Ana Jankov recently joined FTI Technology’s Information Governance, Privacy & Security (IGP&S) practice in Brussels as a Senior Director. As a data protection lawyer and with 15 years of experience in data privacy, she advises clients on a wide range of information security and privacy issues. In this Q&A, Ana explains her view of the current challenges in the data protection space and how businesses can proactively address the related risks.
Welcome Ana. Before we jump into the details of your new role, will you share the highlights of your professional background?
Yes, thank you. My background is in law, and I initially specialised in employment law at a corporate law firm. In 2012 and 2013, around the time of the Edward Snowden surveillance revelations, my firm started receiving more and more questions from clients related to data protection issues. My colleagues felt that this area was closest to my expertise, so those queries landed on my desk! I got up to speed quickly and built up my expertise in data protection to be able to service our corporate clients. Eventually, I helped establish the data protection practice in that law firm.
Why did you join FTI Technology?
I moved to Belgium about four years ago and was looking for a job that matched my experience and offered an exciting workplace. I originally joined FTI Consulting’s Strategic Communications team in Brussels, where I advised technology companies on EU public affairs. However, when I learned about the Technology segment’s IGP&S practice, where data protection is a focus, I was really interested. This practice felt like a great fit, so I made the transition.
What does your new role involve?
Right now, I'm assisting clients from a broad range of industries with different data protection and privacy issues. I help them implement and manage their privacy programmes, understand their risk when processing personal data and remediate any shortcomings in their approaches.
One of the most topical aspects of my work is advising on international data transfers, particularly transatlantic data transfers to the U.S., because they are so common. At the same time, they entail numerous legal and security requirements that many clients have difficulties in navigating.
What are the most pressing issues keeping your clients awake at night?
I think there are two main issues. One is the security of their IT system, and how to put in place and maintain the measures that prevent data breaches. Number two is ensuring that their compliance with data protection meets the regulations and international industry standards, which are constantly changing. It's a very dynamic area.
Are you still seeing any effects from the pandemic in terms of data privacy challenges or risks?
It definitely created challenges, which are still reverberating. Working online in a virtual space, rather than in the traditional office environment, automatically increased the potential exposure of a lot of data, including personal data, to risk and abuse. Covid amplified the vulnerability of IT systems, and it strengthened the importance of having the appropriate information security measures in place.
On the one hand, as a result of covid, we needed to share data more intensively all over the globe. At the same time, at the peak of the pandemic, the ruling of the European Court of Justice in the Schrems II case put an additional burden on EU companies that transfer data to countries outside of the EU.
While there have clearly been challenges, where are your clients' opportunities now?
I think for many clients the opportunities lie in becoming an industry leader. Avoiding penalties from the regulator or complaints by their employees or other individuals are a baseline. But they should also be taking steps toward an all-encompassing privacy programme that demonstrates they have adequate measures in place to safeguard the privacy of individuals and the security of data and IT systems.
This is now a reputational issue as well as a purely regulatory issue. So, I think companies should definitely have that in mind. You can improve your reputation significantly if you go a step ahead and implement a programme that upholds responsible governance and strong data protection.
What do you enjoy most about working in this space?
No two days are ever the same. My main motivation is to help companies navigate complex data privacy regulations in a way that not only makes them compliant but enables true business change and the opportunity to be an industry leader. And that's the real challenge, especially considering privacy rules aren't focused on business efficiency and are often cumbersome or perceived as disproportionate.
What’s the significance for FTI Technology to have a presence in Brussels?
Data protection is often geographically sensitive, and companies located in the EU might prefer to have a first point of contact in the EU, or within their own country.
Europe is the hub of the GDPR and everything that revolves around it. So, non-EU companies operating in Europe must have a representative for GDPR in the region. Also, the European Data Protection Board is based in Brussels, as is the European Data Protection Supervisor. So, there’s a real value to clients in having locally-based data privacy experts here.
And finally, what can you share about your life outside of work?
I have a one-year-old son, so much of my time outside work is spent with him. And my husband, of course. Family time is precious, and sometimes it’s challenging to fit in with work obligations. But I'm very proud that FTI Technology offers a friendly and understanding environment for parents like me and allows me flexibility in balancing work and family life.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.