In our latest reader-submitted Q&A, Tsvetina Hristova Lungarova tells us about the importance of learning

What is your full job title?

I provide a Data Protection Officer as a Service (DPOaaS)

Which industry do you work in? (data protection/security/privacy) How long have you worked in the industry?

Privacy and Data Protection became professionally important to me four years ago (2016) while I was designing the marketing strategy of a company that is offering telemedicine and cloud solutions (mainly IaaS and SaaS) for healthcare providers as we had to decide how to approach various markets (EU, USA, etc.). This included considering the dynamics in the respective legislation and the respective effects they have on that company’s products’ architectures and its business model in general.

How long have you worked in your current role?

About three years –  two of them as a DPO Correspondent for various countries in a multinational company and the last one as an independent consultant.

How did you get into your current role?

I wanted to get maximum exposure to privacy and data protection topics in various industries. I’ve been previously engaged in design and improvement of business processes in the legal services industry; event management; facility management; cloud services; manufacturing and FMCG which combined with my education (public relations and economics) is covering most of what are considered to be the main capabilities of any company regardless of the specific area of business in which it operates. This is exactly where you need to get to in order to establish an effective and sustainable data protection program – understanding how a company works.

What does a typical day look like?

  1. Coffee. Seriously – whether it be a coffee, tea or just a glass of water, but a ritual is needed to get myself focused.
  2. 1st communications sprint for the day (e-mail, notifications, calls, etc.). I’m doing such sprints several times during the day, because I need to keep myself 100% concentrated the rest of the time.
  3. Going to school. That’s true and it is maybe one of the aspects I like the most about this profession – you must read every day to keep yourself up-to-date and be able to analyze and advice. It’s not only industry-specific topics, no, not at all. It is about what your clients are doing, technology developments, policy developments, social trends – it’s a bout knowing your world.
  4. 2nd communications sprint
  5. Transition from reading to advising – meetings (still gathering information like in point 3, but also providing an opinion like in point 6).
  6. Consulting. 
  7. 3rd communications sprint

What is your greatest achievement so far?

Being part of the team for redesigning the global breach response management program of a famous multinational company and being appointed as the first member of its global privacy incident committee. It has been a huge appreciation of my dedication and I consider it one of the best professional exposure opportunities one could get in this field. I will be always grateful to the people who trusted me and gave me this chance.

What is the most challenging thing about your role?

Making people go through a change. This role requires a lot of change management skills, knowing and applying all respective techniques related to the five stages of grief, because on daily bases you need to tell result-oriented professionals in areas that are different to privacy and data protection that what they are willing to do either needs to happen in a different way or to make them consider a number of aspects before taking their final practical decisions (not to mention documenting almost all of it) while they usually intend it to be all done by yesterday. 

What part of your role do you enjoy the most?

Learning and handling data breaches – because this is how I can improve (myself together with my work). In the first case is by acquiring information in a calm and stable environment and the second is learning by mistake/experience. Data breach is definitely a bad thing to happen, but handling it properly is something good. I love the adrenaline, deduction and creativity that are erupting during such situations and I love being part of the solution.

How do you see your role/industry changing in the next few years?

Segmentation, and strict professional profiling –  “I do privacy and data protection” is not something people will be able to say for long, or at least it will become an analogy with the medical general practicians. Then we will have to get specialized by education and experience in certain areas as they evolve in an extremely fast manner. This is likely to be by topic rather than by industry and for holistic data protection an organization would need a Concilium.

Would you recommend working in this role? Please give your reasons.

As I’ve chosen it for myself – 100%, but we are all different, so it depends on the person and his/ her talents and preferences.

It is a very dynamic one, challenging, there is a cause (we are talking about human rights in the first place), you can never get your education for it finished – it is ongoing, while helping others you will have very often to make them understand that you are not an enemy, be ready for extreme moments, tight deadlines and a lot of pressure. You need to be polite, have the ability to educate others and summarize complex topics for them, resulting in productive business decisions.

PrivSec Report Job Focus


Do you work in privacy, security or data protection? Don’t miss the chance to feature in one of PrivSec Report’s regular job focus Q&As.

We are looking for people who work in privacy, security and data protection roles and those who work in related legal and regulatory fields across a range of industries to tell us about their everyday job.

Just fill in our  short Q&A (see questions below) and submit a photograph to be considered for inclusion. We want to feature people of all levels of seniority.

If you want to take part, email Carl Brown at