Q&A: Dominic Piernot Discusses Takeaways from Recent Industry Event and His New Role at FTI Technology

Dom, FTI Technology recently sponsored a DKN Summit and you spoke on a data privacy panel alongside experts from banking, military and other industries. Before we talk about that, can you share the highlights of your professional background and how you ended up in the data privacy arena?

I started out in legal information technology (IT), which in Germany is different than legal tech — so, I was providing security, data centre support and practice management system implementations for legal departments. As the legal tech industry and my career matured, I started working more in e-discovery and document management, helping act as an interface between lawyers and technology. My work spanned cloud migrations and large e-discovery projects in Germany and France. Over time, that morphed into addressing the issues of cross-border data transfers and the data privacy restrictions involved in sending data between jurisdictions with different data protection regulations. That was how I started developing experience in data privacy law and compliance.

Going back to the DKN Summit, what was the focus of your panel?

After almost five years of the General Data Protection Regulation (GDPR), companies and corporations still have different and diverse levels of adoption for their privacy programmes. Our panel centred on what has changed in data privacy best practices, requirements, enforcement and overall compliance in the years since GDPR took effect. It was a great opportunity for participants to exchange experience with their peers and reset their perspectives according to the current state of things.

Do you find it surprising that there’s still such a wide spectrum of privacy programme maturity?

Yes and no. What I heard at the event is that many companies have been firefighting over the past two-plus years, given the sudden shift to remote work and the privacy concerns that stem from that. Larger organisations have the resources they need to be well prepared and pivot quickly to accommodate changes. That’s very different than the midsized organisations that have only one or two privacy stakeholders who are still working through establishing fundamentals.

The one common thread between them all is that everyone agrees there’s no way to achieve 100% total privacy compliance. Even the strongest programmes can be undermined by a nefarious employee or a data breach.

Did you get a sense that most privacy professionals are worried about the risks increasing?

Yes, most recognise that there’s still a long way to go, which can be intimidating. The remote work issue is still a challenge. Whether or not an organisation is bringing employees back into the office full time or allowing a hybrid work arrangement, there must be layers of governance. This requires finding the right balance between rigorous data protection controls and enabling access and usability for employees.

One bright spot amid all the worry is that business leaders and employees have really begun to embrace the importance of privacy, especially in the context of how trust or lack of trust can impact brand reputation. This mindset shift is helping pave the way for privacy professionals to make progress in implementing programmes.

So, how can they capitalise on that? Are there specific steps they can take?

Absolutely. There are fundamentals that can be established and best practices that will help demonstrate compliance, even if the programme isn’t backed by a large budget. One important step is for privacy professionals to build relationships with stakeholders across key groups that touch sensitive company data, such as IT, marketing and sales. When strong cross-functional relationships are in place, privacy leaders are more likely to be brought into new technology and process implementations or other key decision points early on in the process — which makes it possible to establish data privacy best practices at the foundation, rather than having to block a project in the final hour.

Through communication and cross-functional collaboration, privacy can become an enabler rather than a barrier.

What other data privacy challenges are organisations dealing with?

Responding to data subject access requests (DSARs) was another popular topic of discussion at the event. This is a very challenging aspect of data privacy and one that our teams at FTI Technology have significant experience with. Most organisations are still not prepared for responding to DSARs effectively, but with the right workflows and tools in place, it is possible to create an efficient and timely DSAR process.

The European Artificial Intelligence Act is another key issue right now. While this law is still in development, it’s likely to create some disruption in how organisations leverage artificial intelligence and run analytics across sensitive and personal information. Data privacy will be a fundamental layer for future data processes and how they are governed under the AI Act and/or other similar, impending laws.

Why is FTI Technology uniquely positioned to help clients with these issues?

Our expertise and reputation are unmatched in Germany, across EMEIA and globally. The calibre of the team here, and how quickly they have grown the practice, was a big part of my decision to join FTI Technology. I also believe this reputation and expertise are what set us apart from other consultancies.

In addition to our expertise in critical areas across technology, data privacy, e-discovery, analytics, investigations, information governance and digital assets, we have a strong global reach. Our clients benefit from the combined value of local people with expertise in their jurisdictions and a vast global team that can quickly scale to meet the needs of any size of challenge.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.