Riikka Turunen, Sanoma
Riikka Turunen, Sanoma
“Data protection and privacy are fundamental human rights,” says Riikka Turunen, Director of Data Protection and Privacy at Sanoma. Data is not a new concept, it’s crawling into all of our lives as a result of the digital revolution, and as the head of Sanoma’s Privacy Program, Turunen is responsible for the implementation of corporate-wide privacy policies, guidelines and processes.
Working closely with Sanoma’s R&D, big data and analytics teams, Turunen is helping to build privacy into data management processes. She worked on ramping up the privacy programme at Nokia and prior to becoming a privacy professional, she ran technology and data-related projects as a business consultant.
Turunen presented the eight principles of privacy that were developed in 1980 – before the internet existed – by the Organisation for Economic Co-operation and Development (OECD). “If you comply with the OECD privacy principles, then you’re doing a good job,” she said. Be open and transparent, she added, and always be accurate and secure when using people’s data. Turunen also said that a proposed EU law to harmonise protection across Europe would not only increase and enhance individual privacy rights; it would also increase people’s trust in digital services.
Risks, challenges and opportunities of sharing data
Digitalisation of services enables businesses to assess how people use their products, and the 'internet of things' means that products and users communicate about people using them. “We can predict how end-users behave in the longer run,” said Turunen. In addition, sharing data between stakeholders provides a world of opportunities, but also risks and challenges. Innovation requires using data beyond the purposes for which it was initially collected and the most challenging principles in the OECD privacy principles are the collection and proposed limitations of use. “You want to find new insights and create new services from the data you have,” she said.
Turunen said most people don’t understand what ‘big data’ means; a recent survey in Finland revealed 60 per cent didn’t understand what it was. According to Turunen, consumers are burdened with too much complexity and most people don’t understand its logic. “This makes it hard to be open and transparent,” she said. “If you turn potential harm into opportunities, you can create trust with your end-users. You can demonstrate how you’re accountable for your operations and include corporate social responsibility.”
Company strategy and data strategy go together
Turunen continued to explain how Sanoma handled this complexity when it created its privacy programme; it took all the protection issues into account. “The privacy function is part of the compliance function,” she said. Turunen added that privacy professionals, such as lawyers, need to become marketing and data specialists to understand information security and to understand their clients. “One of the most important things when planning to use data is that you understand the categories of data use,” she said, adding that understanding the company strategy and the data strategy is essential for a forward-looking data policy.
Data projects are a huge change management operation
Little by little, privacy is becoming a data function. Turunen stressed the importance of identifying how to give consumers control of their own data. “You need to continually assess your existing operations to understand the potential impact on your end-users. You need to think of solutions, think of your architecture, and what kind of users you have such as anonymous users as well as users with an account or profile.”
Be ready for breaches
Putting all the users together might change sensitivity levels, said Turunen. “Be careful about planning data architecture, be ready for data security breaches, build content management systems and communicate with your customers. It’s a public affairs issue, so talk to authorities and be in line with your consumers and vendors,” she said, adding that it is a “huge change management operation which you need to be able to manage.” The director said that at the end of the day, it’s about smart data and smart privacy.