What do you do?
My daily work focuses on advising clients in both the public and private sectors, at a national and international level (especially in Latin America). The advice is normally related to regulatory compliance in technological environments (data protection, cybersecurity, intellectualproperty, identification and electronic signatures, outsourcing) due to the deep digitisation to which most product sectors are being subjected worldwide. That is to say that I develop my activity in all sectors.
Additionally, my activity related to IT consultancy is combined with another branch that I am passionate about: compliance. In this case, my role focuses on designing methodologies and management systems to centralise compliance models that allow organisations (usually multinationals) to be more coherent, efficient and secure when it comes to ensuring compliance with the multiple regulations they must comply with in the different jurisdictions where they operate. Of course, this work is always carried out in conjunction with other partners of the firm, who are specialists in each of these regulations.
Why data?
I like to say that I am an engineer by vocation. I am passionate about the world of law and it never ceases to surprise me on a daily basis, but long before I decided to study law and become a lawyer, I was convinced that law and technology were destined to come together and understand each other. Let's say that this specialisation and that of compliance allow me to unite the worlds of technology, law and consultancy, which are what I am really passionate about.
What's keeping you busy?
Over the last few months, a large part of the team has been focused on closing a couple of deals. In one of them, we have spent nearly a year defining, developing and implementing a governance, risk and compliance management model for a multinational company, from which the global regulatory compliance of the organisation is centralised, achieving an increase in efficiency in relation to time and resources (human and economic). In particular, the regulations involved range from data protection, cybersecurity, intellectual property, consumer and user protection, anti-corruption and competition law. A very complex yet exciting project.
Additionally, we are currently advising two of the world's leading manufacturers of identification and signature technology based on biometric parameters, in order to align the compliance of their systems with the regulations of a total of 9 countries.
In addition, we combine our work on these two projects with advising on data protection and, unfortunately, in relation to cybersecurity breaches suffered by public and private entities in Spain.
What mentors or other influential figures have helped you get where you are today?
I always like to acknowledge that it would have been impossible to be here had it not been for the support, mentoring, freedom and autonomy I was allowed at the first firm where I started working.
From that moment on, and now at ECIJA, I have learned a great deal not only about law, but also about management from my partner and friend Alejandro Touriño and Hugo Écija, managing partner of the firm, who have always been able to guide me and teach me to have a nose for business, as well as the intuition to achieve that extra point and added value that clients always require.
Finally, my family and my wife, without a doubt, have been and are a constant support.
If you could change one data-related law, how and why would you change it?
Perhaps it is not the regulation itself that would change, but the approach and interpretation of this regulation by some regulators. Data protection regulation was not designed for Europe to lose competitiveness with other countries, but rather to gain competitiveness within a protectionist environment that guarantees citizens' right to privacy and data protection. At the moment, I am afraid that we are not always achieving this goal.
How has covid-19 affected what you do?
I am sure that there is no one in the world who has not been affected by the situation we are living through. I don't think anyone, even in the worst of their foresight, would plan to live through something like this.
Professionally speaking, it has been a complicated year in which, due to the confinements decreed by most countries, we have had to combine our professional and personal activities for a large part of the year. Something which, given the pace of work we are used to, has not been at all easy, but which, looking back, I can affirm that we have passed with flying colours. The worst thing has certainly been the fact that we have never been able to disconnect from work, largely, I imagine, because many of us have also used it as an escape route.
What's the next big thing - what data opportunities are companies now looking at?
Primarily everything related to business models associated with the respectful exploitation of users' personal data. Privacy is already becoming an important business, and at the same time that privacy is an important business, the conscious, voluntary and duly informed renunciation of certain spheres of privacy, allowing organisations to carry out certain types of data processing, also opens the door to very interesting business models for many organisations. I believe that there are very interesting opportunities for many organisations along these lines.
What's keeping companies worried at the moment - what are some key data risks?
Mainly the risks derived from suffering cybersecurity attacks, affecting both personal data and the continuity of their business, and at the same time, having sufficient capacity to be able to accredit due diligence to avoid or reduce the risk of this type of situation occurring.
What do you do to relax?
I try to focus on my family, on learning new things related to computers and the world of investment (stock trading and cryptocurrency trading) and whenever possible, diving or going out on the road with my motorbike.