the European Confederation of Data Protection Organizations. In 2021, I was appointed to the board and Compliance and Ethics Council of EIT Health and am frequently invited as a speaker at international privacy and cybersecurity conferences.
Known for my organized approach and meticulous attention to detail, I am passionate about the fundamental right to privacy. Along with my partners, I have pioneered professional data protection services required by companies and their employees.
An entrepreneurial spirit always seeking the latest initiatives in GDPR and cybersecurity, I combine an analytical, optimistic nature with a readiness for innovation. I consistently bring new ideas to my partners and team.
Decalex, co-founded by me and my partners Cristian Deca and Ciprian Harabagiu in 2013, has become a benchmark in data protection compliance, cybersecurity, and business consultancy after a decade. This year, the company is set to launch Romania’s first digital application for employees and companies, providing comprehensive, user-friendly access to GDPR compliance resources.
What are the big compliance challenges facing organisations who want to embrace AI technology?
The foremost compliance challenge for organizations adopting AI technology is the absence of specific legislation, creating a void in the legal framework. Without clear laws, companies bear the responsibility of anticipating all potential negative impacts of AI solutions, evaluating the harm these may pose to consumers, and how they may affect fundamental rights.
A well-defined set of guidelines and frameworks is essential for the responsible operation of AI, with a strong emphasis on transparency. Moreover, the ethical and compliant use of personal information by AI systems represents another significant hurdle, as organizations must navigate complex privacy concerns and ensure the protection of individual data rights.
What strategies should companies be implementing in order to mitigate risk and work towards responsible use of AI?
To mitigate risk and ensure responsible use of AI, companies should first implement comprehensive governance frameworks that define clear policies for AI ethics, data handling, and compliance with existing privacy laws like GDPR. This includes setting up oversight committees or ethics boards to review and approve AI deployments, ensuring accountability and transparency. Regular audits and updates to these policies are crucial as technology and regulations evolve. Additionally, companies need to invest in ongoing employee training to foster an organizational culture that prioritizes ethical AI use and compliance.
On the technical front, organizations should adopt strategies such as employing AI explainability and fairness tools to identify and mitigate biases in AI algorithms. Establishing robust data encryption and anonymization techniques will protect personal information, adhering to privacy standards.
They must also engage in active collaboration with stakeholders, including legal experts, ethicists, and data scientists, to stay ahead of emerging risks. By integrating these practices, companies can navigate the complex landscape of AI, balancing innovation with ethical responsibility and legal compliance.
There is no doubt that AI is the new revolution; it is developing rapidly, both technologically and legally, and many organisations are facing the big question: How do you remain compliant, while gaining the commercial benefit of using AI?
This interactive session will provide a practical roadmap to avoid AI chaos, guiding on how to overcome challenges and pitfalls, and build a responsible AI strategy in the workplace.
Get to the heart of the conversation, only at PrivSec Global.
Also on the panel:
- Kristen Pennington, Partner, Privacy Law, McMillan LLP
- Prekshi Gupta, AI Engineer, Fugro
- Alexander Alaraj, Group Data Protection Officer, IKEA Retail (Ingka Group)
- Janine McKelvey, General Counsel - Data, Group Data Protection & Ethics Officer, BT Group
- Session: Workplace AI policies: Does your company need them?
- Time: 13:30 – 14:15pm GMT
- Date: Day 1, Wednesday 29 November 2023
Discover more at PrivSec Global
As regulation gets stricter – and data and tech become more crucial – it’s increasingly clear that the skills required in each of these areas are not only connected, but inseparable.
Exclusively at PrivSec Global on 29 & 30 November 2023, industry leaders, academics and subject-matter experts unite to explore these skills and the central role they play within privacy, security and GRC.