The Complex World of Data Privacy: Interview with an Expert


We’ve decided to publish this data privacy interview as cybersecurity has turned into an ever-growing topic. To put it in the words of our Legal Advisor and Privacy Consultant, Nevena Temelkova: 

“Personal data protection is simply mandatory. It’s what every business owes to its clients.” 

Today at AMATAS, we sit down with Nevena Temelkova for an exclusive interview to answer some of the most pending questions professionals could have about data privacy. 

During our talk, discover: 

  • how through her career, Nevena Temelkova found her passion for challenges  
  • when northern stars intertwine between challenges, cause, and community 
  • the AMATAS journey as a continuation of vision and cause 
  • what the future of data privacy holds 
  • ideas on how to kick-start your career in this crucial field 

Find out this and so much more below. 

Turning back the clock, could you please describe your career journey so far. What role did AMATAS play in shaping your path? 

My legal career journey started in telecommunications, where I worked for 6 years. My job in this regulated and dynamic sector made me realize that challenges not only motivate me to develop professionally, but resolving them also makes me feel good. Within my previous role, I was also responsible for consulting on the application of the law requirements for ensuring privacy and personal data protection.  

In that sense, the General Data Protection Regulation turned out to be a particularly big challenge, although personal data protection regulations were not a novelty at the time. In 2018 the importance of the topic acquired new dimensions and a community of very good professionals began forming around it. Joining this community helped me a lot by presenting me with the unique chance to discuss the issues related to the implementation of the regulation. This also strengthened my interest in data privacy and protection.  

The first time I heard about AMATAS was at a conference on data protection regulations and cybersecurity, where I had the opportunity to attend a presentation by Boris Goncharov – the Information Security Visionary of the company. I was really impressed by the innovative and professional approach to the topic.  

A couple of months later, I had the opportunity to become part of the AMATAS team. I decided to travel on the AMATAS road, motivated by the unique vision of the company and its founders. Three years later, I would say that I am satisfied with my choice and pleased with the chance to work with excellent professionals. Moreover, there is a unique charm in being part of the development of a start-up company – it is more than employment, it is a cause.  

At AMATAS and the group of Ocean Investments (of which AMATAS is a part), people with global and modern visions collaborate. They see challenges as opportunities to become better and to be inspired, and I happen to share the same vision. 

Now AMATAS is behind its start-up stage: the team is several times bigger and the company has many partners. Even though AMATAS works in global markets and has significant experience, the team has kept its innovative and unique vision. 

I would say that I grew up with the company, but I am far from talking about routine because every project is associated with new challenges.  

From my very first day at AMATAS, I am inspired to develop and motivated to become a better professional together with the team. 

What’s your favorite part of the role? 

I really enjoy taking into account and analyzing the visions of different people (colleagues, other professionals, and clients) to find common intersections.  

I believe that teamwork is the engine for good results, and I am glad that in the various teams of which I am a part, we have built trust and respect. We can openly share our positions and look for the best solutions together. 

Could you please give us a peek behind the curtains – what are the main responsibilities of your role? What areas of data privacy are your key focus? 

As a legal advisor at AMATAS, I consult and participate in the implementation of applicable legal requirements for the company’s and our clients’ activities. I work on contracts, I am a part of the negotiation process, and prepare (and update) internal rules, procedures, and codes. I also manage different projects. 

As a service lead for the privacy consultancy services and DPOaaS, I provide consultations on different matters related to personal data protection:  

  • prepare policies, procedures, instructions, and recommendations 
  • conduct training(-s), audits, different assessments, and analysis 
  • handle data subject requests, requests by the supervisory authority, accountability activities, etc.  

The key focus of my role depends on the agenda, which varies in the dynamic and regulated sectors in which we work.  

Having this in mind, I am responsible for the implementation of appropriate measures for personal data protection within our clients’ and AMATAS itself’s processes. As they are all digitally oriented, I have to also ensure effective control and accountability over their application. 

In any case, the specific risks for personal data protection and the business specifics should be considered.  

With the right approach, a balance can be found between the expectations of personal data subjects and the development of business (which is also in the interest of these data subjects – in that way they can receive better services).  

Organizations’ approach toward data privacy is constantly changing – we hope for the better. In that sense, what are the most crucial mistakes which organizations could make along the way? Also, what are the biggest challenges that the industry is currently facing? 

I am not sure if it can be called a “crucial mistake” (as for me, mistakes are lessons and few things are irreversible), but my observations for omissions are that business sometimes thinks of protecting personal data at a later stage. This is somehow understandable, as companies’ priorities are to do business.  

If we put personal data protection on the agenda at the very beginning of each project, this will save us double the efforts and expenses at a later stage. We all must clearly realize that personal data protection is simply mandatory, and sooner or later it will be a priority.  

When communicating with clients, I do not like to focus on the possible sanctioning consequences of non-compliance with the regulation, but this factor should also be considered by the business – not only as financial expenses but also as a serious reputation risk.  

Businesses owe protection of rights to their customers. And it is never a waste of resources.  

If we have to convert resource investments into direct business benefits, I will say that adequate protection of personal data and ensuring transparency vis-à-vis data subjects offer a serious competitive advantage based on trust.  

Even data subjects nowadays in Bulgaria most often exercise their rights to personal data protection when other rights are affected, and this is more an expression of other negative emotions and a lack of trust.  

We shall work for building a culture of personal data protection and based on my experience I am optimistic that we are on the right way. 

What do you think the future of privacy holds? 

Hopefully, a better partnership between official bodies, businesses, and data subjects.  

For sure – new challenges related to digitalization and ePrivacy. 

To professionals out there – could you please recommend the most useful resources to stay updated regarding the changing laws and requirements (for both Europe and the US)? 

The most useful resources to stay updated are the new regulations, guidelines, statements, opinions, and practices of the official bodies and the research of privacy professionals. 

If somebody is interested in becoming a privacy consultant, where should they start?  

Аfter getting acquainted with the legal requirements, guidelines, opinions, and the practice of official bodies, I would recommend that they should get a privacy professional certificate, as well as to attend the events organized by the communities of privacy professionals.  

An internship would also be a great opportunity to gain practical experience.  

Above all, however, it is good for such a consultant to feel inspired to work on such an important topic. 

If you want to know what it’s like to work at AMATAS, read some of our previous talks with the team: 

Related Articles

Scroll to Top