GDPR as infrastructure
After reaching an important milestone for us, obtaining GDPR certification, we spoke with Nick Borovikov, Chief intellectual property officer at afina, who led the process, about why the company chose certification instead of “sufficient” compliance.
Here’s what we learned firsthand.
1. What was the actual reason for obtaining GDPR certification?
Nick: “In the telecom industry, trust sells just as much as functionality. Often, it’s even more important. Without a formal privacy program, major brands either don’t participate, or deals get delayed at the procurement and security review stage.”
2. How did you justify the investment within the company?
Nick: “There was no need to justify anything. We framed it as a risk-reward ratio. GDPR directly affects the speed of closing deals, access to corporate clients, and our position in negotiations with operators. Incidents, leaks, or gray integrations will always be much more expensive. We want to be transparent in all aspects and not put our partners at risk.”
3. What was the most difficult from a technical point of view?
Nick: “Probably finding the balance between product utility and strict minimization was a real challenge. This requires in-depth end-to-end checks: where identifiers appear, which logs are stored longer, where data is reused. All of this needs to be taken into account and worked with.”
4. Did GDPR slow down development?
Nick: “Actually, the opposite is true. Once privacy checks became part of the SDLC, uncertainty decreased. Fewer reworks, fewer questions in the later stages.”
5. Has market positioning changed?
Nick: “Yes. We are now more confident in offering a trust-focused package: roles, DPIA triggers, sub-processors, storage, DSR procedures. This shortens deal cycles and increases trust in pilot projects.”
We decided not to disturb Nick any further as he continued his work improving afina’s products.
The conclusion of our conversation should be that GDPR, if implemented correctly, is not bureaucracy. Trust does not grow by accident. Therefore, compliance is more accurately described as strategic infrastructure and nothing else.
