Tripti: 00:00

You know, we don't like investing in ourselves. But my husband really made it a point, you know, that I do invest in myself, take up those trainings, those courses, and I think I have done decently well for myself, to be honest. And it has really helped me. Without these trainings and these courses, I don't think I would have, you know, been able to really understand the essence of data protection. And I think I'm in a pretty happy space right now. It would not have happened if I had not taken those branches.

Intro: 00:25

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro: 00:31

Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch progress and excel your career as a privacy pro.

Intro: 00:42

Hear about the latest news and developments in the world of privacy.

Intro: 00:46

Discover fascinating insights from leading global privacy.

Intro: 00:50

Professionals and hear real stories and top tips from the people who've been where you want to get to.

Intro: 00:57

We're an official IAPP training partner.

Intro: 01:00

We've trained people in over 137 countries and counting.

Intro: 01:05

So whether you're thinking about starting a career in data privacy or you are an experienced professional, this is the podcast for you.

Jamilla: 01:19

Hi everyone, and welcome to the Privacy Pros Academy podcast. My name is Jamilla, and I'm a data privacy analyst at Kazient Privacy Experts. I'm primarily responsible for conducting research on current and upcoming legislation as well as any key developments and any decisions by supervisory authorities. And I'm also the host of this wonderful Privacy Pros Academy podcast. My co-host today is Jamal Ahmed. Jamal is a Fellow of Information Privacy and CEO at Kazient Privacy Experts. Jamal is an established and comprehensively qualified privacy professional with a demonstrable track record solving, enterprise-wide data privacy and data security challenges for SMEs through complex global organizations. He is a Certified Information Privacy Manager, Certified Information Privacy Professional, Certified EU GDPR practitioner, Master NLP practitioner, Prince II practitioner. And he holds a Bachelor of Arts in Business with Law. He is a revered global privacy thought leader, world class trainer and published author for publications such as Thompson, Reuters, the Independent, Euro News, as well as numerous industry publications. Jamal makes regular appearances on the media, on television, radio and in print, and has been dubbed the King of GDPR by the BBC. To date, he has provided privacy and GDPR compliance solutions to organisations across six continents and in over 30 jurisdictions, helping to safeguard the personal data of over a billion data subjects worldwide. Thank you for joining us today, Jamal.

Jamal: 02:46

p three best GDPR podcasts of: 2021

Jamilla: 04:02

Yes, I too am very excited to speak with our guests today. So Tripti Dart is a partner in, Reina Legal LLP India. She heads up the data protection and privacy practice for India and the Middle East.

Tripti is a Fellow of Information Privacy (FIP) as conferred by International Association of Privacy Professionals (IAPP). She is also a trainer for the DSCI Certified Privacy Professional (DCPP) certification. She holds B.A., LL.B. (Hons.) from NALSAR University of Law, Hyderabad, a premier law school of India and completed her Executive Education Programme at Said Business School, University of Oxford. Tripti has over 10 years’ experience and regularly advises clients in the sectors of TMT, healthcare, FinTech and FMCG. Tripti is also a technical/ policy expert at AI Policy Exchange, Institute of Public Policy, National Law School of India University, Bangalore. Wow, what a bio. Welcome Tripti. Great to have you today.

Tripti: 04:58

Hi, Jamilla. Thank you so much. Thank you for this lovely introduction. And thank you, Jamal, for having me on this podcast. It's a pleasure, actually to be talking to all of you, both of you and to the larger audience. So thanks again for having me.

Jamilla: 05:11

Thank you so much for joining us.

Jamal: 05:13

It's our privilege to have you on this platform, Tripti. And I think so far, you are our furthest guest geographically away. In fact, I think you’re quite far away from us on the other side in India. So it's really lovely to reach out on board because one thing that I've noticed, especially from the activity in my LinkedIn, is the Indian appetite for data privacy and data privacy professionals it's increasing like nowhere else in the world. And there are so many people really now starting to look at pursuing CIPP certifications, and there are so many consultancies based in India that really provide a respectable workforce to really tackle data privacy in all areas of the world. And it actually makes sense to see why people are so hungry for data privacy knowledge. And I know you are one of the leaders and the forerunners when it comes to data privacy in India, and I really want to recognize and thank you for everything that you're doing in that space, especially in the geographic region you are right now.

Tripti: 06:10

e ignored for long. And since: 2018

Jamal: 07:32

And one of the things I'm really grateful and fortunate to the International Association of Privacy Professionals is we're actually in a position to be able to offer people to come and mentor and train with us through the official CIPPE, the CIPM, and the CIPT. We've had a number of cohorts from India who are doing really well. One great example was a gentleman by the name of Sahid Ahmed. He joined our program one weekend, and then he phoned me for a bit of mentoring, a little bit off of that, and he's now posted a really nice thank you message to me saying he's got himself a career as data privacy manager with a leading company M&G. I used to work for M&G in a project, so I'm really happy with the results that some of our Indian mentees are getting out there. I wanted to ask you a little bit about the appetite for data privacy laws in India. As we know, there is something happening in government right now, but we believe there's a little bit of resistance or it's got stuck there, from my understanding. Can you tell us a little bit more about what's actually happening?

Tripti: 08:28

to privacy, that was only in: 2017

Jamal: 10:18

What do you think it means for India moving forward? When this does become introduced?

Tripti: 10:25

my personal experience since: 2019

Jamal: 12:18

Thank you for sharing. And I really resonate with what you're saying about privacy not being seen as a context in the Indian subcontinent. Last year, I was at a delegation. It's funny, you have the Houses of Parliament behind you. So I was at the House of Parliament with a delegation that came from Bangladesh, and they're looking here to bring digital Bangladesh to do business with the UK when it comes to digitalisation of businesses. And one thing that really came up as a sticking point was data privacy. And they're like, Jamal, you keep talking about data privacy. Data privacy. Like, I don't understand what it is you're talking about. The people in my country, the people I know, they would be willing to give up their privacy rights, their grandfather's privacy rights, and their forefather's privacy rights to download one free song.

Tripti: 12:58

That's true. That is true. Freebies.

Jama: 13:01

It's interesting because when you take that and then you couple it with what Jose says in his podcast, he talks about privacy sometimes, it's quite a cultural thing. What do you have to say about that?

Tripti: 13:10

You're right, privacy as a concept is a cultural thing. But that does not mean that we cannot inculcate the culture of privacy in Indian subcontinent and in the organizations, because ultimately there have to be certain pointers that will have to be communicated to both companies and people. A, your data privacy for a company, for instance, is directly linked with their goodwill. If you're found to have had a breach, your goodwill goes for a toss. And I think every company would understand that goodwill is an intangible asset, and it is a very important part. B, it really gives you a competitive advantage. So, for instance, we've just had a massive data breach in Domino's, and trust me, every Indian would have ordered from Domino's, and there are many people whose data has been leaked. So, as I said, culture of privacy can be inculcated by making certain points. Secondly, coming on to the data subjects, I think they do resist and as you rightly said that we would do anything. If I need a particular report and I am asked to trade in some personal information for me, I may do so as well. But I may do so because I may not be aware of what would ensue if I take that action because it is not in common knowledge that it is not just the personal data that is collected at source, which is used by companies the way they want to. But there's also behavioural pattern, for instance, that is analysed and brought to the front. It again goes back to sensitization and of constantly telling companies, constantly telling data subjects, both the parties, that there are certain aspects of it that you do not realize. Now, for instance, even if you talk about data processors and controllers, the people whom I deal with, they may not know what is happening. They may say that, no, we don't collect any personal data. But when I asked them, does your website or your app collect IP address, for instance, they'll say yes. So they do not know that IP address may also constitute person data, finesses like that we are going to reach there. It may take some time because we are also huge in numbers, but we are trying our best.

Jamal: 14:54

But having said that, to be fair, one thing I noticed earlier on this year was when Facebook announced their updates to their WhatsApp development, and I think they seriously misunderstood how much people actually value their right to privacy or the perceived right to privacy. When it first came out, I reached out to Pedro and I said, Pedro, I think we need to give a little bit more information here, because there was a lot of misinformation going on. And they were like, no, no, it's fine. I don't really bother too much about privacy in those parts of the world. But a week later, I saw Facebook take out a front-page advert on nearly everything on newspaper and they really had underestimated and misunderstood how seriously people are now taking their data privacy.

Tripti: 15:32

And that is a result of sensitization, and that is also a result of having certain editorial pieces in newspapers or in magazine immediately after such a thing happens, because once you let two or three weeks pass off, the entire thing dies down. So we have to be at it. We have to solve doubts that people may have in their minds. We have to tell them, okay, this is what they mean, and if you truly understand the terms and you are okay with it, only then you should go ahead and say yes to a privacy policy be it WhatsApp, be it Facebook or be something else. So, yes, you know, as you said we’re slowly reaching somewhere.

Jamilla: 16:05

It's a very fascinating so I've just been sitting here listening. I forgot that I'm hosting, and I have to talk. But one thing you mentioned at the very beginning Tripti, you said that you found that especially engineers are interested in going into data privacy. From what I've seen, a lot of lawyers and people from a law background go into state privacy. So why is it that you think that engineers are now interested in data privacy and data protection?

Tripti: 16:28

It’s peculiar to India to be honest. I see a lot of lawyers in privacy in the United States and in UK as well. But in India, what happens is the understanding is that the CXO or the CTO is the main guy, and below him the entire IT team sits. Now, India is very big on cybersecurity, and they inadvertently read data privacy as a subset of cybersecurity and something that should sit within cyber security, which is not the case, to be very honest. And that precludes lawyers or risk professionals or other perhaps people who need not be really qualified in something else to be welcomed into these departments. Because if I'm a privacy pro, if I'm qualified and I'm looking for a job, but the job description says that you must mandatorily have a BTech, a bachelor's in technology degree. And on top of that, you ask for CIPPE, CIPM, my chances are lost, right? Again, it is because of the fact that India or Indian subcontinent are big in IT or cybersecurity and not just data privacy. And they see data privacy as an ancillary thing, not something on its own. This is a trend that I've seen in India, and there is a resistance from a lot of senior technology officers or CXOs to change it, to be very honest. And that is also because they may be right to a certain extent. I'm not really sure what their entire argument is. That is also because they feel that somebody who comes from a tech background will have a greater understanding of the systems, and then he or she would apply their knowledge pertaining to privacy on those systems compared to lawyer, perhaps like me who will ask questions and try to understand the systems first and then try and so again. This is very peculiar of India.

Jamilla: 18:01

Do you think it will change or be the same as the US and the UK or do you think the US and the UK will change to be more like the Indian subcontinent?

Tripti: 18:08

Honestly, I think it should change in India. A, I'm selfish, I am a lawyer, it should change in India. B, I'll tell you what is happening. Since in the absence of a legislation, there are only certain guidance and principles that perhaps techies are able to apply, if I may say so, to their systems. But once a legislation like GDPR or CCPA or the other legislation comes into place in India as well, there will be a greater task of also interpreting what the laws and principles are saying. For instance, there's this ISO 27,001 standard that you have to implement. There is more to it when you get a legislation on your hand and see, a good privacy team is a team that comprises of inputs from your tech team, your sales, your marketing, your finance, your risk, your legal as well. So, not to say that only lawyers should be privacy professionals, but at least they should be actively involved. Currently in India, I don't see that much of it happening, to be very honest. And I hope that we slowly change. I don't mean to say that privacy should stay within the legal department, but there has to be a very balanced and homogenized segment, if I'm saying so.

Jamal: 19:12

Absolutely, I couldn't agree with you more. There needs to be some synergy across the different stakeholders and elements of the business to really make sure that we get the results that we need for the clients and that actually people enjoy the rights and freedoms that the law promises. Okay, that was really interesting insight into how things are, I think.

Jamilla: 19:28

We were so excited to talk to you and find out more about India. We forgot to do an ice breaker with you. We just jumped straight in. So now I'm going to go back to the icebreaker. So the ice breaker question if you could only eat one meal for the rest of your life, what would it be?

Tripti: 19:42

Rajma chawal. I don't know if everyone would understand what Rajma chawal is. Perhaps Jamal does, I don't know. I think Rajma Chawal is something I can eat for the rest of my life.

Jamal: 19:50

What is that?

Tripti: 19:51

So Rajma Chawal, Chawal means rice and Rajma is those red beans and you make a curry out of rajma. So Rajma is a thick curry along with rice. Since I'm an Indian, so big on curry. Beans, curry and rice is something I can eat all day.

Jamilla: 20:07

Sounds delicious. Now I’m hungry.

Jamilla: 20:11

Thank you for that Tripti. We know that you are a lawyer by profession. But what first sparked your interest in data privacy? Why data privacy?

Tripti: 20:20

er here in India. This was in: 2016

Jamal: 20:42

Just to come in there for our listeners who are not familiar with the acronyms TMT, can you just explain what TMT is?

Tripti: 20:47

a lot of buzz around GDPR in: 2016

Jamal: 22:33

Cool. And what is your favourite thing about working in data privacy?

Tripti: 22:36

Whenever I thought of doing law, I wanted to do something for the people and I wanted to see to it that justice happens. The question was what about those sections of the society on whom there is an obligation to be just to the people at large? Is there any guidance to them? I think data protection and privacy is a field that really nicely and very well guided companies, the data controllers, data processors, and it is once these companies are apprised of the law and to make them understand the entire regime, you are playing your part in seeing that justice is done effectively. I will not say that I don't want to be like a tax lawyer or a personal injury lawyer that once something long happens, I go and take the company to court. That is perhaps one aspect of it. I would love to do it, but that doesn't happen much in India. But I would also want to guide the companies on how to be compliant. Data privacy is a business enabler and that business enabling part will happen when I do my part well. So this is what actually attracted me to data protection and privacy. I get the opportunity to sensitize companies, to help them be compliant with the law, which I saw was very good. And privacy program management is all about it. This is what really sparked my interest.

Jamal: 23:41

I really love the fact that you see and you perceive data privacy as a business enabler rather than a business blocker, which sometimes people can see, especially when they come from the legal sector that you have that positive approach to and you actually see the benefits and the competitive advantage that it can bring for businesses. So that's awesome. What are you most proud of in your career so far?

Tripti: 24:03

I’m most proud of the fact that I got made partner in like seven years of my practice. I'm very proud of the fact being a partner is not just about the designation. It also means that you are mature enough to lead a team, to also deal directly with clients. And as I said, it has been a dream of mine to help out companies in being compliant, whether be it indirect taxation or be data protection, be it general law as well. When I say become partner means that I have truly realized my potential and have gone out and helped companies be compliant. That is one of the highest moment that I've had in the country.

Jamilla: 24:36

It's really amazing. It's not selfish at all, it's great. You should really be proud of that. What advice would you give to someone who is starting out in the sector?

Tripti: 24:45

The advice is read, read, read. And not just something that is very peculiar to your own geography, but across the world. So, you know, if I were to only read about India, I would not know anything. Not to say that I know a lot about privacy, but no matter where you are, an aspiring privacy professional has to read about all the jurisdictions. And that is simply because of the fact that the data protection principles, data privacy principles, remain the same. It is only a matter of interpretation and a matter of cultural thing in a country. I take every opportunity to read up on what is happening in Europe, what is happening in United States, Canada, Australia, because reading is the key. You will not realize but after a year of reading, reading you will be equipped with a lot of technical, knowhow a lot of skills when you're facing the client. And you'll also be able to tell them what could possibly be the blind spot. And that only happens when you read. And then you realize that, okay, say, for instance, if the ICO initially said that we would go ahead and find Marriott or British Airways to the extent of X amount, but when the final order came in, why did the fine go down? We must read as to why did that happen. If there were any mitigating circumstances, for instance, not only in these cases, but in other cases from other geographies, you will be able to tell your clients not to say that you would want to advise your clients and tell them, okay, you have a loophole, and you should exploit it. But if you have to provide effective counsel, you have to comprehend situations, you have to see how the law was applied in certain other cases as well, and then provide customized solutions to your clients. So if someone has to become a privacy professional, they have to read, and they have to read internationally. This is my advice.

Jamal: 26:22

Absolutely. That is great advice. So be well read. And one of the things that I've noticed is that there are other people who read, especially in the subcontinent, people can lock themselves up in a room and read for, like, 18 hours. Problem is, when they come back and join the real world, sometimes they get lost in the book. And when they're having actual conversations with Privacy Pros across the platform so let's just say our Facebook Privacy Pros community or a WhatsApp group or a Signal group, the default answer seems to be copying and pasting text or paragraphs they memorized. The businesses don't respond to you regurgitating the article or something that you've read. They actually want to understand what it means in practice. And the challenge sometimes with just sticking to reading or studying alone, rather than going through some kind of formal training or mentoring program, is that the application of that gets lost, and you become somebody who's just spewing out copy and pasted paragraphs.

Tripti: 27:17

what I have done way back in: 2019

Jamal: 29:25

Thank you very much for sharing. And I completely agree with you. One of the things that I'm really pleased about is being able to offer the IAPP training virtually to people in India without you having now to go to travel to Europe and takes out all of that burden of traveling and having to book flights and thinking about all of those things. And we can bring that into the Indian market at a very realistic and affordable price. In fact, one of the promotions we've got right now is we're not actually charging anything for the training. We’re just saying cover the IAPP fees, really help people in India to get on board in data privacy because of such a huge demand. And we need to train people quickly and the other resources that we have available for people is we have our Facebook community, so the Privacy Pros Academy. And that's where we create a platform for people to come and learn from each other's experiences, asked the questions. And in fact, every Friday I go and I do a half an hour live training where I look at the questions that come in, I give them sample questions, and then we discuss the answers and all the privacy implications. And we found that that's really helping people. So these are some of the things that we're doing to give back to aspiring privacy pros in the privacy pro industry. And I'm so grateful for you to come and join onto this to help us give that value back as well.

Tripti: 30:35

Really, Jamal, this is the need of the hour. We really need training, and thanks to pandemic, if I may say so, academies like yours who are offering online courses. And it really helps, trust me, because as you know, Indians, we are always up for gaining knowledge, grabbing knowledge. So this definitely is going to help a lot. And as I said, even when I have been done a lot of courses in the past and a half year, had I known about privacy pro, I would have, definitely. But you know, what is stopping me now from going and signing up for a course at Privacy Pro? I'll do that. I'll definitely very shortly I'll sign up for one of the courses.

Jamal: 31:07

We’ll keep an eye out for you Tripti. Maybe you can help us teach some of our courses.

Tripti: 31:11

Oh, sure. That'll be a pleasure.

Jamal: 31:13

Awesome.

Jamilla: 31:14

We've spoken a little bit about the impact of the pandemic. So what do you think of the Vaccine Passports initiative that might be introduced worldwide as a result of the pandemic? What are your thoughts on that?

Tripti: 31:26

I do understand that there is perhaps a larger need of, if I may say so, monitoring a person, because a lot of countries feel that countries like India are bringing variants of COVID-19. For instance, Canada feels so, you know, that a lot of variants of COVID-19 have been brought to Canada by India, etcetera. So they may be right in their own way to introduce Vaccine Passports, but all of this has to be done strictly in view of an incompliance of the privacy principles. Now, how will that happen and whether or not it is possible to go ahead and have such a mechanism, that is for the privacy pros to actually figure out. All the privacy pros in those countries, it is more of a policy thing because again, for instance, India's still struggling with COVID-19. It would be unfair only on that basis if I ask other countries who are doing well as them not to introduce vaccination passports and tell them that please don't go ahead and check the status because we've hardly had even one dose of vaccine in India. But as I said, I don't believe in the fact that things can either be black or white. You have to meet midway. And meeting of midway is to be compliant with data protection and privacy principles and to be compliant with the legislation that you have incorporated in your own country. Yes, it may take some time. The only problem that I saw, even with contact tracing apps, was the government wanted to do something quickly. And that was the argument that they used in saying, since we want to do something quickly, we cannot be compliant with data privacy principles. That worries me, that is bothersome to me. Just because you have a time frame doesn't mean that you can compromise on the data protection aspects. So, yes, something has to be done and you have to meet midway. But I think a lot of time has elapsed since the pandemic happened. And by now, people who were in charge of designing a vaccination passport programs in their own country would now perhaps know how to be privacy and data protection compliant.

Jamal: 33:25

It's no secret I'm very outspoken on my views when it comes to COVID passports. And I'm completely against the centralized collection of people's health information for such purposes. And we've seen before pandemics have come in the world, we've had Ebola, we've had viruses, we have measures in place. You go and you get your jobs, you have a certificate, a paper certificate, and you present that at the airport, or you present that when you apply for your visa. And that's been working adequately and appropriately. I don't see any reason why that can't continue to work moving forward. And I'm really against how that information might be used and how the purpose creep of such a system and technology. Now that we have it in place, why don't we use it for extra reasons? And we've seen that purpose scope, and sadly, in the UK, we've actually seen the UK government fails to get it right when it comes to all things data privacy. We had a look at the NHS test and trace program. Billions of public money, taxpayers money wasted. We had to look at the second attempt, and now there was talks of bringing a digital vaccination passport where we're trying to create effectively what could be a two tier society based on those who have the jab and those who have not had the jab. It really opens up for discrimination, depending on the kind of people who are more likely to take the jab, on what should be an informed choice. And I have spoken to many people who are taking the immunization, even though they believe it's something that could harm them, because they want the freedoms to be able to travel and go and see their family in other parts of the world. We find ourselves with very important challenges when it comes to data privacy. And we have to make sure, as privacy professionals, that we're standing up for the rights and freedoms of the data subjects whilst being enablers for business, for government and for global trade and travel, I guess.

Tripti: 35:13

Right so you pointed out a couple of very important things. A, use limitation, B, purpose limitation C, to add to it, we should also have a sunset clause. So, as I said, it is not that you cannot go ahead and have a vaccination passports if you actually do comply with the law. But the thing is that a lot, many times perhaps, the governmental agencies takes such projects as an excuse to compromise the data privacy of data subjects. Now, that should not happen. But again, like I said, I do agree with your view and understand what you are saying, that in the past we've had SARS and Ebola and nothing of that sort really came up. So why is it that we are being pushed for something of this sort this time? So, yes, this needs to be seen and this needs to be analysed and yes, also opposed. Because, for example, when India came up with Arrogance two app, it's contact tracing app, there were many flaws. There were many, many flaws. Flaws to the extent that the government was saying that there is no data controller, I am not the data controller in this case and there is no data controller effectively saying that the data subjects don't have a remedy at all. But because there was a lot of public advocacy, , et cetera, et cetera, they did have to succumb and they did put appropriate clauses in place. Pathways said that it should be voluntary. Absolutely. The thing is that the very basis of data protection is it should be voluntary in nature. And your consent, the standard of consent that is demanded is very high. It cannot wait, it has to be clearly understood, it should be crisp, it should be crystal clear and not just something that you are required by the government to do. I think you have touched upon all the important points in what you're saying, Jamal.

Jamal: 36:50

Thank you. I'm glad we agree and see to eye on some things because you can easily have a very lengthy debate if we were on two ends of the spectrum. But it's good to see that we are very pragmatic and positive and we're really interested in actual principles of data privacy and we're practicing exactly what we preach. Tripti, what's your most memorable client story?

Tripti: 37:11

Very recently we tried pitching a host of services to a client and we made them understand that you have to start from data mapping, you have to have a ROPA, you have to have a privacy policy in place, agreements, et cetera, the entire landscape. And we had a very lengthy discussion with them, obviously online. They came back to us and told us that we are going with someone else and we will not be able to go ahead with you, but you are fine. So, four or five months post that they come up to us and ask us to draft a very basic thing for them, a very basic document. And I was very surprised. I asked them, I thought you went with somebody else, and did they not take care of this aspect? And trust me, Jamal, it was the first aspect, and I am not revealing it is because the client will come to know who I am talking about. But it was like the first step in data protection privacy. And they said no. And I was like, okay, I really don't know what this person sold you, but I was really taken aback. But yeah, this happens all the time. Something as small as a privacy policy will not be in place, but as everything else would have been done in an organization.

Jamal: 38:12

Thank you for sharing.

Jamilla: 38:15

You told us a little bit about the data privacy industry in India and the kind of attitude towards data privacy there within your work. You also covered the Middle East. So what's the attitude towards data privacy there?

Tripti: 38:27

I have seen that Middle East is far more welcoming, if I may say so, than India on the whole. And when we say India, we should not only think of big tech companies, because they don't constitute all of India. But I personally felt that UAE, both Dubai and Abu Dhabi, to be specific, they are far more welcoming of data privacy and data protection principles. That is also because for instance, DIFC and ADGM, they have entered into MoUs with specific countries. For instance, the IFC has an MoU with I think ICO. They have had a legislation, data privacy legislation from before, I think it's been quite so many years, because they also followed the directive before GDPR. So what has happened is that the Middle East, or in particular, UAE is ahead of us, is because the inculcation of that culture started perhaps 10,15 years before India. To be very honest, from a legal perspective, not just the tech aspect of the cybersecurity aspect, India may lead on that. But in so far as the data privacy aspect, the compliance with the legislation aspect is concerned, they are far ahead of us. Similarly, other countries like Bahrain, if you see that Bahrain already has a legislation in place, so there is some sort of a recognition. Now it's a separate matter whether the law is being implemented, whether do they have an authority or not, or have they incorporated punishment wherein, your executives have to go to jail, etcetera. That is separate matter. But they do realize, and they have been successful in having a law in place in Bahrain, Qatar as well. So is DIFC, the ADGM and I know for a fact that UAE will also have a national legislation very soon. Again, we go back to the culture aspect. They have had this cultural inculcation for some time now. And if I may extend our argument why this has also happened is because they are open to foreign law firms having offices in Dubai, which India is not. So we have developed some sort of resistance to foreign law firms. I don't know why. There's some sort of phobia which I hope will get solved soon. I'm sure that the governments of India has its own reasons, and they have many times advocated, they have communicated as to why do they feel that India is not yet open, is not yet ready for foreign outcomes. But I think that is where Middle East has an edge over us because they have that expertise directly handed out to them by the virtue of them having these foreign law firms offices. This is what I saw.

Jamal: 40:42

Yes, thank you for sharing. Very insightful and now we can see that the Abu Dhabi global markets, for example, they are taking data privacy very seriously. And we can see there is an increased appetite in data privacy all over the Middle East, because we can see that there are lots of consultants going there and recruiting specifically for data privacy teams. And we have some of those individuals in our community who are actually looking to take on talent from other parts of the world and bring them into the Middle East for that. I look forward to helping find some good talent through our academy. I know a lot of members of our academy are quite interested in actually traveling to the Middle East for that. I'm really looking forward to sharing their transformation journeys and allowing that to happen as well.

Tripti: 41:23

Jamal, since you are based in UK, I would like to know your perspective on how India is shaping up insofar as data protection and privacy is concerned, because we really need to move ahead. We need to have a helicopter view, so to speak. Being from within the system, it's very difficult to know the flaws or to know any positive. So what would your views be and how do you think India should go ahead with its data protection implementation, etc.

Jamal: 41:45

The most important thing is, as you mentioned earlier during the podcast, is exposing people to the idea that they have a right to privacy. And that is something that should be valued. And just because you don't have something to hide, you wouldn't want somebody to say just because you feel like you don't have something to say, you don't have the right to freedom of expression. And I think it was Edward Snowden who really summed it up well in that call. He said, saying I don't care about the right to privacy because I've got nothing to hide, is exactly the same as saying, I don't care about freedom of speech because I've got nothing to say. And when you put it in that context, it really brings it home. I think the most important thing really is across the whole of the South Asian continent, is to bring up that awareness that, look, data privacy, this is why it's important. This is why it should mean something to you. This is why you should value your right to privacy. Moving forward this is how it could really start impacting you. What we've seen is a very crazy shift in the way technology is starting to be introduced and being used by all the people in most of these populations and for example in Bangladesh. And a lot of things are done by telecommunications, by people's mobile phones and apps and technology, they've become very reliant on that. And as you said earlier Tripti, perhaps every single Indian has ordered something from Domino's and given them the payment information. So we can start seeing that now that we are moving towards a more digitalised economy, these things could have serious implications. It leaves a lot of people very vulnerable and it's very important to understand it's actually time to start taking care of these things and start looking after them. What I've noticed is that there is a growing appetite for people to learn more about IAPP certifications and how to really put themselves in a position where they can have a career in data privacy. But what I see lacking is the appetite to actually invest in themselves, invest in their own personal development, to really understand how to go and make a difference rather than I wake up, I go and do a job and I get paid for it. Like igniting that passion for privacy. And that's what I'm really looking forward to doing, igniting that passion so that people actually get it not from here their head, but also from their heart. Like privacy is something to be passionate about and I should really care about people's rights and freedoms so that I can do a good job and become a business enabler. Because when you get data privacy right for your clients, not only does it help to inspire confidence in the stakeholders, but it also helps them to gain that trust and of course, it helps them to secure and win more business and really protects them from any reputational damage, unnecessary enforcement action or civil fines.

Tripti: 44:12

If I may please add to what you just mentioned, the part of investing in oneself. I am one of them who's been guilty of it. I must at this juncture, thank my husband. He's the one who made me see it because again, Indian subcontinent we don't want to spend a dime. I must admit that we don't like investing in ourselves. But my husband really made it a point that I go ahead, as you rightly said, invest in myself, take up those trainings, those courses. And I think I have done decently well for myself, to be honest. And it has really helped me. Without these trainings and these courses, I don't think I would have been able to really understand the essence of data protection. And I think I'm in a pretty happy space right now. It would not have happened if I had not taken those branches. I tend to agree with what you're saying.

Jamal: 44:52

Absolutely. And you remember when we were introduced by a mutual friend? Tell me about how you got the certification. Did you learn how to pass an exam or did you go through the training and then you tell me No, I've invested in the training, I came out to Europe and I was like, yes, you'd make an excellent guest. You have the right mindset. Thanks to your husband for all of that, I guess.

Tripti: 45:11

Yeah, absolutely. Thanks to my husband. I agree.

Jamilla: 45:15

Well, thank you so much, Tripti. It's been an absolute pleasure speaking with you. It's been such an interesting guest to have on the podcast, so thank you again.

Tripti: 45:23

Thank you so much, Jamilla. Thank you, Jamal. Thank you, everyone. This has been a wonderful platform and a lot of knowledge exchange has happened, and I really look forward to the knowledge exchanges that leave me enriched and also for all our audience. And I would really, definitely try and send this across to my network as well, so that they also partake of what we've just discussed. It's very important for everyone to know, be students or be young professionals. So thank you so much for inviting me, guys. Thank you so much. Thank you.

Jamal: 45:50

Thank you.

Outro: 45:51

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 45:58

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro: 46:04

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro: 46:11

Please leave us a four or five star review.

Outro: 46:13

And if you'd like to hear on a future episode of our podcast, or.

Outro: 46:17

Have a suggestion for a topic you'd like to hear more about, please send.

Outro: 46:21

An email to team@kazient.co.uk

Outro: 46:25

Until next time, peace be with you.