Intro: 00:01

Are you ready to know what you don't know about Privacy Pros, then you're in the right place.

Intro: 00:06

Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch progress and excel your career as a privacy pro.

Intro: 00:17

Hear about the latest news and developments.

Intro: 00:20

In the world of privacy, discover fascinating insights from leading global privacy professionals, and.

Intro: 00:26

Hear real stories and top tips from the people who have been where you want to get to.

Intro: 00:32

We're an official IAPP training partner.

Intro: 00:36

We've trained people in over 137 countries and counting.

Intro: 00:41

So whether you're thinking about starting a career in data privacy or you are an experienced professional, this is the podcast for you.

Jamilla: 00:57

Hi everyone, and welcome to the Privacy Pros Academy podcast. My name is Jamila, and I'm a data privacy analyst at Kazient Privacy Experts. I'm primarily responsible for conducting research on current and upcoming legislation as well as any key developments and decisions by supervisory authorities. With me today is my co-host is Jamal Ahmed, who is a Fellow of Information Privacy and CEO at Kazient Privacy Experts. Jamal is an established and comprehensively qualified privacy professional with a demonstrable track record solving, enterprise-wide data privacy and data security challenges for SMEs through complex global organizations. He is a revered global privacy thought leader, world class trainer, and published author for publications such as Thompson, Reuters, The Independent, Euro News, as well as numerous industry publications. He also makes regular appearances in the media and has been dubbed the King of GDPR by the BBC. To date, he has provided privacy and GDPR compliance solutions to organizations across six continents and in over 30 jurisdictions, helping safeguard the personal data of over a billion data subjects worldwide. Hi, Jamal.

Jamal: 01:55

Hey, Jamilla.

Jamilla: 01:56

How are you?

Jamal: 01:57

I'm fantastic. I'm really happy today because I'm going to speak to Tom today and I'll let you introduce Tom in a moment. But Tom is actually someone who has really inspired us with his podcast. For anyone listening who isn't familiar with Tom, he's got the most amazing podcast with all things data privacy. And Tom has been doing his privacy podcast for a long time, and it's something that actually inspired me to say, hey, why don't we do a podcast? This is a great way of people listening when they're busy. A privacy professional is always so busy, never enough time, and Tom does all this great stuff. Why don't we do a podcast and we focus on actually how to be a great professional. Tom is already covering all the great stuff, the subject matter content, the updates, all that. Let's just focus on individuals. And now I'm so excited that Tom has actually joined us today and we can really get into his mind and see what makes him tick, what motivates him, and what tips he has for everyone that's looking to really enhance and become a world class privacy professional. So Jamilla. Without further ado, Tom McNamara.

Jamilla: 02:54

It’s like he's entering the ring in a wrestling match. Tom McNamara is the Founder and CEO at Apex Privacy, which helps B2B SaaS Companies comply with global data privacy laws. The company was founded to help technology companies comply with global data privacy requirements effectively and practically, understanding their needs are different to other industries. Apex Privacy has developed the Apex Global Privacy Program Framework to ensure compliance and reduce risk in every market clients operate. Tom holds a wealth of legal compliance experience and he is passionate about Privacy and Data Protection. He is an experienced data protection officer and legal compliance consultant, delivering business-centric legal compliance initiatives across several countries. Tom has previously worked with the likes of JP Morgan and AIB overseeing complex regulatory compliance projects in Asia, Africa, the US and Europe. Tom holds an LLB in Irish Law from Griffith College Dublin as well as a Masters in International Law from the University of New South Wales. Also, certifications in International Privacy from the International Association of Privacy Professionals (IAPP) and a Postgraduate in Creative Thinking, Innovation and Entrepreneurship from Trinity College Dublin.

Jamal: 03:59

All right. What’s Tom's icebreaker Jamilla?

Jamilla: 04:00

Tom’s icebreaker might be a little bit putting you on the spot, but we spoke about how you host a data privacy podcast. Who has been your favourite guest and why?

Tom: 04:10

My favourite guest? We tried a format with Gilbert Hill, so he's based in London now, and he's like one of the original privacy tech founders. He had an early acquisition by OneTrust back in the day. And Gilbert just really knows his stuff. And we were talking about lots of different things. And it was one of those conversations that just kind of went very naturally and just we touched on so many different topics and more than kind of scratching the surface is kind of more deeply thinking about it. And it was just very natural. So I think Gilbert will be one of the most enjoyable episodes anyway.

Jamilla: 04:44

Very interesting. We'll have to check out that episode.

Jamal: 04:47

Jamilla what's been your favourite interview so far?

Jamilla: 04:50

I mean, this one, obviously good answer.

Jamal: 04:53

All right, let's get into it Jamilla

Jamilla: 04:54

Yeah, so we've got a whole bunch of questions to ask you. We're really excited to speak to you. So you wrote an article about the benefits of outsourcing a DPO. What do you think is the benefits for a DPO to work in a company that deals with outsourcing rather than in house for a company?

Tom: 05:13

What's the benefits in outsourcing, or what's the benefits of having an in house DPO?

Jamal: 05:18

But what she's saying is, what are the benefits to somebody working as a DPO to be an outsource DPO to different companies rather than working in house with one?

Tom: 05:25

For individuals, I think it's definitely the variety that you get in your day to day and week to week and building up professional experience, as opposed to being stuck in, like, a silo of one business and one way of working and one hierarchy and everything that goes with that. If you're working in a consultancy offering that service, you're building up so much experience across different businesses, different ways of working. Like, no two clients are the same. We've got a structure on how we go in, we do assessments, we do maturity tests, et cetera, et cetera. But once you get in the door, you're dealing with different personalities, you're dealing with different ways the business communicates, operates and the likes. And really understanding that on a people level is really informative to your career. And then I think just that a variety of problems really helps build up a knowledge base because when you've got lots of different clients, you're going to have different problems come at you from different angles and it just means you have to build up a wealth of knowledge probably a lot quicker than someone who's working solely for one business. So I'd say that it's really the variety piece as well as the opportunity to learn.

Jamal: 06:44

Yeah, I think that's a fascinating insight. I completely agree with you. And I think one of the benefits of having a consultancy and working with numerous different businesses across multiple industries is even though no two businesses are the same, some industries are completely different. And the cultural aspects of the privacy elements can really change from a regulated environment to, let's say, a retail or to a medical kind of industry. And when you take the different approaches and you see what's working and you say, hang on, if I was just stuck in house, I never would have even thought about that. It opens you up to so much more opportunities and it also helps you to really have more tools in your toolbox. And one of the great things that I love about working as a consultant and not being stuck in house, one of the things I always hated about being a permanent employee is all of the politics, the office politics that comes along with it and the expectations and the ridiculousness. Like, I want to go and do my job and I want to do a really good job for the client and ultimately that's what the client wants. But sometimes what I found, and when I speak to colleagues in house is there's so much negativity and toxicity around the whole office politics culture. And I think for me that's the biggest benefit of not being stuck down in one place is having to not worry about any of that because it really detracts so much from you just doing and showing up and doing your best. And for me, that's one of the biggest benefits anyway. I don't know if you want to comment on that, though.

Tom: 08:07

Yeah, I guess you cut through a lot of the BS. I guess that goes with the office politics. And I think companies get benefits by having an outsider come in to do it means that you're just dealing with individuals as opposed to knowing their history or knowing how many different departments they've already worked in and all that type of stuff that builds up internally. So most definitely cutting through that, it's kind of a relief. It does take time to understand the relationships and especially however you're structured as the outsourced DPO like you want to pick the right champions, let's say, before you kick off because without that understanding you can start hitting roadblocks. But most definitely it is kind of refreshing that you can leave a client and then not worry about it and come back a couple of days later and they can do their in-house squabbles and the likes of that but you come in with kind of a fresh like a clean slate each day.

Jamal: 09:02

Yeah, absolutely.

Jamilla: 09:03

So your company at the moment you focus on B2B SaaS company. So what was the kind of driving factor between focusing on those kind of businesses, software kind of businesses, rather than retail or non-profit?

Tom: 09:17

e GDPR came up. It started in: 2015

Jamal: 10:51

It's a great niche to be in and I can see that you're actually dominating that sector there. So we're rooting for you.

Tom: 10:57

started out as consultants in: 2018

Jamilla: 12:26

Did you see an increase in clients and need for your sector during the pandemic?

Tom: 12:32

Not particularly during the pandemic, but I think there's a business owner, just, like my uncle said to me, leave a trail of happy clients and you'll always have new business. So obviously the first few years we are blessed in a way with the GDPR because we were getting pretty much free advertisement because it was all over every publication, every website, etc. And then from there it's been very heavy on referrals and like new business. We just hired a marketing executive after three or four years, so we will get stronger on ours up until now it's been very much referral based and they're trying to leave that trail of happy clients who later come back. Who does it work or keep you on as a DPO outsourced or refer you to somebody else in the field?

Jamilla: 13:17

And with the wealth of clients that you've had, what has been your most memorable client story?

Tom: 13:24

I don't know. Okay, so covid, I was working with this IT company who provide IT for a lot of other businesses in a regulated field. And when everybody was kind of transitioning to work from home, like this last guy who was there for a long, long time was pretty much refusing to work from home and I had to be in the office until it was full on lock down and everybody had to leave. And it turned out that it was pretty much a set of servers built underneath his desk where he was operating completely offline. But he just had such, he was there for so long and it just built this thing out over time and people couldn't believe it. It was just kind of like, okay, that is but that's pretty out there. This person who is just I don't know, I think that's out there. I hope not breaking any NDA's, but I'm definitely not naming names.

Jamilla: 14:15

No, you didn't give away any names or personal information,

Tom: 14:22

I suppose from other clients, there's a client that is kind of traditional as well. It's not in the tech space, but some of the interactions and you're talking about, I guess, in house squabbles. It was kind of on the daily and sometimes we get dragged into it and we had like, let's say top management making quite aggressive DSARs purely for personal reasons. It's just funny to see it play out. I think that could be a podcast in its own it could be like the dark stories from Data privacy.

Jamal: 14:51

Maybe we should get together and do an episode on Nightmare DSARs from Top Execs.

Jamilla: 14:58

Feel like that might turn into a bit of a counselling session for you guys. Just venting it all out. So back to my research stalking of views. You wrote an article about online privacy. Does privacy exist online anymore?

Tom: 15:14

It does and it doesn’t, like in this space. It's very interesting. And you probably find this Jamal and Jamilla as well. We're consultants, but we're not exactly evangelists. Like, I don't see myself as Max Schrems or like some of the other guys in that space. I'm there, like, being paid by businesses to get them compliant. And I recently had an article, I had some shade thrown at me in terms of I was saying about companies and complying in the different jurisdictions per the law of the jurisdiction. And then I was like, why don't you just apply? Because if they really want to do privacy, they should set the high watermark, et cetera, et cetera. And that works for certain businesses, but it's not going to be a client priority all of the time those online privacy exists. I don't know, I use a lot of apps. There's a lot of data out there around me because I'm coming from this space. I think I understand how to surf it, if you know what I mean. But I think the more interconnected we come and the more comfortable we are sharing data, we do rely on the regulations to kind of build the walls around it. And I guess we can get into quite philosophical debate around what is privacy and the likes of that. But if it's available online, I suppose I'd like to think if you look at privacy in terms of the control you have over the information that's available about you, if you pick your companies that you deal with correctly, you should have a certain amount of online privacy. Because I don't expect, like, my messages to be out there being shared and kind of really intrusive stuff. But is there profiles? Am I being profiled by lots of companies that are trying to sell me stuff, I have no doubt about that. But I don't think that specific use of data is the be all and end all of privacy around the advertising space. But I think that is kind of like a wormhole that we could maybe want to go down it, but it really depends on what your own view of what privacy is. What does online privacy mean? Definitely not getting into privacy versus data protection. You definitely have people then show them at that stage.

Jamilla: 17:21

So this is you kind of as a expert, do you think that kind of a layman, someone who doesn't work in the sector or doesn't really have a massive understanding of data privacy, do you think there's any hope for them on staying more private online?

Tom: 17:36

If you understand, like when you click in or you download something and you're giving up your information, that there is a whole lot of metadata that happens that is collected behind that, if you just think, oh, I'm signing up for this, and it's just my email address, or something like that, you probably don't have the full picture of what actually happens. And then it's even unclear to me, like what happens in the back end of that when you're looking at, okay, maybe data brokers, or you've got different people. And again, my head space is in the advertising space at the moment and kind of tackling with that. But I guess if you're working with established companies, and I've always been with Apple purely, not purely because I find them very reliable, but I do see it as quite a selling point that you do feel safer when they are using your iPhone. And you do genuinely I do genuinely believe that they do have the right and the same mind when it comes to privacy. But then again, I have a tick tock account, I have a Facebook account. I know that there's lots of data coming off the back of that, but I don't know normal people. It depends, I guess, and there's not much of an answer.

Jamilla: 18:43

I just go back. I feel like nowadays it's really hard to hide who you are online. Whereas I'm thinking when I was 15 years ago, when I was playing on MSN Messenger, people could be whoever they wanted online. I feel like now, because there's so much information, all our accounts seem to be interconnected, it's kind of hard to hide yourself online.

Tom: 19:02

Yeah, I suppose there's a lot of trolls or a lot of people that get trolls that would say the opposite because there should be more accountability. Yeah, if that's what you're looking to do, obviously there are ways to do that. And if you're in the space, you know better than most on how to do it. Again, we're kind of evolving, especially Covid. Covid has made online interaction way more important. Zoom is the new reality when it comes to meetings. And I don't know, for better or for worse, I think in the right places it's for better. So we've got more invested online that we actually are more of a person when it comes to your online identity. It was interesting, like, seeing should you have a kind of fixed online identity and how would that work? I'm not too sure if that's what was intended, but what was intended by the internet, definitely, isn’t what the internet is being used for today. Like, you can pretty much live online now. You can work online, do all your banking online, never set into never set foot in the bank or an office, like, and get your clothes. So I think there's more call for an actual online identity, whether you can hide who that is, if you wanted to hide who that is. I think people are more concerned about just not being exploited, being able to have this online identity without the fear of their data being used in ways that kind of goes against the individual's best interest.

Jamal: 20:24

Yeah, I think as long as it's a cool use of people's data, they're all right with it. But as soon as it starts getting creepy, then that's when people will start getting really alarmed. Now, you mentioned a couple of things that you mentioned, Apple and Facebook. And I want to ask you to cast your memory back a few weeks, or it might be a few months now I'm losing track of time, but do you remember that whole beef between Apple and Facebook advertising? Give me your views on that.

Tom: 20:47

Yeah, it seemed like tit for tat between two tech giants and like, Apple are enforcing consent, which I'm all behind. And then Facebook came out to say, okay, Apple are trying to kill small businesses, which I think that's a bit of a stretch. Facebook, were going to lose revenue because their pixel wouldn't be on absolutely everybody's device. And like Jamilla was saying, the layperson probably doesn't understand how the Pixel works, whereas we have a better idea to know that, okay, Facebook has this worldwide view of everything you do online, and Apple come in kind of cutting them off. And it wasn't just Facebook. There was like Rice games and there's other people that were going to be impacted for it to happen so publicly. It's interesting, it's like Tim Cook is there to uphold people's privacy and do the right thing. And then on the flip side, you have Zuckerberg just being Zuckerberg and Facebook coming out kind of, they come across as kind of like, we know better now whether small businesses have been impacted I'd love to see some actual statistics because I think the statistics that were put out there were proven to be like wildly inaccurate. So again, it kind of comes down to the personality of the companies. But it's interesting to see it play out. I think Apple are on the right course and it's interesting now they went from that stance into the going to be scanning people's photo libraries for images that look like child pornography. And then you have kind of people with their privacy hat saying, oh no, that's not right, and they shouldn't be doing that if they're pro privacy. But I think, again, we'll get back down into what does privacy mean, really? If it's done for something in that common good, I can get behind that. It's just, I suppose if it's being misused and how did it regulate it and how did they classify it, it would be interesting to see.

Jamal: 22:41

Yeah, it's interesting you mention that, Tom, and we're actually going to speak about that in some depth with a future guest on the podcast. But I just wanted to understand your view. So you think are you okay with them going through all your phones just in case they might happen to come across a photo? Basically for anyone who, if you're listening, you don't know what we're talking about. Apple have announced that they're going to monitor people's phones and videos, and the reason they want to do that is they want to check for child abuse images. Now, the concern that some people have is because you want to catch someone who might be abusing children and using an Apple iPhone to take those pictures. Should that give you a right to go through everyone's images, everyone's videos, just to catch that out? What are the chances that you're going to actually identify people who are perfectly innocent? It's a grandmother or a grandfather or an uncle or aunt or a parent who is giving the child a bath or making some memories. What are the chances that you're going to cause problems for them and start reporting them? And why should you go through all these other photos just to try and identify and catch that? Is there something more sinister at playing? Is that the excuse? Because no one in the right mind is going to argue against someone trying to protect children from harm, right? So I'm very uncomfortable. I'm not sure where I stand on that. I know it makes me very uncomfortable. I don't feel the end justifies the means. I feel like there's better ways of catching the predators out there without having to violate everyone's privacy and look through their personal photos and videos. And if I was using an iPhone, which I don't, I'd start thinking twice about what pictures I'm taking because I know someone is actually going to be looking at them.

Tom: 24:10

Yeah. So you touched on how are Apple going to manage the reporting and the kind of enforcement of this. Are they going to be locking people out of their accounts? Are they going to be sending lists to law enforcement? So really understanding what's the end goal here in terms of does the end justify the means? Nobody wants to see that type of material and anything that could be done to get that type of stuff off the web or just expose those people, I think is a positive. But on the flip side, how do you distinguish between a child having a bath versus something else really, without understanding the finer details of it? I think it's hard from a privacy professional point of view to say this is okay. Could there be grounds if there was something to back up, to say, look, this is a success rate, and I guess you can't get that until it's enacted. I suppose it would have been scary for Apple to come out and say, we're scanning pictures without kind of tipping off people that would have, like, these type of images and videos on their phone. So from my point of view, I guess privacy isn't an absolute right. It's always being weighed against other aspects. But that's usually done through legal means where you've got like, the balance of powers and you've got different elements of governance, feeding laws and regulations. So for a company to come up with a stance, now Apple probably is more powerful than a lot of small countries, but for the company to come up without that same kind of rigorous standards and like, public scrutiny, it's hard to, justify. Would it put me off being an Apple user? Probably not. But again, you would like to understand more about how it will actually work, but then for us to understand more about actually works, that's just a blueprint to bypass it. If you are one of these people that have produced that type of content. So I think there's no easy answer to it other than like, in principle, yes. But then when you dig into it and say, okay, what do the rules look like? What does the enforcement look like? How do you justify what you do? How do you make sure that it's accurate? It's quite complicated, and I don't know. I haven't seen any documentation that really gives enough answers.

Jamal: 26:31

Yeah. What makes me really uncomfortable is once governments from across the world realized, hang on, Apple is capable of doing this, where does it end? Where does that purpose, that scope creep, where does that end? What are they going to do next? Oh, hang on a minute. You've got access to the devices, you've got a back door in now we can see all this stuff. Now we're going to ask you to share that information with us. All we want to see if these people are paying all of their taxes, where are they going to eat and stuff. Let's start monitoring that and it becomes a full on surveillance. So your device, I mean, everyone's device, smart device now we have so much information about those individuals in ways that we can't even imagine. We could probably learn a thing or two about ourselves just by monitoring that data. I didn't realize that's how it was profiled. If you actually download the profile that some companies have on you with. All the 358 data points and where they categorize it, it's actually quite fascinating. But then couple that with the surveillance of your actual images and your videos and your voice recordings and anything else, I think it becomes quite scary.

Tom: 27:36

Yes, I suppose what is safe? I think it's Australia. They're really pushing true regulation to have backdoors into all software systems. It was strange to come in from Apple, especially when they went to such extent to protect the integrity of the iPhone when there's that terrorist suspect in the legs. So it definitely is a slippery slope if you get into it. Would Apple kind of taking this on, give grounds for them sharing information that they choose not to share? I don't know. It will be interesting to see again. So I'll come back to the original question by Jamilla around is there such thing as online privacy? We're probably starting to see no, that once it's online, somebody has access to it that isn’t you. It's not like just having information at home.

Jamal: 28:28

And the other challenge is, let's say when we have criminals, right, if they know that the police are going to search your car, they do something to conceal it. They're not going to drive through where they know there's no checks. So now if we've got these horrible people out there doing stupid things, nasty things with children that they shouldn't be, if they know Apple is doing these checks, they'll just stop using Apple, right? They'll start using a different company or a different phone or a different device. So how is Apple going to continue justifying that when there's a big warning saying, hey, look, if you're a criminal and you're using our devices for this type of criminal behaviour, we are going to monitor it. So the common sense approach would be that anyone who is that criminal justice, we're not going to use that. But now if you moved all those criminals away from using a device, why are you continuing to monitor all of these other people just in case? What is the chances out of 100 and the percentage that somebody out of all of the users they have across the world, that a percentage of those people actually do that? If it was, let's say, 20% of iPhone users or child abusers, then it makes sense. But I highly doubt those of the stuff. I don't know the facts, I'm just making them up. If it's just one or two, three, even less than 5%, that's that justify surveilling the other 95% to mitigate against that harm. That's where I'm uncomfortable. I don't feel that Apple have answered those questions in a way that justifies what they're proposing for me.

Tom: 29:48

Yeah, you've changed my mind. Because now as I'm thinking through it, it's like there is like legal precedent and how these things are interpreted for a private company to set their own standards and then to understand how that's going to impact individuals. So I know that there are cases out there of just, say, kids that were in school together, but there's like, two years in their age difference. So one becomes, like, maybe their girlfriend boyfriend for a long time, and one becomes an adult while the others are still a child, and then they're sharing messages and stuff like that. So is Apple going to catch criminals versus are they going to make mistakes or potential harms to other individuals without the type of governance that you see in courts and that you see around? So it's not easy, and you definitely want to see more that statistic. I don't think Apple are going to be using it for their marketing campaigns. 20% of Apple users are child molesters or something, so that's definitely not going to be something that they use. But is it a worry within their ecosystem? It must come from somewhere, or is it a purely kind of headline grabbing stance? I just don't know.

Jamilla: 30:59

Yeah. Very interesting. I feel like we could discuss it for hours, and I had questions over how would the AI know? Could it distinguish between pictures of something awful happening and just an innocent picture at home? And how are you going to train the AI to notice these? And then also. If anyone's ever dealt with a big company like Apple with their complaint services. If you are saying you've locked me out of my work account, you've locked me out of my phone. I can't do anything because you think this picture of my child in the bath is something dodgy. How are you going to be able to kind of fight that and appeal that without it taking such a long time?

Tom: 31:37

And it's not like a legal right. And there's no ombudsman. It's like just their interpretation of something. Yeah.

Jamal: 31:45

Very interesting. Very interesting. I'm looking forward to discussing this great length with other guests as well. Tom, thank you so much for your view on that. It's been really interesting to see someone.

Tom: 31:57

I think my view changed from the start to the end, so it's nice to have a genuine conversation on a podcast.

Jamal: 32:04

Great. Okay, Tom, what's been the proudest moment of your career so far?

Tom: 32:09

Proudest moment? I don't know. I think it's just like the success of the business over time. I got jobs. I always kind of bounced around jobs or kind of like building up experience across different companies. Never took a full time role, always kind of on fixed time contracts, kind of building up experience to do my own thing. In the end, that was always an angle of mine. And I guess it's just kind of the long-term success of the business that I started out and not knowing much around, running a business, and then as it kind of developed and we started taking on employees and stuff like that, I think it's hard to pinpoint one specific point in time I think it's more the gradual success of the business.

Jamal: 32:55

Thank you for sharing that, Tom. And as someone who also started up my own consultancy and has been growing it, I completely understand what you mean. There's one thing like doing consultancy work for the clients, but then you've got this whole other aspect of actually running a business, communicating with people, attending meetings, making sure that the people in your team are motivated, that they're equipped, that they're happy, that they've got the time off when they need it, and all of the other things. Then you've got the marketing, then you've got the finances, then you've got the taxes, then you've got reconciling on that, and you've got to bring in an account, and then you've got to start your insurance policy. And then if you have your physical offices, then you have to think about the maintenance of that and the supplies. And there is so much to think about that I wouldn't change it. I love it. I'm sure you love it too, right?

Tom: 33:40

Yeah.

Jamal: 33:40

My question for you is what keeps you driven? What drives you, what motivates you to continue? Because this stuff is exhausting and it's not for everyone. Right. A lot of people want to go 9 to 5, be in house or even work for a consultancy, 9 to 5 switch off people like me and you, I would say probably a little bit crazy. So for you to stay crazy like me, what is it that drives you and motivates you to be an entrepreneur?

Tom: 34:03

Yeah, I just always wanted to run my own business and kind of I come from a family of entrepreneurs that they kind of have inspired me, I guess. Yeah, it's stressful. As you mentioned, there's like a million and one things to do beyond just understanding a really complex law and how to actually applied, that there's so much other aspects to it. But I don't know, there's just like, I guess the highs of landing a new client and just after a week of chaos been able to kind of sit down with your family and think, okay, that was a good week. I think I'm a bit of an adrenaline junkie. Maybe that's part of it. So one of my biggest learnings from business actually comes from training to Jiu Jitsu and martial arts, where our coach always goes on about, like, you don't celebrate the wins too much and you don't, like, get too down in the dumps about the losses. I train in the gym with professional MMA fighters and the likes of that. So they've got like, half the year builds up to one fight that might last like, two minutes if they get knocked out or submitted in the first round. So the atmosphere in the gym is you don't get too spiked, but you don't drop too much. You kind of try and keep something like a steady curve, and that's really applicable to business and yeah, kind of motivation. It's just you see the business, I like to try and work with kind of goals as well in terms of revenue goals, in terms of clients, et cetera, and try and keep working towards those and understand that perfection is going to be hard, but if you just keep making the right steps, you can kind of get there on a daily basis. Definitely kind of my fitness regime. I know you talked about that at the start. I like, I'm into fitness, I'm into martial arts, the likes, and kind of it probably goes beyond the nine to five, but I do kind of when I disconnect, I'm pretty good at properly disconnecting. So I think on a day today that kind of helps and trying to get away from zoom for a few minutes per day helps.

Jamal: 36:04

Yeah, I think one thing that I really respect what you said is that discipline that comes from your martial arts that you bring to business. And that's something I'm actually going to start applying a little bit more myself with the actual discipline because I find it hard to disconnect properly. Like I'll disconnect and then there's like I've got my phone and then I've got people, members of the team from other parts of the world with different cell phones sending me messages and I'll think of something and I'll leave a message to them, but that disconnection. I think I need a little bit more discipline in that disconnection.

Tom: 36:37

Do you find the right thing? So I find it hard to take a call if somebody's trying to punch me in the face when you're like training. So it enforces you to disconnect because martial arts and fitness regimes, if they're suited to your level, you have to. So like when you're on the treadmill and you're really pushing it out or you're doing a set of weights, it's how I disconnect. And I was really struggling during lockdown when all the gyms were closed and they couldn't do anything. So I did find that tough and it's harder to motivate yourself to do home workouts. For me anyway, I like the idea of leaving the house office, go to the gym, then come back and just come back with a different energy altogether.

Jamilla: 37:21

Yes, I agree. I found it. I was at the gym this morning and I was replying to some text and my personal trainer was like, if you do that again, you'll be doing more press up. I think that's quite a good way of switching off. I was like, here.

Tom: 37:37

You don't need it.

Jamilla: 37:40

I need it nearby me. This is the problem. So Tom, how has obtaining the CIPPE and CIPM helped you in your career?

Tom: 37:48

Oh, that's a loaded of questions. People want to see them. How much they help you actually deliver a project for a client to help a client, I don't know. But they do help you because certain companies will have those as a requirement of consultants or companies that they interact with. So it's kind of like a stamp of approval, but I don't know if the content really helps you deliver a project, understand how the law applies in as much detail as it's probably meant to, to be.

Jamilla: 38:24

So would you say you need that extra practical hands on experience in addition to the qualifications?

Tom: 38:30

I think most definitely. This area is so nuanced and you need experience on how to implement compliance frameworks and you need experience on how to deal with multi aspects of the business. Even the typical DPO needs to be able to talk financial talk to the finance department, needs to be able to talk HR talk to HR needs to be able to talk like engineering and tech to the development teams. It's so multifaceted that I think hands on experience is the only way to get there. Certifications help you get recognized. If you're looking for a job, then most definitely if someone has a CIPPE or CIPM, it's going to make them stand out in a stack of CV’s just purely because they were able to get through it and they understand it to that extent. On the practical side of things, I'm not too sure.

Jamilla: 39:26

So you don't have to continuously update your CIPM. It's not like.

Jamal: 39:31

t's not a secret. Like around: 2018

Tom: 46:41

s was done by someone back in: 2018

Jamal: 51:24

Thank you for those tips. They're super valuable. And if you're listening, this is the guy to take notes for. He does Jiu Jitsu in the gym, he does MMA, and he's got a super successful privacy consultancy. He's gone past the first year, he's gone past the second year. He's in his fourth year now. So this is a real successful example of a successful individual, someone who's gone and actually knew always, I want to be a consultant, I want to have my own business and has got around and got lots of fixed term contracts to get that exposure, get that experience. And now he's been able to put that together with all of the thinking and innovation and the entrepreneurship with his learning at Trinity College, and really combine that to have Apex and take it to the level of success it’s at now and also make time to give back and do the brilliant Data privacy podcast, because that's something that you do that people don't pay for. It's something that you do in your own time to pay for all the technology, the hosting, the platform, and put it out there for people. So on behalf of all of our listeners, I really want to thank you for that great value that created on the podcast. And I really look forward to listening to your episode.

Jamilla: 52:31

Before we go, just the final question is your opportunity, Tom, to ask Jamal a question?

Tom: 52:38

So I'd like to know what's the most common misconception that you have to deal with, like, across your client base? So usually just say in your discovery sessions or mapping sessions, what's the kind of most common misconception you have to deal with?

Jamal: 52:54

can't believe we're still in: 2021

Jamilla: 54:16

Well, thank you so much for joining us on the podcast today, Tom. We've really enjoyed speaking with you.

Tom: 54:21

Seriously, it was a pleasure being on.

Jamal: 54:23

Yeah, thank you so much, Tom. Thank you. I know you're super busy and for you to be able to make the time for this, I know you've had to sacrifice time somewhere else, so I really appreciate the fact that you've come on. Thank you for sharing so much value with all of our listeners from over 50 countries across the world now.

Tom: 54:37

Continued success with your podcast, because again, we take on these podcasts and it is to share value and share information to kind of help people. And obviously we have two different audiences, but hopefully they'll converge.

Jamilla: 54:52

Definitely we can put a link below to your podcast Tom.

Jamal: 54:55

We’re definitely going to be doing that. We spoke about this podcast so much, how can we not?

Jamilla: 54:59

We'll put a link to your favourite episode.

Outro: 55:04

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 55:12

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro: 55:17

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro: 55:24

Please leave us a four or five star review.

Outro: 55:26

And if you'd like to appear on a future episode of our podcast or.

Outro: 55:31

Have a suggestion for a topic you'd like to hear more about, please send.

Outro: 55:34

An email to team@kazient.co.uk

Outro: 55:38

Until next time, peace be with you. Bye.