Influential Women in Privacy: Petruta Pirvan

Welcome to our video interview series: Privacy Leaders! We interview the best and the brightest minds in the privacy space to get their insights on all things privacy and regulation including the infamous EU General Data Protection Regulation, California Consumer Privacy Act (CCPA), the future of privacy, how to automate your privacy program and more.

Today, in honor of International Women’s Day, we have Petruta Pirvan, Global Data Privacy Compliance Officer at Maersk.

Read on to see Petruta’s insights and advice, or if you prefer video you can watch the highlights video below.

How has the GDPR influenced the Privacy landscape?

The GDPR is the expression of one of the highest values of the European Union, the right of privacy and protection of private data as a fundamental human right. The GDPR has deep historical roots in the European Convention of Human Rights designed to afford equal protection to the right of privacy and freedom of expression. Protection of privacy as a fundamental human right has been perpetually at the center of the EU legislator preoccupation. In Convention 108, the Council of Europe took the view that those holding and using personal information in computerized form have a social responsibility to safeguard such personal information, particularly when decisions that affect individuals are increasingly based on information stored in computerized data files. The Data Protection Directive of 1995 laid down the pillars of the forthcoming landmark GDPR legislation in the EU whose effects are far much greater than those of the 1995 Directive.  

From an economic perspective the GDPR facilitated the businesses to take full advantage of the benefits of the internal market by maximizing the consistency of approaches among EU member states and by bringing about a coherent data protection framework.  

From an ethical perspective the GDPR protections are afforded to all individuals in the Union, independent of their nationality or country of origins, and put individuals in control of their data by, for example, imposing stricter conditions for the validity of individual’s consent. The GDPR promotes high standards of transparency and new rights (data portability, restriction of processing, the right to be forgotten and in relation to profiling) for individuals. The accountability regime of the GDPR educates businesses to take into account data protection mechanisms from the outset of a product or service and thought its entire lifecycle and introduces the concept of similarly responsivities for data processors.

Since its entering into effect in 2018 the GDPR has reverberated far across the EU borders, being a game changer for the privacy landscape around the world. Countries in Africa, Asia and Latin America implemented or are in the process of implementing similar-like GDPR data protection legislation. At the same time the GDPR implementation spurred the discussions around the adoption of a Federal Data Protection Legislation in the US. In reality, the GDPR “infected” countries around the world and their legislators with its vision of data privacy as a fundamental human right. Therefore, we can say that GDPR did not only influence the data privacy landscape, but it has changed the word perception and approach on privacy as a fundamental human right.

Why is privacy the place to be for women in tech?

Tech companies and not only tech companies should already be on their path to understand that perpetuating a stark gender gap and an overrepresentation of women in lower paying jobs is coming to its lapse. Diversity of approaches and opinions are the core of a creative environment which lives out of novelty and ever-changing business. The past few years have been marked by women at the realm of big IT corporations and international institutions.

For example, Accenture CEO, Julie Sweet is one of the most powerful women in corporate America, the digital agenda of the EU is led by another woman, Margrethe Vestager whilst Safra Catz is successfully leading Oracle.

Petruta Pirvan

These are few examples of women who proved that, when entrusted with the highest leading position in the biggest organizations in the world, they can drive a prosperous business and be the voice for gender equality in the workplace. Data privacy is a realm of management, pro-active strategy and leadership and as Ruth Bader Ginsburg once said:

Women belong in all places where decisions are being made.

Ruth Bader Ginsburg

How does a typical day in the life of a privacy Professional look like?

A day in the life of a privacy professional looks very challenging. The biggest challenges are coming from the very traditional businesses which are less flexible to changes. This type of organizations CEOs might not have a defined understanding of the data protection regulatory landscape and its benefits for their business. The consequence is a reduced budget and a low engagement for allocating proper resources on data protection programmes. I’m experiencing big, multinational companies, blended B2B/B2C businesses refusing to appoint a DPO or appointing only a Data Privacy Professional to uphold an entire Data Protection Program for the whole business with an estimated number of employees at over 80.000 employees globally. I’m experiencing harmful mentalities such as “data protection is only a paper-based” exercise or “if nothing happened to us in the past 10 years why should we care for complying with the GDPR?”. At the same time the Regulators intense focus on tech companies and B2Cs are not helping the cause. I feel the pressure on our shoulders, mine and my peer’s in the data privacy community, together with the Associations we are part of, for advocating and signaling that data protection is as important for B2Bs as it is for B2Cs. I wish I would not hear anymore the argument that “we don’t allocate resources because we are a B2B and being a B2B is a risk mitigator against regulatory fines”. But this perception will change only once the Regulators will start cracking down on B2Bs as well as much as they do with the tech companies or B2Cs.

What is the best way to build a career in Privacy? What advice do you have for women interested in a career in Privacy?

I would advise any women interested to take up a career in Data Privacy to work hard and make sure that they start this project and they continue it with dedication and involvement. This is one of the most emergent areas in law, therefore, we don’t rely on tones of academic and specialized literature like in other traditional legal disciplines such as for example commercial law. Besides being emergent, Data Privacy is also a realm of daily changes and daily nuances and new interpretations. As said before, tech industry but not only is gender-clustered toward men. Therefore, women need to be prepared to be played down and having to work even harder to be able to succeed.

Ultimately, my advice is to stay strong and behave and lead ethically.

Petruta Pirvan

They have a mission, that of advancing and advocating for individuals’ rights to privacy and protection of their personal data.

What are your top tips for success?

My top tips for success are: 1) Look at your job as your mission and do it with passion and dedication 2) Educate yourself, take as many training courses as you can, make use of any tools available out there, stay in touch with other professionals in the filed and exchange ideas and information 3) Every challenge or even failure is just a way to start all over again but from a smarter and wiser perspective.

Stay tuned for the next Privacy Leaders post by following our LinkedIn and Blog. 

Join your peers and get the latest GRC, Privacy, Security and Regulatory updates delivered straight to your inbox

Read more about our tailor-made software for data privacy and integrated risk management

Relevant news & insights:

Searching for Guidance on Data Transfers (Still)

Following “Schrems II,” privacy professionals have been waiting for a conclusive answer to the issue of data flows. The European Commission unveiled its draft implementing decision for the new SCCs last November and negotiations over an updated Privacy Shield have been “intensifying.”

Read more »