In this Volunteer Spotlight, The Privacy Advisor caught up with Europcar Mobility Group Data Protection Officer Aurélie Banck, CIPP/E, CIPM, FIP. Since beginning her privacy career in 2006, Banck has implemented data protection and privacy programs at several organizations, including the French Ministry of the Interior and French Data Protection Authority, where she spent three years in charge of the bank and insurance sectors. She has also taught data protection at the university level since 2009 and published a book analyzing the EU General Data Protection Regulation’s impact on the financial sector.
Here, Banck discusses her experience with the IAPP, her passion for privacy and data protection and the approach she takes in her work.
The Privacy Advisor: How did you get involved with the IAPP as a volunteer?
Banck: My first volunteer effort was participating in the French translation of the CIPP/E and CIPM materials. I started in February 2017, and I am regularly solicited since. I am also a member of the Paris KnowledgeNet Chapter since 2019. We organize different events with professionals, industries and regulators around privacy and data protection topics. It’s very interesting because you participate to build a community.
The Privacy Advisor: What initially drew you to a career in privacy and data protection? What keeps you here?
Banck: In 2006, by coincidence, I was working for the Ministry of the Interior as a lawyer, and the chief of a dedicated service specializing in administration of police data processing was looking for a lawyer. I was looking for a new position, and this was the perfect match.
As a privacy professional, you work with all the company’s functions — HR, marketing, sales, digital, operations … this is the most interesting part of my job. There is also no routine. You start in the morning with things to do, and everything could change through a phone call or an email.
The Privacy Advisor: What’s the one data protection issue that needs to be addressed the most?
Banck: I think the data subject access request is becoming a sensitive topic. First of all, people, in general, are more aware of their rights than they were 10 years ago. So, companies receive more requests. Secondly, the requester does not follow a standard template (even if you put in place a standard process with a dedicated form). People can exercise their rights by any means and could mix requests — for example, right of access and right to be forgotten. And this is a source of complaints to the data protection authority. From my point of view, you need a strong procedure to train your team and control the quality of the responses, improving the process as much as you can.
The Privacy Advisor: What’s the biggest challenge you face as a privacy professional? Biggest reward?
Banck: My biggest challenge is staying aware of all the changes in data protection regulation and trying to find a common way through different regulations, which may be inconsistent. The most rewarding aspect is to be considered as a business partner.
The Privacy Advisor: What is a key piece of advice you share with the university students you teach?
Banck: “Done is better than perfect.” You can always improve a process or a project. But if you are waiting for perfection, you will never be in production.
The Privacy Advisor: What’s your greatest professional achievement?
Banck: I wrote a book in 2018 analyzing the impact of GDPR for the financial sector. It’s in its third edition. Sometimes, I receive photos from privacy pros showing their copy dirty, crumpled and ripped — that means it was at the bottom of their handbag, and it has been used. I feel that I’m part of their journey, and I’m very grateful for that.
Photo by Keagan Henman on Unsplash