Security Expert Interview Series: Vadym Honcharenko
We are delighted to present an exclusive interview with Vadym Honcharenko. Vadym is a Data Protection and Privacy Manager at Grammarly. In this interview, you will uncover some of Vadym’s insights on the compliance challenges for organisations with respect to the GDPR and what we can integrate into our daily tech habits to better protect our privacy. Now, enjoy the full interview below.
1. Firstly, thank you for taking part in this campaign. Can you give us an introduction about yourself, Vadym? How did you venture into data protection and privacy world?
First of all, I would like to say that I’m grateful for the invitation to the Swiss Cyber Forum and for being among excellent cybersecurity, data protection, and privacy experts.
My name is Vadym, and I’m a privacy and data protection manager at Grammarly. My privacy journey started at the university, where I was primarily curious about the legal, technical, and ethical aspects of finding the proper balance between the private and public interests for personal data. I started my career in the banking sector with an information security role and then moved to a privacy and data protection position in the biggest telco company in Ukraine. It was a great experience to provide privacy impact assessments for numerous data processing activities.
Probably the most exciting thing in a privacy world that keeps me curious and motivated along the way is that it is an insanely dynamic environment where every aspect of human technological and social development requires us to take into account individual privacy rights.
2. What is anything you wish you knew when you first went into a career in data protection?
I wish I realized how popular and demanding this domain will become in the future. Machine learning, Big Data Analytics, Data Science, and IoT are a few modern technologies that strongly require privacy professionals to be involved.
3. How would you summarise the ongoing compliance challenges for organisations with respect to the GDPR?
One of the critical challenges is the visibility of the ongoing data processing activities across the company. Once you identify the personal data types you process, dedicated processing activities, systems involved, and necessary risk mitigation measures, it is crucial to maintain privacy and data protection compliance.
Visibility can be achieved through organizational and technical measures. From the organizational standpoint, privacy and data protection awareness for dedicated teams is the key solution. Every employee needs to be aware that sometimes changes in the company’s data processing activities require the legal and security team’s attention. From a technical standpoint, visibility can be achieved with the help of third-party vendors that can help automate data flow maps and inventory management.
4. Considering the massive increase in cyberattacks, what do you believe will be the key trends likely to emerge in data privacy over the next 5 years?
At least two critical trends in privacy controls are likely to be prioritized in the nearest future that would have a potential impact on the level of cyber attacks: data retention and vendor management.
When a company pays much attention to data retention controls, it eventually decreases the risk of data (including credentials) being misused or even leaked. Possibly the rise of the new-generation privacy tools will also play a significant role in the way companies perform their data protection and data governance. For example, today, there is a trend in privacy tools that provide automated live data flow maps and inventories of data across the whole company that helps to increase the visibility of data circulation and further risk mitigation controls, including mature data retention procedures.
As for the vendor management controls, the assessment of the infosec and privacy posture of the third-party supplier is essential to evaluate the risks of the data being compromised.
5. What can we integrate into our daily tech habits in order to better protect our privacy?
It always depends on the specific level of privacy we would like to achieve in our lives. Today, there are many tools for controlling web tracking, such as privacy-protective search engine DuckDuckGo, privacy-focused browser Brave, extensions TrackMeNot, ShareMeNot, Ghostery, Adblock, etc. The only thing we need to pay attention to is that any tool can still block the web-tracking abilities simultaneously with the functionality of our web surfing.
As for the habits themselves, I would recommend checking the cookie settings of the websites you visit and allow only the necessary ones, and avoid those websites that do not provide such choices. Fortunately, privacy becomes a business trend today, and the technology itself offers more privacy possibilities by default.
6. How do you stay up to date with industry news and updates regarding data privacy? Feel free to share the sources/websites with us.
I would say that the better approach here is to have a big network of privacy professionals on Linkedin. I start my day by reading 3 to 5 most relevant and important articles regarding the updates in a privacy world. Specifically, I would recommend such resources as iapp.org, noyb.eu, privacyinternational.org, edpb.europa.eu, teachprivacy.com, dataprivacymanager.net, etc.
7. Last question: what is the most important piece of career advice you would like to give to people who are just getting out of university and are interested in a career in data protection and privacy?
You need to accept the fact that this domain requires constant learning. You would say that every field of knowledge requires that, but in the privacy world, the new guides, recommendations, and best practices are published almost every week, and the one who is in line with them is the one who sees actual risks and provides the best advice.
You can test your motivation this way: Are you willing or interested in reading privacy world updates during your weekends or vacations? Of course, we all need some rest time after time, but if you feel that it is just a job for you and you are not curious about what has happened in these 5, 10, or 15 days, your motivation for becoming a privacy expert is questionable.