Prior to completing this interview, Andreattah had just performed at the Glastonbury Festival, one of Europe's biggest contemporary performing arts events. When she is not moving crowds with her world-renowned poetry recitals, she doubles as a data protection and privacy manager at Liberty Global, one of the world's leading converged video, broadband and communications companies.
BW TechZone (finally) caught up with the multifaceted Andreattah to learn more about how she got into a career in data protection, her stance on the state of data protection and privacy in the numerous jurisdictions she has worked in, what Botswana can learn from advanced technology ecosystems, how she has managed to maintain her career for over 15 years, as well as advice for professionals coming up in her line of work!
In your own words, please tell us who Andreattah Chuma is
Andreattah is a perpetual learner, multipotentialite and a curious soul.
Briefly take us through your journey to a career in data protection and privacy
I grew an interest in data protection and privacy while I was still working as an IT auditor in Brussels at Euroclear. During those years, big data was all the rage and held promises for supporting audit work. I recall I attended a number of events on big data especially those that dealt with it from an inquiry perspective. I found myself shifting more into the data protection aspects of it which I felt were being downplayed. This was pre-GDPR. Lucky for me, I had a supportive manager who engaged this new interest so I got to support an audit, then later became the reference data protection and privacy auditor.
A former colleague in Compliance & Ethics approached me about an open position, so I applied and moved into a Data Protection and Privacy advisory role, and also part of the GDPR implementation team. On the cusp of the pandemic, I took a leap, changed industry and country and joined Liberty Global as a Data Protection and Privacy Manager in Amsterdam.
What inspired you to pursue this career path?
I have recently realized my whole career is just a rabbit hole about computers. I went to university to study them, my first job was auditing them, and then as a certified fraud examiner got obsessed with how people commit fraud through them. Then came data protection and privacy where it was about how we maintain agency/control in a world that is mainly digital. I wasn’t satisfied with that so went to law school to study Tech law and policy on how we regulate technology with society at the center.
I have been drawn to interrogation perhaps because that was largely omitted in my tech education, except in human-computer interaction where it clicked that we can choose how we shape the world. There are those who build, I prefer to be among those who guide.
Please tell us what your job entails
As a Data Protection Manager, I support the activities of the office of the Global Data Protection Officer. My main duties include providing advice and guidance to business stakeholders on data protection and privacy risks. As a key contact for Privacy by Design, I conduct and support Data Protection Impact Assessments. This includes working with local privacy teams on cross-country projects. When needed, I develop guidance and improve data protection and privacy awareness.
With my risk background, I support the privacy risk management framework. Part of my role is staying updated on the news, regulations, and case law that affect the data protection and privacy landscape and collaborating with our regulatory and policy colleagues. I also represent the Privacy team at the Cloud Center of Excellence.
In your professional opinion, for startups, how important is knowledge of laws governing data protection and privacy in the country?
Data protection laws came as a result of technological advancement that led to the proliferation of personal data. In the past decade, the pace has grown much more than in the Web 1.0 days, which is why in the continent we are slowly starting to see the enactment of data protection laws. The Malabo Convention, which is the African Union (AU) Convention on Cyber Security and Personal Data Protection, is now in force since last month following its ratification by Mauritania.
So whether in the country, the region or abroad, one cannot think of trade or innovation without data protection laws. This does not mean everyone in the startup must be an expert but that should be part of the strategy, embedded in the processes and how they build their products.
In 2021, Botswana finally put into effect the Data Protection Act of 2018. How significant do you think such legislation is for users of technology solutions and tech innovators?
For the users, whose data is why the Act exists, the success is not in the existence alone. The average person such as those in the rural areas, not just city folk must understand the rights afforded by it. Enforcement by the Information and Data Protection Commission is also key. It is going to be a culture shift for tech innovators. It won’t be as steep for those that already incorporated data protection principles, as a matter of being ethical or following global trends, in the absence of a data protection law.
Legal advice does not come cheap. How do you think tech startups, who are already struggling to stay afloat, can strike a balance between compliance with the new Act and also not breaking the bank in legal fees?
This is a fair concern for local startups who already have to compete with multinationals or incumbents with well-resourced legal teams. However, it is good to remember that behind compliance are data protection risks that can materialize as real harm to individuals. The focus shouldn’t be on striking a balance with compliance but on how best tech startups can be supported whether through awareness, trainings, clarity during implementation and free legal advice initiatives.
This concern is also not unique to Botswana. For instance, in the Multistakeholder Expert Group to the Commission 2020 Evaluation of the GDPR Report, EU SMEs highlighted that the GDPR obligations are often difficult to translate without involving consultants, which carries a cost burden.
Most local innovators have dreams of scaling their products elsewhere outside our borders, be it the SADC region, Africa or even the world. Expansion and growth come with the need for compliance with different legal and regulatory environments. With regards to this, what advice can you give to startups that have such expansion ambitions?
There is no shortcut unfortunately and part of the decision to expand should involve taking into account the regulatory landscape. Not only what exists but trends and monitoring changes, both technology and its regulation are moving quickly.
It has happened many times that a company is bankrupted by sanctions due to a breach of compliance. For data protection laws this could also transpire not only as fines but a regulator action to restrict processing which means you will not be able to provide your services. Reputational risk is also something to keep in mind as trust is not easy to get back once lost.
Machine Learning and Artificial Intelligence technologies, which are a key part of the 4IR which Botswana has ambitions of being a part of, rely on the collection of huge amounts of data, personal or otherwise, for best results. As a country, how can we ensure that we do not sacrifice privacy, which is a fundamental human right, for technological advancement?
It has been great to see a burgeoning AI ecosystem in Botswana because solutions to local problems require understanding the local context, a lot of which is neglected in the global AI discourse.
Dealing with AI risks such as privacy should not be dealt with in silo but requires a multidisciplinary approach as it is not the tech at the centre but society. Bringing in those who already support those who are vulnerable in our communities is key. Cybersecurity should also be in tow when we speak about privacy or data in general, more so for AI where cybersecurity risks manifest in different ways.
Ultimately in a population of two million tightly connected people, AI risks such as privacy, societal bias, misinformation, and political risk, can materialize in ways that could fracture our society. For example by amplifying poverty, marginalization of underrepresented ethnic groups, or destabilizing our democracy. So regulation is desirable. But I wonder if it is viable right now when most African researchers are still trying to get policymakers to understand AI outside the umbrella of 4IR. Our harms are also unique and will require sufficient funding of researchers so we end up with something that is fit for purpose.
We must still have something in place, though. For instance, high-level policies on AI governance or rules that create accountability on AI in the meantime.
Your career spans over 15 years. As a woman, what has been your experience being in the tech field over the years?
The times I found it challenging were very early in my career due to the double whammy of being both woman and young and moving in a male-dominated space. It somewhat required you to move in a specific posture, which toughens you up a bit as external audits tend to be perceived as adversarial so people test your credibility more.
In our culture, I tend to think age carries a heavy weight. At least this is what people are often comfortable saying out loud. Generally, throughout my career, I have had the privilege of being in “tech oversight” jobs which are driven by mandates or regulations. So it is often understood that it is in everyone’s best interest to work together.
If there have been challenges, how have you been able to traverse your way through them?
One thing I learnt is that people respect knowledge, or at least it remains the loudest thing in the room. So my love for learning has often been an advantage.
In Botswana, and even across the world, the involvement of women in tech, especially in senior positions, still lags behind. What do you suggest can be done to remedy this?
Firstly, I have been impressed by the Botswana telco space to see many women CEOs. This proves that the first remedy is simply making the choice to select women. It reminds me of the quote “Whatever you are not changing, you are choosing.” Career mobility is often limited when the economy doesn’t diversify or expand and this hurts women more because people stay in the same limited tech positions longer and the picture doesn’t change.
The pandemic also revealed that women have to deal with more variables while juggling professional lives. So flexibility and psychologically safe environments are key to ensuring choosing to go further is not seen as too costly.
You have spent most of your career in the diaspora. What has been your experience there compared to your time in Botswana?
My time at Deloitte as an external IT auditor was a great foundation and I still draw from it. I was part of a firm that had a lot of clients in pretty much all the sectors so there was diversity, from being at a diamond mine one week, then airline, central bank, then on the back of that learning about how paint is made in order to audit the system and so forth.
In Europe, since I’ve been fortunate to work for companies leading in their sectors, I got introduced to scale and having a front seat on how everything works in a way that would not be possible in Botswana.
I would say both experiences have expanded my view and skills in ways that complement each other.
What do you think we can learn from countries like Belgium, and the Netherlands which would be beneficial to us in growing our tech industry?
Funding and a sustainable supportive environment have to match our diversification ambitions, although I also appreciate that our low population presents its own challenges. I’ve seen enough breakthrough startups to know we are not lacking in terms of ideas and creativity.
That being said, the challenge by female founders to access funding seems to be the same.
What has been the proudest moment of your career so far?
There have been several moments, mostly it is times where there has been a crossover in my interests or passions.
When I was invited in my capacity as a certified fraud examiner to speak on GDPR at the Annual ACFE Global Conference in Las Vegas.
In 2013 I founded Tech Talk Sessions which is aimed at connecting industry and IT students on emerging topics in the digital landscape. This is something I do when I’m on holiday in Botswana and made possible with the support of the IT lecturers at the University of Botswana and industry friends and acquaintances who show up. There have been people who wrote back to inform me they are now certified fraud examiners or certified systems auditors.
Lastly, I have a poem forthcoming in the Brittle Paper’s AI anthology this summer which is quite special for me.
What’s something you know now that you wish you knew earlier in your career?
That everyone is always learning something new, at every level and every stage. It is so easy to miss this early in your career that expertise is a muscle you build over time and not overnight.
You get to see this more when it comes to emerging technologies that everyone has to figure out.
If any, what is the best advice you have received in your career?
“You are not the work you do; you are the person you are.” This is a quote from Toni Morrison. While it wasn’t directed to me, it is one of the greatest gems I resonated with and live by.
What advice can you give to young people who would like to have such longevity as you have had in a tech career?
Have a perpetual learner spirit. The pace of technological innovation demands it. Don’t be afraid to change your path. Tech is more than software engineering and everybody’s journey is different.
You will feel liberated once you grasp that you are in control of your own career.
Lastly, please share with our readers your contact details in case they want to get in touch with you.
https://www.linkedin.com/in/andreattahchuma/