Privacy matters all year round. But every January, Data Privacy Day is a great opportunity to learn more about data privacy and protection, and to highlight their importance for everyone in the online space.

At Opera, we take privacy very seriously. One of the ways that we ensure that privacy remains top-of-mind across all our products, is having a Data Protection Officer (DPO) on board. Our current DPO, Lillian Blackadder, is a certified privacy professional (CIPP) and has been with Opera for the past six years, working her way up from Security team intern. So we took the opportunity to interview Lillian to find out more about what the DPO role entails and how it contributes to user privacy and data protection at Opera.

What a Data Protection Officer does

As a company based in Norway, Opera follows the General Data Protection Regulation (GDPR) to safeguard our users’ online privacy. The GDPR is designed to protect personal data by setting some of the world’s strongest privacy standards. For certain organizations, this includes appointing a Data Protection Officer to help ensure those standards are met in practice.

DPOs are usually tasked with helping to ensure personal data is handled responsibly, user concerns are taken seriously, and privacy principles are applied consistently across products and services. Having a DPO means our users benefit from a dedicated role focused on protecting their rights and privacy. For Opera, it helps build trust, maintain transparency, and monitor compliance. 

Meet our DPO

So without further ado, let’s dive in and hear straight from Lillian on privacy and data protection at Opera.

Q: Opera complies with the GDPR. What does that mean for its users?

A: From a legal standpoint, it means that we are required by laws and regulations to meet certain standards enforced by the European Data Protection Board (EDPB). 

Among other things, this means that we align ourselves with the principles outlined in Article 5 of the GDPR when we process personal data, namely: 

• Lawfulness, fairness, and transparency – which means we evaluate data processing in light of the law and what is fair to the user, and we then disclose that processing publicly (for example, in our Privacy Statement); 
• Purpose limitation – meaning, we only collect and process data for a specified reason which we disclose to users, and do not further use the data for any purpose that does not align with what we initially disclosed; 
• Data minimization – we collect only the data that is necessary for the purpose we disclose;
• Accuracy – we take steps to ensure that the data we use is accurate and up-to-date;
• Storage limitation – we store the data only for as long as it is necessary to do so for the purpose we disclosed, and then delete it. Where we collect data for statistical purposes, we anonymize and aggregate it, and delete any identifiers as soon as we have the statistics we need; 
• Integrity and confidentiality – we work to ensure appropriate security and protection of data we process, and implement measures that are intended to mitigate against unauthorized access, unlawful processing, destruction or damage of the data; AND
• Accountability – we ensure that we are able to demonstrate compliance with the GDPR. 

Specifically for our users, this provides an assurance that we process data in accordance with the laws and regulations of the European Union, and that we are held responsible and accountable by regulators if what we say does not align with what we actually do. The EDPB releases information publicly on companies that fail to comply with the GDPR, so you can always check if a company has been deemed non-compliant.

Q: How do you work with Opera product teams to ensure new products preserve user privacy?

A: For the most part, my role is to review data processing plans and advise the team during product development. A solid portion of my time is dedicated to clarifying GDPR requirements and what can and cannot be done with personal data. In an ideal scenario, I try to be involved in product development early, so that I can help guide the team in the right direction before development starts. Of course, sometimes plans change abruptly and we have to respond to last-minute changes and new ideas instead. But that’s all part of the process, in the end.

Ensuring that products preserve user privacy means finding a balance between the objectives of the product team and the rights and freedoms of the users. Striking the right balance results in cool products that can be built and launched without compromising on privacy and security. 

The process requires multiple stakeholders and cooperation between different teams. Most of the time, I rely heavily on our Security team and our Legal team, as well as PR and Marketing, Business Intelligence, and Commercial.

Q: What does your typical day-to-day look like?

A: Honestly, it varies a lot from day to day. There is no real template for my days. I don’t know if that is because I prefer my work to be more reactive, or because of the nature of the business. Either way, I enjoy the unpredictability. 

My days are a combination of routine tasks like maintaining documentation, preparing training, and reviewing existing processing, and reactive efforts like responding to queries from my colleagues, filling out questionnaires from partners, or reviewing new products or services. 

Most of the time, I’m oscillating between responding to high-priority requests and working on long-term projects, dividing my time as best I can. 

Q: How do you help educate Opera teams about privacy?

A: We have standardized data protection training initiatives similar to many other companies. These are available to all employees at any time. We update that training periodically, for example when the law changes or as a result of major changes to technology (such as the introduction of AI). When that happens, we re-assign the updated training to all employees with a completion deadline and after that, it is available as needed or desired.

I also offer internal talks and workshops. This is generally my preferred way to impart information, because it tends to start the types of conversations that I enjoy the most. Some fantastic discussions have resulted from my colleagues coming up to me to talk about data protection following a talk I’ve held.

I like to think that I help provide a continuous education when people come to me with such questions. I am certainly always available for a chat, and I encourage my colleagues to come talk to me if they want to discuss data protection and privacy topics. I will happily take time out of my day for that, and I’m happy to say that I have a lot of really smart, really curious colleagues who do come to me for a chat. 

Q: What does it mean to be CIPP-certified?

A: The Certified Information Privacy Professional, or CIPP, is a certification offered by the International Association of Privacy Professionals (IAPP) and is the global industry standard for privacy professionals. There are multiple versions of it, depending on which region you want to be certified for. 

The CIPP/E is the European certification, which focuses on the GDPR and its application including important topics like data subject rights, principles for data processing and transfers, and Data Protection Impact Assessments, among others. 

For me, it was an important step when I took over the role of DPO at Opera, as it was a good way to ensure that I had the appropriate knowledge to carry out my tasks. I had already worked with data protection and privacy for some time prior, so I had a solid foundation, but it felt important to pursue the certification to complement my expertise. 

It was a way for me to navigate an admittedly complex topic in a more structured, academic manner, rather than just “on the job”. It has also added a level of accountability, since maintaining the certification requires a continued education on data protection and privacy. 

Q: How can Opera users reach you with privacy-related questions?

A: The best way to reach me is via our privacy request form. We have a team of dedicated privacy professionals who review incoming requests, which means your questions will be answered by the staff members most knowledgeable about the topic. That includes me, but we can redirect the query to other teams where necessary. It’s a way for us to ensure that our users get a response from the most appropriate source. 

Q: What do you like to do to unwind outside of work? Surely it’s not all privacy and data protection, all day long!

A: Perhaps surprisingly, I don’t spend my free time worrying too much about data protection if I can avoid it (although I can’t always avoid it). I like to maintain my work-life balance, if I can. In my time off, I like to play video games or read a good book. I’m a fantasy lover, so anything fantasy-related is likely to capture my interest. Most recently, I’ve been immersed in Assassin’s Creed: Shadows, and I’m enjoying that immersion – give me problems to solve that I don’t need to deal with in my actual life, and I’ll be happy. I played God of War: Ragnarok and Assassin’s Creed: Valhalla before that, and as a Norwegian who enjoys Norse Mythology, I had a great time. 

I also love a good book. If it’s got a map at the start or a list of terms at the end, I consider that a great sign. If it’s a series that is longer than one book, I’m almost certainly going to love it. Bonus if the weather is garbage and I can be huddled up inside under a blanket, with a nice cup of coffee. 

Aside from that, I like to go on walks with my partner whenever the weather is nice or we find something interesting to explore that is worth braving storms and snow to experience. 

And that’s a wrap!

Huge thanks to Lillian for taking time out of her busy schedule to answer our questions! But as we leave her to her important work, you can find out more about privacy and data protection at Opera by visiting our Privacy & Security home page, and reading through our Privacy Statement. And why not learn more about how to further protect your privacy by using our free and premium VPN services.

As always, stay safe out there, and happy Data Privacy Day!

data privacy daydata protectionprivacy

---