IE Law School and ECIJA present their report on data governance and data privacy

The implementation of data governance systems is increasingly recognized as a means for companies to effectively manage their information in an agile, flexible, and secure manner, in alignment with their business strategy. This approach is now being perceived as both an investment and an opportunity. This is one of the main conclusions of the report on data governance and privacy, which was the result of a previous focus group involving professionals from various sectors.

IE - ECIJA Digital Law Observatory was established with the purpose of exploring and researching the diverse legal dimensions and implications of the digital economy. The Observatory aims to become a platform for legal and academic research and dissemination within this new legal framework.

The event was attended by Yolanda González, Data Protection Delegate at Cepsa; Ana Regidor, Privacy Director at Amadeus IT Group; Borja Larrumbide, Head of Security for Spain and Portugal at Amazon Web Services; Marcos García-Gasco, Associate Legal Director (DPO Europe) at Xiaomi; and Teresa Pereyra, IT and Privacy Partner at ECIJA. They were welcomed by Macarena Plaza, Head of Corporate Development and Legal Innovation at IE Law School and the Academic Director of the Observatory.

Among various topics, the participants discussed the state of the data economy and the progress made since the implementation of the General Data Protection Regulation (GDPR). Ana Regidor, Chief Privacy Officer at Amadeus IT Group, emphasized that one of the significant benefits of establishing comprehensive data governance is recognizing that 'having the data' does not equate to 'owning the data. Marcos García-Gasco, Associate Legal Director (DPO Europe) at Xiaomi, stressed the importance of persuading the business itself that privacy and data protection are part of the service provided to the market. He further added, 'Implementing a robust customer service system in terms of rights and data protection will help avoid potential fines from the Spanish Data Protection Agency.'

Procedures, people, and infrastructure form the essential components for building these systems. When Yolanda González, Cepsa's Data Protection Delegate, inquired about the interaction and coexistence of the new roles involved in data management, Borja Larrumbide, Security Manager for Spain and Portugal at Amazon Web Services, provided a concise response, stating, 'The key is to ensure coordination and establish a matrix of roles.'