Experts from companies such as Cepsa, Amadeus IT Group, Amazon Web Services, or Xiaomi participated in the event organized by the IE – ECIJA Digital Law Observatory. The implementation of data governance systems is proving to be a way for companies to manage their information in an agile, flexible, secure, and aligned manner with their business strategy, beginning to be perceived as an investment and an opportunity. This is one of the main conclusions of the report on data governance and privacy, resulting from a previous focus group with various professionals from the sector.

The IE – ECIJA Digital Law Observatory aims to delve into and research the various legal dimensions and implications arising from the digital economy to become a space for legal and academic research and dissemination of the new legal framework.

The event featured the participation of Yolanda González, Data Protection Delegate at Cepsa; Ana Regidor, Director of Privacy at Amadeus IT Group; Borja Larrumbide, Security Lead for Spain and Portugal at Amazon Web Services; Marcos García-Gasco, Associate Legal Director (DPO Europe) at Xiaomi; and Teresa Pereyra, IT & Privacy Partner at ECIJA, who were welcomed by Macarena Plaza, responsible for corporate development and legal innovation at IE Law School and academic director of the Observatory.

Among other topics, the discussion revolved around the current data economy and the journey since the entry into force of the GDPR. “One of the biggest advantages of structuring data governance in a broad way is to understand that ‘having the data’ does not mean ‘being the owner of the data’,” highlighted Ana Regidor, Director of Privacy at Amadeus IT Group. Marcos García-Gasco, Associate Legal Director (DPO Europe) at Xiaomi, emphasized that “it is necessary to convince the business itself that privacy and data protection are part of the service you offer to the market.” He added, “Having a robust customer service system regarding rights and data protection will prevent potential fines from the Spanish Data Protection Agency.”

Procedures, people, and infrastructure are key in building these systems. When asked by Yolanda González, Data Protection Delegate at Cepsa, about how the new roles around data management interact and coexist, for Borja Larrumbide, Security Lead for Spain and Portugal at Amazon Web Services, the response was clear: “The important thing is that there is coordination and a matrix of roles.”