Why did you decide to become a data protection lawyer?
I have always been interested in the interface between IT and law. In other words, the technical and socio-political developments that force us to change our law. When the fathers of our constitution wrote the first 20 Articles of the constitution, it was not yet foreseeable that we would eventually post every meal on Instagram. That is why the right to information self-determination subsequently needed to be written into our constitution. A typical example of this development. I also love my job because it allows me to meet inspiring people from a wide range of industries, travel a lot and promote digitalisation at the forefront of exciting consulting projects.
You founded the company together with Manuel Stahl. How did this come about?
Long story short: A happy and boisterous evening with too much whisky on a trip to Japan by a Lions Club delegation played some part in the outcome. (laughs)
I was at Amazon and Manuel at an investment boutique during that time. We both wanted to go into self-employment and hit it off straight away. You know those evenings when you think it is a good idea to start a start-up or a band with people you have just met, but then you never see them again? Well, we met again and soon soberly came to the conclusion that we were both serious and willing to invest a lot of blood, sweat and time. Fast forward about 4 years of working weekends and a friendship that has become closer and closer over that time. And so Manuel actually became my best man this year.
What is one of your clients’ most common concerns and why?
This cannot be expressed in general terms. The Data Protection Officer has certain long-term tasks. This includes training, advising and cooperating with supervisory authorities. Beyond that however, no two mandates are the same. My job has taken me into the control tower of an airport, to serve as a mediator at the negotiating table with works councils and management boards, to server farms, and to the most beautiful corner offices all over Germany. Data protection is a management issue, and the bosses who have understood this appreciate me as a contact person who is always available, thinks in business terms and solves problems.
What has been your most exciting project at secjur GmbH so far?
As my answer to the previous question suggests, there are a few. Since I am a science nerd though, I would perhaps mention our projects in pharmaceuticals and telemedicine. The data protection implications of the developments there simply exceed anything we are currently able to imagine. I would highly recommend the book “Future Medicine” by Thomas Schulz to anyone who wants a little insight into the field.
What is the particular strength of secjur GmbH?
Clearly our interdisciplinary approach. We have lawyers, IT specialists, business economists, and internally we select the adviser again based on the sector they are specialised in. This means that our advisers really know what they are talking about. We regularly take on mandates from other data protection officers whose clients were not satisfied. And with some positive exceptions, we see that many service providers send their clients some generic documentation and then leave the client to cope. The actual protection requirements are not defined, but simply generalised. That really does not help anyone. We first take a look at exactly what data our customers process, the equipment used, what the state of the art is in the systems they work with, and whether there is a GAP of some kind. And then we provide advice, taking into account the implementation costs and the actual risks to establish an appropriate level of protection.
Does data protection hinder the development and use of new technologies, such as AI?
I do not believe that the answer to data protection is to use less technology. The technology just needs to be built to protect our data subjects’ rights. AI does not require personal data everywhere to make our lives better. And where personal reference is not required, it also should not be established. At the same time, however, I am often shocked at how little business leaders concern themselves with technology and how work is still frequently done in analogue form. That, in my opinion, is a huge waste of resources. One could even say a crime against the youth of Europe, who run the risk of eventually living in an economically isolated, irrelevant part of the world. If I manage do my part to stop this trend by saying so clearly, plainly and boldly (as I am), face to face with my clients’ CEOs, then I’m happy to do so!