Adrian Bucur, CIPP/E, CIPM, CIPT, FIP



Data Protection Officer

Not very long ago, there was no room for privacy in my technically oriented mindset. As I was involved in security governance, in 2017 I was part of the Privacy Team my company assembled for a IAPP DPO Ready training Bundle: CIPP/E & CIPM. That was the time when I realized that privacy is actually more than “the right to be left alone”. I chose to get involved into my company’s journey towards GDPR compliance and I have been appointed DPO, with all the up’s and down’s of such controversial role. From that position I was able to change a little bit the mindset of the business people: data protection should be a concern in all business aspects. At the time of writing this statement I am struggling with the same perception of what personal data means and how that data should be treated, but in a different environment: banking. As the time permits, I am writing on my personal blog about data protection, hoping that I will be able to move that irremovable stone:  people’s mindset that data protection is just a marketing consent or an attempt to fit your actions into one of the six lawful basis written in GDPR.