Meet the GDPRLocal Team: Daniela Atanasovska

As we continue our journey of introducing our data protection specialists, we invite you to delve deeper into this world through Daniela‘s perspective. Join us as she share expert insights and strategies to keep your data safe in an ever-changing digital landscape.

Q: Can you briefly describe your role at GDPR Local and share some insights into your day-to-day responsibilities when it comes to GDPR implementation projects and data protection?

A: As a Compliance Executive my day-to-day activities involve guiding our worldwide clients through the complex landscape of data protection and GDPR compliance, helping them safeguard their data, and ensuring they meet regulatory requirements. Besides GDPR compliance we cover data protection compliance programs for US, Canada, Australia, South America, Middle East and other countries outside EEA.

Shortly my responsibilities are likely to include some of the following:

Client Assessment: evaluating the data protection and GDPR compliance needs of external client companies.

Customized Solutions: developing tailored GDPR and other data protection compliance strategies and solutions for each client based on their origin, specific data processing activities and requirements.

Regulatory Guidance: stay up-to-date with GDPR and other relevant data protection regulations to provide accurate guidance to clients.

Risk Assessment: conducting thorough risk assessments for clients organizations to identify potential data protection risks and vulnerabilities.

Documentation and Policies: creating or assisting clients in creating and maintaining necessary data protection documentation, including privacy and cookies policies, records of processing activities(ROPA), data protection impact assessments (DPIAs), data retention policies, GDPR strategies, etc.

Training: providing training and awareness programs to clients staff to ensure they understand and adhere to GDPR compliance requirements.

Incident Response: developing incident response plans and procedures for clients to address data breaches and incidents promptly and in compliance with regulatory requirements.

Data Subject Requests (DSRs): helping clients to manage and respond to data subject requests, such as access requests and data erasure requests.

Vendor Management: evaluating and advising clients on their data processing vendors and third-party contracts to ensure GDPR compliance.

Audit and Monitoring: establishing systems for continuous monitoring and auditing of data processing activities for clients to maintain compliance over time.

Compliance Reporting: preparing and submitting necessary compliance reports and notifications to regulatory authorities on behalf of clients, if required.

Privacy by Design and Default: promoting and assisting clients in implementing privacy by default and by design principles in their products and services.

Data Protection Impact Assessments (DPIAs): conducting DPIAs for clients when necessary to assess and mitigate risks associated with specific data processing activities.

Advisory Services: offering ongoing advisory services to clients, addressing any questions or concerns related to data protection and GDPR compliance.

Compliance Checks: periodically reviewing and updating clients’ compliance measures to ensure they align with evolving regulations and best practices.

Q: In the world of data protection, what are some common misconceptions or myths that you frequently encounter? How do you educate clients and colleagues to dispel these misconceptions?

A: Some of the most prevalent common misconceptions or myths that I can recall from my practice include:

“We’re a small business; GDPR doesn’t apply to us.”: But in reality, GDPR applies to any organization that processes personal data, regardless of its size or form – public or private. To dispel this myth, I educate clients and colleagues that GDPR has different requirements depending on the scale and nature of data processing, but it is essential for all businesses to assess their obligations.

“We have consent; we don’t need to worry about anything else.”: While consent is one legal basis for processing, it’s crucial to clarify that GDPR includes several other lawful bases, such as legitimate interests and contractual necessity. Educating clients and colleagues involves explaining these alternative legal grounds and their implications.

“Data breaches must always be reported to the authorities.”: In reality, GDPR requires reporting only for breaches that pose a risk to individuals’ rights and freedoms. To educate, I emphasize the importance of conducting a risk assessment before reporting breaches.

“We can store personal data indefinitely.”: Some organizations believe there are no limitations on how long they can retain personal data. GDPR emphasizes data minimization and storage limitation principles, which means data should not be kept longer than necessary for the purpose for which it was collected. I educate by emphasising  on the importance of defining data retention policies.

“We can transfer personal data outside the EU freely.”: GDPR imposes conditions on international data transfers, including using standard contractual clauses or ensuring that the destination country provides an adequate level of data protection. I educate clients and colleagues on these requirements to prevent compliance issues.

Q: You have some certifications in your long working experience. Can you elaborate on the value you believe certifications bring to professionals in the field, and how has your certification specifically enhanced your ability to excel in your work?”

A: Certifications hold immense value for professionals in the field of data protection and information security and I can single out that they:

• serve as validation of expertise,
• are industry recognized in the field, fostering trust and confidence,
• bring continuous learning ensuring professionals to stay up-to-date in a rapidly changing landscape,
• set professionals apart in a competitive job market, signalling dedication to excellence,
• provide standardised knowledge with best practices for addressing diverse challenges,
• enhance problem-solving abilities through practical exercises, and last but not least
• offer global relevance enabling professionals to work internationally.

For me, I can say that certifications have been instrumental in enhancing my ability to excel in my work over the years. For example ISO 27001, have significantly enhanced my ability to excel my knowledge and skills in the field of data protection and information security bringing me:

Deepened Knowledge: ISO 27001 certification has deepened my understanding of information security management systems (ISMS), risk assessment, and compliance. This comprehensive knowledge has been crucial in advising clients on robust data protection strategies.

Structured Approach: this certificate provides a structured framework for implementing and managing ISMS. This framework has enabled me to help organizations in developing systematic and effective data protection measures, reducing the likelihood of data breaches.

Risk Management: the emphasis on risk management from ISO 27001 has been invaluable. It has allowed me to help companies to identify potential risks and vulnerabilities in data processing activities and implement proactive measures to mitigate these risks.

Client Trust: Clients place a high degree of trust in professionals with certifications. It reassures them that I have the necessary skills and knowledge to safeguard their sensitive data and ensure compliance with data protection laws.

Q: Running is often seen as a way to maintain a healthy work-life balance. Do you engage in any physical activities, such as running or other sports, and how do they contribute to your overall well-being?

A: Yes, I actively engage in physical activities, primarily running, cycling, swimming, trail running, but also hiking, tennis, table tennis, volleyball, roller skating, skiing in winter, etc.

Also I can say that this year has been truly special for me in terms of sports. During spring, I ran a marathon in Rome and completed several half-marathons and trail races. I also successfully took part in various triathlons, duathlons, and aquathlons. What’s even better is that in some of these races, I came in first, second, or third place individually. I want to emphasise that I’m particularly proud of winning first place as part of a team with my colleagues from Sopro and GDPRlocal in the “First to the Top of Vodno” race.

These activities play a significant role in maintaining a healthy work-life balance and contribute to my overall well-being in several ways:

– It gives me energy and vitality, making every day feel invigorating.

– They serve as a natural stress-reliever, helping me find inner peace and balance amidst life’s challenges.

– Gives me mental clarity, clears my mind, providing clarity for creative thinking and problem-solving.

– They keep me physically fit, ensuring a healthy body that supports a fulfilling life.

– They give me a sense of achievement. Setting and surpassing fitness goals boosts my confidence, reminding me that I can go further and beyond some mental boundaries.

– Most importantly, they bring joy and a sense of accomplishment to my daily routine.

In essence, these activities are my daily dose of happiness and well-being, enabling me to thrive both personally and professionally.

In my social life, spending time with family, friends, and colleagues through these activities is a chance to connect and make great memories, whether it’s playing sports, hiking with loved ones, or exercising together. Overall, physical activities are not just a way to stay healthy; they are a cornerstone of my well-rounded and fulfilling life.

Looking ahead, I have another marathon lined up for this weekend, and I’m optimistic about tackling longer triathlon distances like a half ironman or an ironman for the next year.

By now it’s been an exciting journey, and I’m looking forward to more challenges and opportunities in the future.

We are thrilled to have Daniela as a member of our team, spearheading our GDPR compliance efforts with her expertise and dedication to safeguarding data. Stay tuned for an abundance of insights and valuable tips from our executives on our blog. Your privacy is in capable hands with an amazing team like ours!