Cybernomics Radio!

Why New Companies Are Winning Against Old Giants: The Hidden Costs and Opportunities of AI

Bruyning Media

Share episode

EU's complex regulatory environment creates both challenges and opportunities for businesses navigating data privacy, financial services, and healthcare regulations across member states. 

• Significant differences exist between EU-wide regulations and country-specific implementations
• Large companies like Meta and Uber have faced multi-million Euro fines for GDPR violations
• Financial institutions struggle with innovation due to contradictory and slow-moving regulations
• Healthcare organizations often have regulations but lack enforcement, creating security risks
• AI adoption faces resistance similar to the US, though its implementation is transforming industries
• Traditional banks create separate "baby banks" with modern infrastructure to work around regulatory limitations
• Companies often underestimate marketing costs when entering EU markets due to privacy restrictions
• Red teaming employees creates privacy concerns that must be balanced with security needs
• Local legal expertise is essential when entering European markets to avoid costly compliance mistakes
• Every regulatory challenge also presents strategic opportunities for companies who understand the landscape

To learn more about Bruning Media and our services, visit bruning.com.


Josh's LinkedIn

Speaker 1:

Larissa. So this is a unique opportunity for us to get a peek into what's happening in the EU, what's going on with EU regulations, how our industries and customers especially your customers, because you know them intimately how are they responding to changes in the regulatory landscape in Europe? So, larissa, welcome to Cybernomics.

Speaker 2:

Thank you. Thank you, I'm very happy to be here, josh. Europe is a wonderful place. Where I'm living, it is like a fairy tale, full of castles, and sometimes Europe likes to have a lot of regulations and not implement it. Also, my clients usually deal around the world, so it's not Europe specific. So we interact a lot with US regulations, us customers and US requirements. So from that, perspective?

Speaker 1:

yeah, yeah, that's a really weird regulatory thing. Is you would think that the companies that are under the jurisdiction of a particular country or municipality here in the US no-transcript and handling Nigerian data and you have to get audited and now make sure that you're compliant with this Nigerian law? So is it kind of that way? You're in Luxembourg, but any company that's handling US data would also be under the jurisdiction of the US. Is that the way?

Speaker 2:

that that works. Whenever you have customers or clients that are living people, so not companies themselves, you have to be very careful with the data. Meta has a long history of getting fines from the European Union. They have themselves a wonderful hater that created all that for them, and he was actually an ex-Meta employee, so he was a PhD Max Frames he's the one that I'm talking about, and he has two European Court of Justice decisions named after him. So he went to work for META. He got grossed out by what's happening there and then, when he came back to the European Union, where he is from, he started a long war with them on the grounds of how they handle personal data, and they have been fined hundreds of millions of euros because of that.

Speaker 2:

So Nigerians are on the right path of saving themselves from the headache. Yes, as a company, you have to be very careful when you handle personal data. Why? Because it can lead to horrible, horrible situations. For example, we had a case recently where a psychiatrist disposed improperly of the patient information and all those files ended up on the streets of the city. Patient information and all those files ended up on the streets of the city. So imagine your treatment and imagine everything that a psychiatrist knows about you. Now, the entire town has access to it, so we have to be very careful, because the consequences can be dire. This is why it's so important.

Speaker 1:

Yeah, especially if it's a small town. I'm thinking of the town that I grew up in in Guyana, south America, very, very, very tiny, probably I don't know 500 people. They would love if everybody's medical history was laid out on the streets. They'd have a field day with that. But yeah, we don't want that to happen.

Speaker 1:

And you gave me a brief history and I'm going to confess something that I'm really embarrassed to confess today. I didn't know what Luxembourg was and where it was, and my first stab at it was hey, is this a city in Germany? You're like nope, it's its own country. Lesson in how some of the European countries came about right, in that they were sort of these territories and properties that lords and kings and all these people owned. So that must make, if we're fast forwarding to today, that must make regulations so much more complex, because you've got so many countries so tightly knit together, right? So how do you navigate this? Do you just come under the European Union's regulatory governance or does each country have its own regulations and how does that interact? How do they interact?

Speaker 2:

The answer is it depends. So in European Union, there are two types of regulation. There are more types, but these are the two main types of regulation that the country can be subject to. One is you have to take the law as the European Union presented it to you and you have to apply it. But again, you are allowed to have bylaws, so small little laws that help to apply that big giant law that the European Union sent your way, and that would be the case of DORA. And then you have regulation that the European Union passes and says okay, please implement this, where you have a lot more freedom in the sense that you can adapt it to your system or maybe add some spice, take up a little of it to make it more applicable for your scenario, for your situation. These are the two main types, but of course there are a lot more other mechanisms through which the European Union regulates.

Speaker 2:

But then again, european Union is made out of countries that are extremely different. So, for example, we have countries that are made up of small lands, like it's Germany, for example, that can also have their own local regulations that apply over everything. So it's very interesting how a law can come down to the person itself, through so many layers and so many ways of being adopted. This is why the law slightly differs, for example, in Holland from the law in Romania, where I was born. So there are slight differences, and this is why it's always best to work with the local lawyer and not think, oh, I will have my USS lawyer that can cover GDPR, for example, in Europe.

Speaker 2:

It might work, it might not, and the consequences we have seen. For example, the last one that I remember is Uber. Uber took an 80 million euro fine in Holland because they didn't apply GDPR as the Dutch envisioned it. So, again, using a local lawyer would have saved them from a very big fine. This is why it's very important usually to work with a local lawyer, and that's the situation also in the US, if I remember correctly, because you have the French regions like the New Orleans. They have a slightly different way of working with the law than the traditional American system that we know from movies and everything else.

Speaker 1:

So you know, that makes total sense, because I had a client in New Orleans and there was so much red tape and I'm like, what are you guys doing down there? It's just swampland. Let's just get this thing across the finish line already.

Speaker 2:

But that makes total sense, it's completely different from the rest of the United States in the sense that they have applied the law in a more European way. Let's call it so. This is why it differs so much, and the recommendation is as much as possible, work with local lawyers where you can, where you can afford that, and when we think of Uber, we think they can afford that.

Speaker 1:

They can afford it. Yeah, so what would the stack look like for a large organization in terms of okay, you need local lawyers, they probably need a GRC team, so they need a compliance person, they need someone who's going to help them do audits, they need a CISO, probably to help them navigate the security gaps once they're starting to remediate. So I'm thinking about the little guys, the smaller businesses. What would their stack of resources look like to make sure that they avoid these fines?

Speaker 2:

Because Meta and Uber can afford to pay large fines, but smaller businesses might not difficult to get 80 million Euro fine if you're a small shop, so it would be very difficult to get there. I can't imagine what would you need to do. And also, you have to take into consideration the country you will work in. For example, in Romania, the GDPR fines. I haven't seen anything more than one hundred and fifty thousand euros, so something like that, and that was for a very big bank, for a horrible bridge. So about 5,000 euros. That's something you can expect.

Speaker 2:

So even if you make a mistake, they take into consideration how many people you serve and if you did your due diligence. So if you can prove that you have due diligence and you take care of the data and you did your due diligence. So if you can prove that you have due diligence and you take care of the data and you did your best, but something happened, you will find a lot of understanding on their side. This is my experience with the European Union when it comes to fines. Of course, for big companies that sometimes maybe have been a little snotty, they will receive the big fines.

Speaker 1:

Yeah, let them pay for it and they can set the example. So as long as we're still seeing big numbers in those fines, I think it's just enough to scare the people who are handling the most data, and so maybe that's why the little guys aren't as burdened. Is there a particular industry that you feel like is more regulated and is more burdened by regulations in Europe?

Speaker 2:

There are two types of industries One that I think it's really it's burdened with regulation to the point of not functioning properly, and that's the financial industry. I worked in financial industry for about three years on the cybersecurity side, and because they have so much regulation, we end up not innovating, which creates a whole other layer of risk over everything. And then we have the medical industry, which in my eyes, should be way more fine, because they have the regulation but they are not checked if they apply it and they don't. And then we have a lot of medical data that is being stolen. So this is the paradox that I don't like we put money above our personal information and mental health.

Speaker 1:

Yeah, I wonder if that's the same in the US. I think that tracks. But the US let's take NYDFS, for example, even if you're not in New York, but you're handling any data that's passing through New York, which is the financial space, and just grill them about that, because that is a problem. I mean, what do you think is the risk of not innovating? What do you think that these regulations are stopping these companies from doing?

Speaker 2:

companies from doing.

Speaker 2:

It would be very nice to actually work with people that have worked for 20 years in the financial industry in a lot of positions before creating a new regulation, because we have cybersecurity regulation that contradicts financial system regulation, that contradicts financial system regulation, and then we are stuck in the situation where if I innovate, I need three years of approvals and testing from a regulator in order to change one piece of the system, and when I will get the approvals, that piece of the system will already be obsolete.

Speaker 2:

So the old banks are kind of stuck in using what they have and they can't really compete with a new bank that has a new core that works a lot faster, is a lot easier to maintain, doesn't have the security costs that an old core will have, and there's also this risk of an old bank creating a very hard shell on the outside. But if you manage to penetrate that and that can happen with a disgruntled employee, for example, really easily then because you can't really do much with the old pieces of infrastructure and software, you are stuck with some very mushy cybersecurity inside. So once somebody manages to get in, it's game over Working with people that have been architects in the banking system for a very long time, and when I say very long time over 20 years please thank you very much could help the regulator understand better the needs and the catastrophic system uh, somebody that works every day with that type of information and that type of systems has to deal with and that it's not really protectable, to be frank right when it comes to AI.

Speaker 1:

so, talking about innovative systems, right, ai is going to change everything overnight. It's already changing everything, but in the next year we're going to see agents, we're going to see AI creating systems, and the systems are creating systems right, and they're going to change much, much faster than the regulations are going to be able to keep up with, much faster than the regulations are going to be able to keep up with. So what that tells me is that, in Europe at least, they're on the cusp. You're on the cusp of a nightmare, at least for the bigger banks, because, let's say, the big banks and the big healthcare industries they want to adopt AI.

Speaker 1:

It's not going to work so well because two things are going to happen. One, when a small company shows up, they're going to be able to spin up systems that are so efficient and that are so fast. There's just no way that the big ships are going to be able to turn in time. So what are you seeing the big banks like? What are the big banks doing to curb that or at least to future-proof themselves from being so vulnerable to these new incoming companies?

Speaker 2:

It has already been started. A lot of traditional banks because it's so difficult to change. It's easier to create a new baby bank and try to move customers onto the new bank because it's that difficult to obtain all the approvals. So you will see every old traditional bank spawning baby banks that are new and that are shown as being online bank and that's all. So they have no physical presence anywhere, they are only online. You can create the account online, you can have everything online, you have the support online, everything online. So it has already started about three years ago and it's catching speed, because you can't bank the way you banked 30 years ago. In the days we live now, it's just not financially responsible to do it that way, because having systems that old costs money. Every transaction costs a lot of money. And then you will have the small people that have small shops that cannot afford to have a POS because the bank requires so much money for every transaction that they can't sell. So it has already started and it's going great, and what I'm seeing in the medical industry is not much. So there I expect to see the biggest progress when it comes to acquiring products that can serve the patients better.

Speaker 2:

I had a procedure done not long ago and the doctor was absolutely phenomenal and I would go to him a thousand times more. He was perfect, but everything else was horrible. It was a horrible experience. So, from paying, it was a very big payment and they expected me to make it on that morning. You know, when you go into surgery you're not your best self. Let's put it lightly. Well yeah.

Speaker 2:

And also when the payment is really big and the bank might refuse it, although you prevented them a week ago that you will make that payment. You see how nothing was prepared from my perspective for the surgery. Again, I had to have a lot of documents that I could have provided a week ago. So making a patient go through all that in the morning of surgery is not what I describe a good experience.

Speaker 1:

Well, what's the holdup? Why do you think it is that way?

Speaker 2:

Because they are used with how they worked in the traditional hospital and not private clinics. And in the traditional hospital you have to do what they tell you because it's basically free, because in Europe most of us have free health. It's not free like we pay for it from our paycheck, but it's kind of free and nobody complains because you got it for free. So why are you so upset? And they are used to putting you through whatever because you won't say much. But when you pay for it you expect a flawless experience and you know that experience is possible and it would have been easier even for them, because not dealing with the mess of a person at 6 am in the morning is is a lot easier to have a good day when you don't have to deal with 35 people like that at 6 am yeah, so is it?

Speaker 1:

so is it fair to say that the smaller clinics Smaller clinics are analogous to the small banks in terms of how, as an industry, maybe the hospital isn't able to spin up a small clinic overnight, but if you're a small doctor, you've got a small office could you spin up offices that run much more efficiently than the big hospitals, the way that you're nodding your head, so I'm going to take that as a yes.

Speaker 2:

Definitely, definitely. You have to think how much money a hospital pays to everybody else. That is not a medical person let's call them. So they are not a doctor, they are not a nurse, they don't deal with patients directly. They are not a doctor, they are not a nurse. They don't deal with patients directly, they're accountants, they try to fit you in with your schedule and so on.

Speaker 2:

So all of that it's really easy to pass on to something that's automated and I've seen my issues getting solved a lot easier with robots let's call them and chatbots than I've seen with real people. Easier with robots let's call them and chatbots than I've seen with real people, which to me was disturbing because I always wanted to believe that people have enough empathy to know that you don't call them or you don't get into their inbox because you're bored, like you actually have an issue. So it will be a lot easier because you don't have to hire, you don't have to train, you just get it, you take it out of the box and if you're a good doctor, boom, you have a clinic or a bank or a clinic.

Speaker 1:

The regulations will be favorable to you because you are introducing systems that can comply right out of the gate. Is that a good summary?

Speaker 2:

Yes, and I think there's a lot of steps that have been done to provide automations for this, even for GDPR. We have a lot of software that does this for you, so you don't have to manually send emails and when you receive a request for deletion, you don't have to manually go through everything. It is done for you. So it's already started on this front. I appreciate it a lot. I've seen some products, I've consulted on some products. Of course, we're not there yet. So maybe a year or two from now it's going to be amazing. We're not there yet, but it's getting a lot better and a lot easier to exist in this world of regulations and of craziness and new regulations every day from everywhere on the globe. So then you can have it all in one place. You get an alert, the system adapts and you can go on with your life and do what you love and you're good at and not have to be so tight about. Oh my God, am I doing the right thing with GDPR?

Speaker 1:

What does there look like you say you're not there yet? What would there look like you say you're not?

Speaker 2:

there. Yet what would there look like in a year? There would be a lot more security. The problem that I've seen lately with a lot of new automations is lack of security. So the API keys are not properly used, are not properly secured. I'm not going to go into a lot of details because it's pieces of software that everybody knows and when I inspected them I didn't feel confident in recommending them for use for my clients or for friends. So the products are not secure enough for me to trust them with my database or to trust them with anything that is truly important in the company. It works, the basic principles work, so that's very good. It can adapt, it knows how to pull information and it knows how to validate information, so it won't just smush in information from the internet. It will validate it through a person, through a lawyer or through somebody that's qualified to actually look over it. But again, we're not there yet with how flawless it should work when it's sold in a company okay, we'll talk offline.

Speaker 1:

I might have some suggestions. There's some really cool companies in the US that are doing this very thing and are really working on this problem. And two words, is it three words? Ai agents? Is that A is one word and I is another word? It's okay? So let's say three words, ai agents, and you know, okay, that's a really good segue. In the US there's this weird resistance to AI. Everybody wants to get on board with AI, but I think eliminating the human presence is very scary to people for a number of reasons. One, employees are afraid they're going to lose their jobs, which is going to happen anyways. Two, companies, vendors they don't want to scare away their clients by making the clients kind of put their trust in the Terminator. Right, that's not something that people are very wary of, ai, just in general because they've seen too many Terminator movies. So what is the general temperature of the AI climate in Europe? Are people embracing AI, whether in security or in other IT systems, or do you see that resistance as well?

Speaker 2:

Well, in my eyes, people are just as scared. People are just as scared, but I think we have formulated the premise in a wrong way. Everybody who, for example, I can't wait for it to be even more embracing the cybersecurity world and the regulations world, but we have presented it as something that will replace and we are not there yet for a lot of positions. I think it's more important for colleagues and parents and everybody in our lives to learn how to work with it, not necessarily expect it to do things. Because they try it, they expect it to work, you know, like the perfect employee. It doesn't work like that because we are not there yet and also they are very, very bad at creating prompts, so it can't read minds also. And then they are disappointed and they just say, oh my God, I don't want to be in an environment where they use AI, because I had a very bad experience with it and it's going to yes to repeat. So no, thank you, I will mind my own business. I think this is the problem.

Speaker 2:

They tried to make it as the silver bullet, and it is a silver bullet. It will become even better and it will do even more. I don't think it will take away jobs. I think the jobs will turn around in different ways. Like, yes, you will not input data in a computer, but did you want to do that anyways with your life for 30 years? I don't think so. So you would have quit the job anyways. Come on, let's be real. So you will have an even better job, an even more interesting job, because we will do even bigger and better things. So when we've created the mobile phones, the mobile phones only created more jobs and more things, because then they had apps on them and somebody had to make the apps. Then they had games on them. Somebody had to make the games. Then they had the covers that are glittery and then they had. So when you get a new thing, that will only spin up so many more other things that it won't be less jobs. I think it's going to be even more jobs that it will create.

Speaker 1:

So I think the I think the fear is that people are like, yeah, it's going to be even more jobs that it will create. So I think the I think the fear is that people are like, yeah, it's going to create more jobs, but my job is in danger. What if all I wanted to do was sit and enter data into a spreadsheet all day? I was perfectly happy with that, or at least not motivated enough to go find something else to do. Ai is going to take that job. And it's true, ai will take that job.

Speaker 2:

Yeah, yeah, but we had a really funny case. So it's happening in all directions, so it's not AI. I don't know if you know the old ways of making heat, like you had a coal thing and you took it with the shovel and you shoveled it inside a furnace and it made the school hot, for example. So there was a lady that did this for 20 years and then the school modernized and purchased a new gas installation and of course, she had no work and she insisted that somebody has to watch the new installation. There was no need and the school offered her three other positions, but no, she wanted to do that and of course, she lost the litigation because everybody told her you can't do something that doesn't exist.

Speaker 1:

You sit there and watch the gas.

Speaker 2:

Yeah, some jobs will go away. It it is what it is. Even, for example, if we take the legal jobs, so many paralegal jobs will go away. So in time, a lot of them will go away. Why? Because now we can file online a lot of things. There was a very big market. You have to go and file in person a lot of things. That was eating a lot of time, so there were a lot of paralegals doing that. You couldn't take documents out to study them at your office, so there had to be somebody that went there and did that. Now, at least in Romania, you can study it online. You don't have to go and take the file and read it in the library. It's fine. So there already are a lot of jobs that, because of the internet, have gone away, even in the legal industry. So things will change, even if we like it, even if we don't, and the best way to do it is to actually embrace change and accept that it will make our lives better.

Speaker 1:

How are your customers reacting to these changes?

Speaker 2:

I want to believe that good, because I love the changes. Are they a little scared? Everybody's a little scared because now you don't know in what direction they will take it. So you don't really know how to adapt your product so that the product still exists in five years. If I look at Google Sheets, for example, now they added a small icon called extensions where you can add JavaScript code over the Google Sheet, where you have your database and you can create a micro app that does a lot of things. So a lot of products that were doing that and they were sold as doing that will not exist anymore. So when you have a small company, you're kind of thinking, okay, am I next? Am I next that I'm going to be automated out of my small business? So there is a dose of being scared, but I also think it's normal and we just have to learn to work with it.

Speaker 1:

Awesome, great. I think your clients are in good hands, especially if you're forward-thinking, because I think there are a lot of consultants, msps, when it comes to the AI revolution and I think the clients that have a forward-thinking, steady hand at the helm will do a lot better in the long run, because people are afraid. I think that if you're in cybersecurity today and you're doing things with AI, or if you're in any tech industry and you're doing things with AI, you're part psychologist tech industry and you're doing things with AI, you're part psychologist. You have to sort of distill and break down the complexities of AI, but in a way that eases people's anxieties, makes them feel better, doesn't keep them up at night and doesn't create more problems.

Speaker 1:

No-transcript researcher was sick or had to go to an emergency or something, and so she told her team the next day we've got to get this thing done. So I want you guys to get this all done. I don't care how you do it. We need to present this research paper tomorrow. So the team said bet, we're going to use ai. They weren't using ai agents, but they were using large language models, and these AI bots, large language models, produced a very good research paper impeccable data, wonderful graphs, good visuals. The only problem was the research sources were all fake, yeah, so they had to start over from scratch and they spent weeks. I mean that was the best case scenario. Um, if the worst case scenario would have been if they went ahead with the research paper and these billions of dollars were then, uh, spent on erroneous information, so that could have. That could have. So I think it's justified. What do you think?

Speaker 2:

This is what I've mentioned before. People expect AI to be another person that can work like 200 miles per hour and it's not yet justified. It will be, but it's not yet. So if you slice work in small pieces and you have checkpoints, the chances of it being wrong are lower. This is what I'm seeing in code. So I was having fun with another friend.

Speaker 2:

An intern of ours submitted a piece of code that looked suspiciously good and well done for an intern and, of course, okay, it's AI. And I called him in like come on, I've asked you to do this, not because I need it, but because you need to learn, and I spent my time correcting this and I'm not going to correct the AI. So what did you do here? So I'm somewhat of a vibe coder. That's the danger. Everything looks very good and if you expect AI to take a task from beginning to end, it will be all wrong and fake. If you give AI small tasks and you have checkpoints, it's going to be amazing. The problem is that we are giving these Ferraris that are AIs to kids that have zero experience. So to me, that's the most dangerous thing. So you give an intern that's 21 years old and has zero experience, a Ferrari. What do you think he will do with it?

Speaker 2:

He will plunge in the first light bulb that they found yeah, and and then you will have to pull the car back and deal with the mess of the car and hope your intern it's still well enough to function right, yeah are you still alive? Intern, is there anybody? Yeah, the lights on.

Speaker 1:

Yeah, and I mean the equivalent of that is if you're fortunate um, not only if you're fortunate, but it's not. The worst case scenario is if you get fired. You know, but you're not going to fire an intern for that. I think it's just a really good opportunity for everybody to learn how to live with this new technology.

Speaker 2:

My problem is when this stupidity stacks. When this stupidity stacks, so you will see, for example, in the network, they change something in the network with AI. They don't check it, they just put it in Over that. They install some software, also half-coded with AI, god knows what's there. And when you stack so many mistakes and they are, you know, sky high the chances of it coming down in flames are huge. So the problem is not the AI. The problem is how we work with it, and we need to establish rules and checkpoints and small itsy-bitsy pieces that the AI can actually perform successfully, because it can perform successfully a lot of tasks as it is now, but it cannot take a project from beginning to end and go through it flawlessly. So that's not the case.

Speaker 1:

Do you think agents will change that?

Speaker 2:

Somewhat. I mean agents are very different because agents are coded to learn. So once you put the effort in and you try to teach them the tasks, I think they will be able to do small tasks so not coding something from beginning to end, but something small for example, reservations and putting meetings in calendar with the correct people and sending them the correct information prior to the meeting, and all that. I think they will be able to do that flawlessly once we put the effort in. But it will take a good two or three years in order to see results and financial proof that it works.

Speaker 1:

Yeah, yeah, we'll get there. Okay in the time that we have left, I want to talk about some hidden costs One, the hidden costs of red teaming your employees. Right, this is something I haven't really considered as much as I should have, but what are some of the downsides of red teaming your employees and what are some of the benefits?

Speaker 2:

One of the downside is having a very trigger happy red team, because sometimes they want to win so much that they pass the legal aspects and they forget it's their colleague we are talking about.

Speaker 2:

So that is one of the downsides. On the plus side, I think it's a good exercise because you know those marriages of 35 years when she discovers he's a serial killer and she's like I didn't know who I married and I lived with them for 35 years. Sometimes you discover some things that are crucial for the business to become healthy again, and we've had some recent examples. We had the North Korean hirings that happened and that should have never passed HR and other verifications, and we also had those cases with the FBI agents that were double agents for 20 plus years. So you don't really know who does what until you check and you know peddling through and checking employees that are of a higher level is a healthy exercise for any company that feels spied or knows that there is a high interest in their technology or their customer list or whatever. So it has a lot of benefits, and having a red team that only does that also brings a lot of benefits. But again, we have to be careful at regulations and people's privacy, so that we don't cringe that.

Speaker 1:

Yeah, yeah, so that's really interesting. I'm curious about where is that line? I mean, does private data end at the office, like you leave the office and your geolocation where you're driving to okay, that's private data. But if you've got your geolocation turned on and you're on the clock let's say you're driving from one client to another client does the organization get to claim that data as their own? So then they can essentially red team you, spy on you and see what you're doing on company time even in the european union you have the right to privacy, even during office hours.

Speaker 2:

So they are not allowed to have cameras that face your screen. They are not allowed to record your screen or to record how many clicks you took for the purpose of evaluating you. But, again, anonymous data can be collected. So if you collect the information anonymously and then you look for trends and you find some really disturbing trends like, for example, you always have some calls or you always have some contact that shouldn't happen from the company network, or you see some information that leaves the company network, that should not leave the company network, then you can investigate. So you are allowed to investigate and to dig deeper to see what's happening with your own company that is allowed. But calling somebody's mother and telling them you're calling from the hospital in their kid's name that is a director in your company to find out some information about him because you're doing an exercise, so you don't even have suspicion that is infringing that person's freedoms and that should not be treated lightly in my eyes.

Speaker 1:

So just to wrap up and close out, I wish I could talk to you for much longer, but maybe we'll have to have you back for a follow-up. But here is what I want to close with what is the number one pitfall that companies fall into when doing business in the EU? And we're talking about large, small, like what's the one thing that they keep getting wrong, that you wish they could finally get right?

Speaker 2:

Because of our privacy regulation, they underestimate how much marketing will cost and then they try to force their way through privacy regulation and it costs even more because they get a fine. So the cybersecurity and the privacy costs they have to also be evaluated from a marketing perspective, because if you have some limitations in, it would be really nice to have a holistic view. So whenever you enter a new market at first, it would be very nice to talk to a lawyer from there that can explain the biggest hurdles you have to go through, and it would be best to be there with your team. So have somebody from marketing, have somebody from sales, have somebody from HR, for example, everybody thinks in China, chinese people speak a lot of English. It's not the case, so you will have such a difficulty finding Chinese people that speak English and that can work with the cybersecurity audit and so on and so forth.

Speaker 2:

So always have somebody from there first, have a talk, have your head of departments there asking questions and only after that reassess your business strategy. Don't try to use what you have for the US, in EU or in China or in the Arabic countries, because everybody has their tweaks and, depending on how you talk with that specific lawyer, you could gain such a great advantage in the face of your competitors because you go in already knowing the pitfalls and you go in already knowing what is the advantage, because in every pitfall there's also opportunity, but it has to be presented to you. So to me that's, that's one of the biggest issues and that's where I see clients not understanding properly how how cyber security, for example, could affect their sales yeah, so talk about hidden costs.

Speaker 1:

Do you know a good lawyer?

Speaker 2:

oh I, I have a clue yeah, okay.

Speaker 1:

Well, if you're looking for a good lawyer and you're migrating your business to the eu or you're doing business in the eu, uh, call larissa and she'll hook you up with a good lawyer, all right, um, larissa, thank you so much for this time. I've gotten so much information and such a great look into the EU market and how you guys are ready. I feel like this is just the tip of the iceberg. There's so many questions that I have left. If people want to find you and they want to follow you, how could they find you?

Speaker 2:

For the moment, there's only LinkedIn.

Speaker 1:

For the moment there's only LinkedIn. I answer to everybody there, so don't be afraid to reach out. I hope in time, if and if you want to learn more about Bruning Media and what we do, check out bruningcom. Thanks for listening to this episode of Cybernomics, where we talk about the hidden costs and opportunities, and sometimes the opportunity costs of cyber. Thanks Bye.

Speaker 2:

Thank you, bye-bye.