Christel Teglers, a partner in Kromann Reumert in Copenhagen, Denmark, focuses her practice on IT, data protection, and cybersecurity issues. Christel joins us today on A Little Privacy, Please!® to discuss the evolution of what it means to be a data privacy and technology lawyer—what’s changing, and what future attorneys need to succeed.
Watch this episode of A Little Privacy, Please!
Is a new generation of data privacy and technology lawyer emerging? What is changing?
What is changing is we have a digital world that is just becoming more and more regulated.
The old types of regulatory lawyers have traditionally focused on data protection and privacy. Then we have more transactional lawyers, like I used to be myself, focused on commercial contracts, outsourcing, system acquisitions, etc. But what we’re seeing now is truly a merger between those two fields.
If you want to become a modern technology and data privacy lawyer for the next 20 years, you need to be able to master multiple disciplines, covering AI, data platform economy, cybersecurity, and privacy. I encourage our young lawyers to be much more curious about the areas they haven’t worked with before.
You mention needing to have an interest in AI and other technology platforms. What skill sets should an up-and-coming data privacy lawyer have?
First and foremost, there are so many greenfields coming right now. Data protection is not new, but cybersecurity—many lawyers and businesses have struggled to get their arms around cybersecurity, and what it means when you have a legal profession and external counsel trying to be curious about what types of products we can offer. What is our role as external lawyers? When we go to clients? Is it very much the more classical compliance-related work or can we bring some value into the supply chain and management advice?
I really encourage our young lawyers to try to be calm because it’s difficult for all of us. With the new technologies and regulations coming, and all the development within the privacy area, it can be quite overwhelming. I also encourage them to stay calm and be curious because we’ll get there, and if it’s difficult for us, it’s also difficult for our competitors and clients.
Christel, a big part of your practice involves advising executives and corporate boards on their responsibility for risk management strategies and oversight governance, particularly in data privacy and cybersecurity. Can you tell us a little bit about that?
Management or executive and board members have been used to receiving reporting from the digital area or cybersecurity or IT security without involving themselves. Their liability for overseeing and supervising in their role is nothing new, but I think management has failed to realize how digital their companies are today. If they knew how exposed they were in practice, they should feel much less comfortable.
How is the EU addressing the potential personal liability of executives and board members regarding data protection and cybersecurity compliance?
We have multiple new directives within cybersecurity, AI—the whole digital space has a broad scope of regulations. And in many of those directives, it’s explicitly stated that the EU expects member states, under their national laws, can hold the top management liable and accountable for the company’s compliance with these rules. That should not be necessary because the risk management responsibility is nothing new.
I think we will see more focus on personal liability that executives and board members have. We will see much more focus on their insurances, the advice they are getting, the training or the courses they are following to limit potential liability risk.
That said, I hope, and I think, that we won’t see many cases about personal liability from members of management because that would be counterproductive. I think the EU has helped to create a sense of awareness and urgency on the part of management.