To commemorate F-Secure’s 30th year of innovation, we’re profiling 30 of our fellows from our more than 25 offices around the globe.
Imagine living the GDPR for most of a year.
Driving F-Secure’s compliance General Data Protection Regulation, the largest update to European privacy laws in 20 years, was a full-time job for Niina Ojala — F-Secure’s Chief Export Control Officer, Security Research & Technologies — from the end of 2017 through the May 25th deadline. And this project was, as it was for every company who took compliance seriously, huge.
On an average day, she would answer dozens of questions from fellows about GDPR requirements in between attending several meetings. And the questions came from all over company — “products, sales and marketing, customer care, R&D, HR, finance, production and so on” — as everyone in the company, like everyone in the continent, was affected by these regulations.
The potential penalties from non-compliance — 20 million euros or 4% of the global revenue — along with the other repercussions in Article 58 of the regulation — warnings, reprimands, orders, limitations or bans, withdrawing certifications — are considerable in themselves. But for a cyber security and privacy company like F-Secure from a country that prioritizes protection of personal data the way Finland does, the stakes were even higher.
And so far, the results have been promising.
As Erik Andersen, who worked with Niina to help prepare F-Secure for the GDPR noted, that no matter you think of the regulation, it makes a very important point to companies — customers’ personal data belongs to customers, not the people who collect it. With that in mind, Niina found that throughout the company everybody did their best to meet the new requirements.
Niina’s path to F-Secure began in a surprisingly conventional way.
“I had been working for many years in a company that was selling automated predictive analytics when I noticed an interesting job ad in LinkedIn ‘Customer Data Manager,'” she said. “This new opportunity was interesting challenge for me to use my analytics expertise in a bigger company.”
(Yes, we do actually find fellows through LinkedIn.)
She knew a few former colleagues at F-Secure who warmly recommended the company and she soon joined up.
Though the GDPR has take up a lot of her recent focus, she also has a background and Artificial Intelligence (AI) and machine learning. Arthur C. Clarke once wrote that “Any sufficiently advanced technology is indistinguishable from magic.” And Niina finds that the “magic of AI” seems to have a some people confused.
“AI is a hype term, and many people have lots of misunderstandings about how AI can be used,” she said. “On one hand, people typically have too high expectations for the speed of implementation of AI, but on the other hand, people might not always realize the full potential of AI.”
Though F-Secure has been employing machine learning for more than a decade, she finds that the connection between AI and cyber security is still vague to a lot of people. And this leads to people thinking it can apply to almost anything that uses a model.
“People also call almost any type of analytics as AI, which is not correct.”
Yet with unstoppable digitalization and the adoption of technology like self-driving cars that rely on AI, she feels “cyber security is even more important than ever.”
She was studying math when she discovered her passion for teaching computers to think.
“When I was studying at the Helsinki University of Technology, which is now known as Aalto University, I discovered information science courses, which were really interesting to me.”
She’s come a long way from Rovaniemi, where she grew up watching the Northern Lights up in the winter sky. Now she’s most looking forward to “innovations that are related to human bodies.” She imagines that technology will soon be able to replace a malfunctioning organ, repairing broken body parts or even reverse paralysis.
“Human bodies are so complex creatures that it’s amazing to imagine how technology can enhance medicine.”
And given how much trust and privacy is required when information technology merges with medical sciences, regulations like the GDPR will only become more important.
But for now, Niina is a happy to have a little break from regulations to refresh her mind. If you spent the last year thinking about the GDPR, you might feel like jumping out of a plane, too.