Iiris Kivikari

Senior Associate

Iiris Kivikari

Senior Associate

Share this

Dittmar & Indrenius > People > Iiris Kivikari

Focus on legal development of innovative technologies and businesses, and the strategic restructuration of data processing activities.

Iiris Kivikari is known for a dynamic and insightful approach to data protection. She advises large listed corporations and global brands.

She is a trusted lecturer for leading Finnish commercial training providers. She also teaches a course on data protection and contract law at the University of Helsinki’s Faculty of Law.

Prior to joining Dittmar & Indrenius, she gained expertise working at the Office of the Data Protection Ombudsman.

Education

University of Helsinki (LL.M., 2013)

CIPP/E 2018

Admitted to the Finnish Bar Association.

Languages

Finnish, Swedish and English

References

Latest Insights

insight
The Risky Matter of Data Protection
4 Dec 2017 With 6 months to go until the GDPR steps in, it is time to shift your focus from general risk mitigation to risk prioritization. Know Your Endgame Identifying, assessing, prioritizing and mitigating data protection risks. That is what GDPR readiness work is all about. However, with so little time left and so much to get done, it is easy to skip straight to mitigating the risk of administrative sanctions. While this course of actions is certainly necessary, it has two major flaws. What Risks Can You Live With? 1 Flaw #1: Your ultimate GDPR risk level is determined not by the risks you have taken care of but by those you have yet to tackle. Despite all your hard work, it is highly unlikely that your company can be fully GDPR compliant by 25 May 2018. This leads to the question: what risks can you live with? In order to answer that you have to know what risks you are up against. 2 And so we get to flaw #2: Administrative sanctions may not even be your biggest risk. Think: interruptions to your service, corruption of data, decline in customer trust, inflexible services… these issues may initially appear small but can, in practice, cause large damages to both you and your clients. Prioritize This leads us at D&I to believe that instead of mitigating every risk you come across and hoping you have time to fix them all, the key to GDPR success lies in prioritizing your work. Here are a few of the points we tend to focus on: Key Insights Risk: Sanctions or client distrust due to insufficient proof of data protection work Solution: Accountability check list – The GDPR summarized in one word: "accountability". Ensure that you have a clear and thorough step plan on how to get your documents and processes in order so that when your clients or the regulatory authority come knocking on your door you have something to show for your work. Risk: Damages due to service provider actions or omissions Solution: Processor management controls – With service providers playing such a key role in the processing of your data, keeping them in check is a top priority. To do that you need data processing terms, processor selection criteria, and audit processes – just to name a few. Risk: Damages caused by human error Solution: Awareness training and allocation of responsibilities – Not everyone has to be a data protection expert, but everyone needs to know (a) when to ask questions, (b) and whom to turn to.

Share this

Dittmar & Indrenius