From Ukraine to Vilnius: Young IT Lawyer Seeks to Bridge East and West

  • 2023-07-18

Mykolas Romeris University (MRU), in association with IT firm TeleSoftas, has launched a scholarship program specifically for Ukrainians. The inaugural scholar, Kateryna, believes her understanding of data protection and the General Data Protection Regulation (GDPR) could substantially assist Ukraine's bid for EU and NATO membership. Equipped with her new knowledge and skills, she is eager to facilitate important legal shifts in her homeland.

Journeying from a war-torn Ukraine to Lithuania was not without difficulties for Kateryna. Originally scheduled to start her studies in the fall of 2022, the relentless bombardment by the Russian army in her hometown meant she had to delay her plans. Upon her arrival in Vilnius, her scholarship awaited her.

"Living amidst constant bombings, even if you're used to it, is unnerving. The constant worry for your family and friends overshadows everything, making the thought of pursuing a Master's degree in Lithuania seem remote," admits Kateryna.

However, rather than succumbing to these circumstances, she focused on preparing for her studies in Vilnius, diligently studying European law and data protection rules. When the situation eased enough for her to leave, she felt ready for this new chapter.

"Arriving here, I was keen to dive into my studies. Living in a war zone has deepened my understanding of peace and security, shaping my perspective on IT law. I've spent hours unraveling European law and GDPR; while it was challenging, my enthusiasm for the subject and my desire to aid my country's progress kept me going," she confesses.

Throughout her studies, Kateryna closely observed the evolving IT landscape in Ukraine. She saw a growing demand for IT lawyers capable of helping companies comply with GDPR and tackle other tech-related legal issues. Her aim is to assist these companies, particularly in the IT sector, to grow while aligning with European regulations.

A particularly pertinent issue today

According to Nerijus Eimanavičius, the Chief Technology Officer (CTO) of TeleSoftas, the decision to aid Ukrainian students came swiftly when the university presented the opportunity.

"Since the start of the war, we've been committed to supporting Ukrainians in any way we can. We've provided them opportunities to work or train with us, made numerous donations, provided for Ukrainian children studying here, and volunteered in various ways. So, when asked to help students, we quickly established a scholarship for study in Lithuania," states Eimanavičius.

Eimanavičius notes that Kateryna's field of study and work aligns closely with their company's activities and reflects the very current issue of data protection online. 

"Despite the increasing stringency of data protection regulations in Europe, data leaks persist. Here in Lithuania, we face data breaches of various sizes. As Ukraine strives to join the EU, it will need to undertake considerable work in this area of expertise," the IT expert explains.

Everyday GDPR gaps

In her professional and academic journey, Kateryna has observed numerous GDPR breaches. The recurring shortcomings serve as a reminder of the extensive work needed in data protection.

"Among the most common breaches is the lack or poor drafting of a privacy policy, which leaves users in the dark about how their data is being handled. Also concerning is the frequent absence of a data map, which hinders organisations from understanding data flows, thereby increasing the risk of breaches," she discloses.

Kateryna points out that another significant breach is the inappropriate selection of legal bases for data processing. Companies often misunderstand or misuse the legal bases, leading to unlawful processing.

"The delayed response to data subjects' requests and unreliable intermediaries leading to insecure international data transfers pose threats to data security. Many organisations still lack clear procedures for informing responsible authorities when a security incident compromises personal data," adds Kateryna.

She also notes the lack of adequate data security measures, making systems vulnerable to breaches. Lastly, insufficient knowledge about data protection and GDPR compliance among employees often leads to avoidable breaches, underscoring the need for better training.