Vanessa Ling: I graduated with a law degree and began my career as a lawyer at the Brussels Bar. After 10 years, I switched to a more commercial role in an international media group, which offered me an interesting mix of law and business. In 2012, I started working at Proximus as an executive advisor, joining the legal team in 2018 when the GDPR entered into force. For me, it was the right time to move back into law, in charge of consumer protection, media rights, IP protection and privacy.
Why are you passionate about privacy?
I fell into it in 2018, but I immediately saw the importance and complexity of this domain. Privacy is about the protection of a fundamental right, and at the same time it’s at the heart of everything we do as a telco, at the heart of our innovation. So it was a challenging job, but the freedom to design new processes, establish a governance and create a team, all from scratch, made it extremely interesting. Seven years on, the domain is still growing every day: privacy is a never-ending story. When I started, there was one person working on this topic; today, my team counts 10 lawyers, supported by external help.
What was your approach to embedding privacy in the organisation’s broader governance strategy?
We first set up a privacy governance body, with representatives of the business, risk management, security, data, and so on. During our monthly sessions, we discuss data-related subjects. We subsequently designed a privacy review process using Collibra. This helps ensure we have a good intake of all initiatives – there are over a 1000 new initiatives per year! We capture them in a process that is as automated as possible. The aim is to embed privacy in our project management, building the right culture and changing the mindset for our people who have yet another issue to manage in their project. One key to success has been our community of privacy ambassadors: 120 colleagues who have voluntarily taken on a role to help build a privacy culture.
What does the Privacy Professional of the Year award mean to you?
It’s a meaningful recognition. Privacy protection is a tough job for in-house experts, who face high pressure from the business and their objectives, while dealing with data regulation compliance. I also appreciate that the award stresses the collaboration with our cyber colleagues. Fabrice Clément, who represents Proximus on the Cyber Security Coalition board, encouraged me to apply. The award has allowed me to discover the Coalition’s network. I am looking forward to working more with the Privacy Focus Group in future.
What are the main challenges ahead in privacy protection?
We are facing more, and more complex, regulation. There is even some overregulation to a certain extent, with overlapping rules and contradictions: for instance, between the GDPR and telco sector-related legislation. In a rapidly changing technology environment, it is hard to remain competitive while complying with strict regulations. A typical example is fraud prevention and detection. In order to identity customers and protect their accounts, we require large amounts of personal data. In 2025, I fully intend to work more on advocacy, to gain more flexibility in protecting our customers. We need to explain this better to both Belgian and European regulators and policy makers.