Jamilla: 00:30

Our guest today is Alex Fetani a Privacy Analyst for the Americas and the Caribbean at OneTrust Data Guidance where he's also the project lead, the data breach notification vendor for privacy contracts and cybersecurity. He has an LLB from the University of Westminster. Alex is also the Privacy and Events Lead for Consortium Network, a network of more than 15 organisations, aiming to have Muslim professionals to be at the forefront in contributing to the UK being the best place to live, work, and invest in. Welcome Alex thank you for joining us today.

Alex: 01:02

Thank you for having me. It's an honour to be here, and I look forward to it.

Jamilla: 01:06

Thank you. And as we always start off on these podcasts with an icebreaker. If you could choose any famous person to have dinner with who would it be and why?

Alex: 01:14

I actually had this question before

Alex: 01:18

they actually caught me by quite a big surprise to be fair if there was just names running through my mind, I think one of them would be ArseneWenger, to be fair, just to like understand, okay.

Jamal: 01:26

I thought you've done your research on I guest. What is going on here?

Alex: 01:33

Are you Man United fan?

Jamal: 01:35

I am a Man United fan yes.

Alex: 01:37

look we're both sleeping giants, let's just say that, that are in a coma right now. But as I was saying, I would probably like to convo with our Arsene Wenger just to kind of understand what was probably going through his head when he was coming from Japan to the Premier League, what he was kind of dealing with psychologically when the entire press were like Arsene who and also like how it felt to win the Invincible trophy when he said that he was going to do it, and he actually did it. That's probably one, only a tough one to be fair, like there's just so many people throughout history, I guess that you'd want to meet or speak to is that include history or is it just the

Jamilla: 02:09

It includes history but we've only got the budget for one person so Arsene Wenger is fine.

Alex: 02:13

All right, that's fine then. I was worried for a sec.

Jamilla: 02:17

So, what first sparked your interest into Data Privacy.

Alex: 02:21

So it was actually my previous role I was working as a paralegal for an association of nurseries UK wide and it was just initially a standard paralegal role just helping the legal team with leases and stuff like that and then I come in and they were like, look, we also need a data protection assistant. Like well I have no knowledge whatsoever about data protection, or the principles I just know about the right to be forgotten because I looked at a Google case once they were like, good enough, I guess. Their form of training for me was to read the ICO guidance on the GDPR, which is about 240 pages. Most people would look at that and be like oh my god, oddly enough, that sparked my interest, or to be fair now it's a passion almost. And since then I haven't looked back to be fair I left law as a career path and I went into privacy, and from there I went to where I am now at OneTrust Data Guidance.

Jamal: 03:09

To come in there Alex when you were reading the documents from the ICO the guidance. What was it about the content that really got you excited.

Alex: 03:17

I think it was more like the structure of the GDPR, I enjoyed it. Everything was so clear, simple to understand. Consumer first, you know the data subject comes first, and then its corporate interest just sparked my interest and I wanted to look into it more and more, I think once I got more hands on with it at the Association. I was starting to see like okay you know I always enjoy reading as law but then now I get to implement it, and then seeing your actions kind of implemented company wide is always nice to see.

Jamilla: 03:48

Thank you. And what is it that you love most about working in data privacy.

Alex: 03:53

I think it's probably that it's an area that's not stopping at any time. You know, I mean we're at a place now where what by 2030 I think 65% or 60 odd percent of the world will have a data privacy law, almost, some huge figure like that I think it was that I was like reading once. It's definitely a market that has been in existence for a while but it's, I guess, ever since the GDPR kicked in, it's really really really now become quite aggressive in terms of everyone trying to basically be adequate. So that definitely makes me really happy to be in this industry and to know that my work has an effect for companies or for entities in terms of just making it easier for them to be compliant with the law and kind of help organisations be it in my role at OneTrust Data guidance with the content that we provide or personally with the Muslim organisations, it's always nice to see direct contribution rather than just saying like oh yeah just read the law.

Jamal: 04:48

Alex, I have to ask you, so you work for one of the biggest data privacy solution providers in the world, in fact it is the first data privacy solution provider to become a billion dollar company, and Inc 500 recently said it's the fastest growing company in the world. What's it like to work for such a great company?

Alex: 05:08

It is great. It is honestly, as you can imagine it's very busy. It's very exciting things that you know we've done and accomplished is honestly amazing and it's an honour to honestly be part of that process. The support that they give us is always really nice. When I joined the role I always said to myself, right, this is my target I want to get a CIPPE, eventually get a CIPM and OneTrust Data Guidance, they've been fully supportive of that and they've covered all the expenses that I would need in regards to getting what I now have as those two qualifications which I'm very proud of as well, which were my little life targets for 2020.

Jamal: 05:41

Congratulations and well done, Why do you think there's such a big emphasis on One Trust for all of their team members to not just be competent but also have the CIPP and the CIPM qualifications.

Alex: 05:54

I mean it's just the credibility, isn't it? It's that knowledge that you're dealing with an organisation where, from top to bottom, everyone knows what they're talking about, everyone knows its privacy. Awesome.

Jamal: 06:07

What advice might you have for somebody who has aspirations of working for such an amazing company.

Alex: 06:12

I mean, keep at it, just keep trying, even if you're not able to the first time, at least like try and do some ad hoc work, there's plenty of organisations out there who definitely do need help. And if you're not able to break in at the big guys first then many other companies that also need that help. But on one trust like we're always looking to get bigger and looking to expand our teams as well so why not go for it. Don't hold yourself back, even if you think like, oh, apply just apply. The worst that can happen is you'll get a no, but at least you've know you've applied that and you can learn from that experience as well.

Jamilla: 06:45

And aside from OneTrust you're the Privacy Lead for Consortium. Are there any unique challenges in data privacy, presented by Muslim organisations and can you tell us a bit more about Consortium please?

Alex: 06:58

Start with consortium itself. So we are the as far as I last heard biggest umbrella network for Muslim organisations in Europe. We have member networks such as you know the British Medical Association, Cube network, Emerald network, the Association of Muslim Lawyers, Muslim Engineers, Muslim Teachers. And so, it is a very nice diverse group of organisations, memberships and individuals, each of them have their own privacy concerns a lot of it is centred around marketing but even outside of Consortium I deal a lot with my local mosque or for example, a friend recently is planning to start up his own online Quran teaching service for example. And so he asked me to look into that and you know, I've helped Muslim counsellors as well.

Alex: 07:42

It is challenging I think but that's putting it very lightly. I'm sure Jamal, you can also vouch for this, that it's not easy, because sometimes the approach can be quite almost stubborn, so I've had to kind of change my entire approach with dealing with such organisations where I felt that it's not really enough to just say, Look, this is the law. If you don't register with the ICO X can happen if a data breach happens or a security incident happens, these are things you need to consider as a starting point that doesn't really help from my own experience. My own experience has been more like explaining privacy but in their own language, highlighting the fact that look, these people are giving you their personal information for the sake of example, the mosque is asking for donations. So they've got a little donation page on their website, they're asking for your card details, your expiry details and then name for examplejust to keep it nice and brief.

Alex: 08:33

if something were to then happen, It's not like people are going to be like oh you know it's the mosque, it's okay, like, yes, my bank accounts been completely drained by hackers, but it's all right. It's my local mosque, so I can't really say anything, people are going to be very upset people are going to be very angry and out of those, however many people that there will be at least one person who will bring the attention to the ICO. And if the ICO then recognises hang on, they're processing personal data and they're not even register with us for one, you're just creating a massive mountain of problems for yourself.

Alex: 09:04

And so the term I use with them has always been Amanah, a trust, you know, these people are putting their trust in you as a Muslim organisation via your charity. And, you know, end of the day, you're not going to be just held accountable to the regulator's, you're going to be accountable to God. At the end of the day, you're gonna have to answer for whatever injustice that could happen to an individual, because of your own negligence, because of leaving, however many pieces of information unprotected or taking people's trust for granted, I mean it's already bad enough that the GDPR has its own heavy fines, but the fines of the Day of judgement don't compare, to be honest. So yeah, I mean it has been quite an experience in that regard.

Jamal: 09:43

You've used a very interesting on that Alex because we've been working with a number of faith based organisations, and one of the resistances they have towards taking any steps towards compliance sometimes can be that hang on a minute. We don't believe our supporters, we don't believe our community is going to even think about complaining about us. Yeah, remind them it's not about that. It's about the trust that somebody places in you, we have something called the Amanah project which is a dedicated business unit, which is just there to serve non profits in the faith based organisation space as well. And it's amazing and how when you start educating these organisations and some of the trustees and senior stakeholders that these businesses have they actually start realising, hang on, this is actually about doing the right thing, and it's interesting you mentioned the Islamic perspective there, and from my own research and I've done a couple of webinars on this is data privacy in Islam we actually precedes the GDPR by about 1400 years. It's something that is actually taken very seriously. Right, privacy is embedded in basic Islamic principles and when you hear says things like mosques and faith based organisations that subscribe to that particular faith and then saying that GDPR related privacy doesn't actually matter to their supporters, actually haven't got a clue what they're talking about.

Alex: 10:56

Yeah, basically, they all they see is a law, and they're just like whatever kind of thing. But they don't, kind of like how you know what's that saying, like you know you've you just read the headline, but you didn't read the article. General Data Protection Regulation and they're just like, oh whatever it sounds like too high level or too nerdy for me or whatever but then you read it and it's the simple law just clearly explains stuff, be clear and concise with your data subjects have certain protections in place, no one's asking you to develop Fort Knox, in a day. All that is ended the day is trust. You know it is having that image that you know that when you do donate to charity that you can at least be rest assured donation has been used in the right way but also your information has been used in the right way. I mean if we even flip it, if an organisation was found out to be using people's money that they've been donating for the wrong purposes. There will be an uproar. So, it should still be applied with your own data, because that's your own personal information. If I suddenly got emails from, you know, British Airways and EasyJet suddenly saying thank you for booking your flight with us, I'm like hang on a second, what's going on here? So why isn't it that way? It's a bit annoying I feel like with time, more and more entities and people like ourselves, for example, getting more involved privacy grassroots can make a difference in that space, especially.

Jamilla: 12:12

Yeah. Moving back to you and your career, what would you say you're most proud of?

Alex: 12:18

So, um, it's, as cliche as it is, it's hard to kind of pin down one thing, I think I mentioned previously, you know supported at OneTrust to get that CIPM CIPD that was like a major, major target for me in 2020, so I was very, very happy to get that sorted get that out the way and with some people like it kind of shows that you know what you're talking about, but it's always nice to have that certification, it's always nice to have that proof that, okay, this guy knows his stuff because he's got x y and z. And I think another thing I was very proud of was obviously becoming data guidance to get the three projects of data breach notification, vendor privacy contracts, and cyber security and as well as like giving support to many other projects that we have at Data Guidance, it's always nice to be given that trust, again, using that word by the organisation itself, they can rely on me to handle those areas properly and make sure that we produce the right content for our clients. And I think one more thing I'll say was, in my previous role being dramatic as I like to be, I kind of got all the heads of the department, put everyone in the room and we got a retention policy so a unified retention policy, but if you think that might be a bit too much. Look I'm Iranian, uncontroversial as is, you know,

Jamal: 13:28

One of my best friends is Iranian right, and when we go out, to the restaurant you asked him, you know the bottom of the rice pan where the rice goes hard. Yes Yes, like that was the first time I've ever seen anyone ask for that we normally like, that goes in the bin.

Alex: 13:42

We're talking about trust,

Alex: 13:45

and organisations

Alex: 13:46

and you're here wasting food, you're wasting literally.

Jamal: 13:50

Why is it so crunchy?

Alex: 13:51

Like maybe you're not maybe you're not cooking the rice properly.

Alex: 13:55

If it's like golden brown and I didn't expect to get hungry during this podcast, you know, we call it tah dig, and it's just funny you mentioned that one of my closest friends, he's Middle Eastern, and every time he comes London, he's like, Let's go to an Iranian restaurant get tah dig, like he'll make it a point to the waiter like I want a separate plate of this.

Jamilla: 14:15

No idea. My housemate burnt rice for lunch today.

Alex: 14:21

That does not count. I'm talking about it when it's golden brown. It's sometimes like in the middle of like fairly soft but also crunchy and it works fine. It's tasty. It's good stuff, you know, definitely if you go to an Arabian restaurant again, you know, and In sha Allah post lock down, I'll take you and I can give you some education, I'll give you some training for once.

Jamal: 14:39

All right, sounds good.

Jamilla: 14:41

And so, what would you say is the greatest challenge you have faced in your career and how did you overcome it?

Alex: 14:47

Starting out, trying to adjust everything was a bit of a challenge for me personally and then like being in our organisation, and then you're kind of expected to kind of deal with every branch of different departments. Some departments are very open and happy to deal with you and other departments are like oh, you know, we have to deal with this guy. You know breaking through that initial barrier was a bit of a challenge I have to admit, but in terms of like my experiences with data privacy like I have to say thankfully I haven't had too big of an issues like I've had moments where I've spoken to people and they've said like wait, I have to do this, I'm like, you know more about you than me. Breaking through that barrier initially of kind of learning more about what that department is doing like how they're dealing with the information rather than finding out because something's happened,

Jamal: 15:29

So you describe the challenge you said there was a probably breaking through into that corporate culture, and having to suddenly deal with different departments whereas perhaps you have previously worked in smaller teams and then someone's assist you even know where to go, and now you're going to department where you're a stranger or treated as a number and you found that a little bit challenging. What do you think helped you to overcome that?

Alex: 15:48

This was specifically in my previous role, and at the end of the day it's just really about just having a chat more of a, you know impromptu informal like meeting within the canteen like speaking to the right people within those departments that may not be the head of the department, you know, befriending people, it's just being sociable and that sense. Like throwback to the training videos of IAPP but like having a coffee with someone and then kind of bringing up privacy in that sense and more of a conversational aspect like can make a world of difference and it's all about you making that step to, you know, engage other people in your organisation because if you don't engage you're always going to be seen as, you know the police, the policeman kind of thing or everyone's always like he's here because something's happened and no one's gonna like, give you full info, whereas if you kind of befriend people you'll get a lot of access to information.

Alex: 16:37

Like one thing I really enjoyed was once I put in the training programme, internally, and we had everyone subscribed to that and we're doing it. I then felt like my role became a lot easier, just by the fact that I felt like I had almost like a network, a set of eyes all over the company now, where if there was something that I wasn't even aware of in you know in any capacity, someone would then inform me. A are we sure we're doing this right? Can you look into this and that, in conjunction with I guess kind of putting yourself out there within your own organisation, makes it more easier for people to approach you when there is an issue. Sometimes personal experience of even outside of privacy, and before my career and privacy is when there's a problem sometimes people don't want to say anything because maybe they'll be blamed for it, or something like that and it's like, you kind of have to balance that yourself as a Privacy Professional because you don't want to also be Mr Scary but you also kind of need to have that good balance of being approachable, but also knowing when to be like right, this is actually very serious, you need to stop this or you need to fix this or we need to change this, as well.

Jamilla: 17:51

Thank you some great tips there for people in their careers. So what do you think the Data Privacy industry will look like in five years?

Alex: 17:59

I mean Coronavirus has helped digitise most economies now by a massive rate, you know well way, I think faster than it was supposed to be within the next like five to 10 years even now with how everything's progress. So, as you mentioned, I'm Privacy Analyst for the Americas and Caribbean, there's been a lot of movement in the US, Virginia has just passed their law, you know, Washington is still discussing, there's still plenty of states that are looking into it and even from a federal aspect, there's still movement going on in that sense, for sure within the next five years we'll probably see more laws get into play.

Alex: 18:29

At least you know like I mentioned earlier, within the next 10 years, there'll be so many like different privacy regimes out there, it's a very exciting time to be in this industry, it's very exciting time to even get into this industry because GDPR has been the massive game changer globally. Now everyone's trying to either have their own version but it's almost like different versions of the GDPR almost because everyone does want access to the European market and to get that you need the adequacy rating, you know, everyone's really pushing that and so I expect that to be even bigger and better. I wouldn't be surprised to see us probably like more actions from the regulators in general, because I think the more time they're getting now with the GDPR especially in Europe, the more examples they can kind of see from their own you know from other member states to kind of figure out okay what do we need to do.

Alex: 19:15

I'm like a personal big fan of the Spanish Data Protection Authority, the AEPD because they're very active, they're very like no holds barred kind of thing absolutely and I can definitely imagine other European states will look at that and be like, okay, you know, we've now got a bit of a example to kind of rely on and 100% other non EU countries will look at that and say okay, I mentioned the laws are some of them are similar, some of them still rely on the same principles of let's say the facilitation of data subject rights. If they see under the maybe the GDPR regime that they've taken this action they've given a very big fine to a very big company, if that same company has done the same issue in a non EU state that data protection authority could always look at what has happened with other countries in relation to the same issue, and that can potentially influence their decision according within the remit of their own law. It's a very exciting time to be sure.

Jamal: 20:06

Is there any further advice you would have for someone who's looking to become a Privacy Professional or looking to get to the next stage of their career?

Alex: 20:14

Obviously a good shout has always been, you know, getting your certification sorted, there's plenty of avenues now, you yourself provide that training many many organisations now also provide their own trainings as well, in regards to different certifications and be not just with IAPP, but I'm saying like there are even different certifications within cybersecurity, for example, if you kind of want to show yourself to stand out. Obviously experience helps, but sometimes like extra certificate can be a game changer. You having a certificate in a specific framework for cybersecurity, for example, can make all the difference almost now, you know, as it is a very exciting time to be in this market, it's also a competitive market. We know for sure and so you need to be able to differentiate yourself from the competition that's why, like for example, yes I'm at OneTrust Data Guidance but I still go out of my way to voluntarily help small, you know organisation startups and stuff like that with their own privacy issues.

Alex: 21:07

Or even networks who aren't even registered as an entity yet, you know, deal with their like let's say if they want to have questions on marketing it's just all about being able to kind of show that privacy isn't just a job to you it's a it's a hobby, almost, you kind of need to then separate yourself from the competition so that's probably my biggest advice, don't just think that because you're currently in one job, that's the game changer. Like, it's also about what you're doing outside of your job, you know, to make that difference, you know, even if it's in your local community, just basically being able to just say that I help this organisation, I helped my local library for example that's still a big difference maker.

Jamal: 21:44

Two pieces of advice from Alex is number one, is get involved outside of your job. Go and get involved even if that's helping something as small as your local library or your local community or your local places of worship, go and do something that makes you stand out from the competition and number two it's really crucial to get those additional credentials, the certifications the training to demonstrate that you actually have this knowledge or you have a certain level of knowledge, and that will really set you apart from the competition. Although this is a booming industry is very competitive, and people only want to hire the best, and the only way you can demonstrate, you're worthy and you bring more value is by demonstrating where you've added previous value so you can bring that to an organisation.

Alex: 22:27

pretty much nailed it

Alex: 22:28

on the head.

Jamilla: 22:29

Amazing, and some great advice.

Alex: 22:31

Once I kind of got that exposure to privacy, you know as cheesy or whatever you want to say as it sounds like fell in love with Privacy, you know, I felt like it was a much better area to work in, it was way more comfortable, it's way more impactful for me, anyway personally the the work I was doing internally at Association like it was nice to see fruits of your labour in action. I mentioned before, the whole training programme of creating that privacy culture was one of my favourite things to do, where people would look at me and they would like shred information, you know that they no longer need and it was always nice to see that whereas with law being a paralegal is rough, being a paralegal it's tough. You're not that well treated. You're not that well paid, I just felt, I'm enjoying privacy way more in terms of like a social life and the family life, I can actually have one in privacy whereas with law like it really depends on what area you're in and how busy your firm can be but I've heard like horror stories of people working 72 hours straight, I've heard others where, despite being after hours they're even working from home they're working like till two three in the morning, and it's just like, Yeah, I'm not interested in that, like okay yes the wages may be great at some point, with privacy at least you know that, you know once you kind of get the ball rolling, you're going to be in very responsible positions, doing a lot of impactful work icing on the cake being the, there's good money to be made as well.

Alex: 23:56

That definitely was a big motivational factor for me, the fact that I'm enjoying the role I was enjoying data protection work way more than I was doing the paralegal stuff I was still interested I was still finding it interesting dealing with different contracts and dealing with like you know leases and all this stuff but it was really the privacy work that I was like looking forward to most like when's the next training session that I'm going to give, I called my training session, hashtag Ask Alex, you know, and I made it like completely open to everyone, everyone had like their own different like levels of knowledge of IT, let alone privacy. And so just to kind of have that full on Open Door Policy saying like, no matter how silly you think the question may be just ask it because sometimes that can be a major difference maker between us having an internal meeting or meeting with the ICO. You know, it's always been nice in that regard. So yeah, that definitely was a easy switch for me with no regrets. I mean I definitely am grateful to the experience I learned and the knowledge I gained from my degrees for sure. But if I was asked what would you change, absolutely nothing.

Jamal: 24:55

What frustrated you most about being a paralegal?

Alex: 24:58

Sometimes it can be like overly competitive, you know before I even did the LPC there was like, you know, we're looking for someone with an LPC for a Paralegal role and I'm like okay cool and then when I come out of the LPC they're like, oh we need three years experience and LPC, x y and Zed and it's like, you know it's not turning into that meme where it's like entry level position, years of experience, eight, and it's like I was at an entry level position now. So there there was that element and then just, you want to kind of get involved with like the big thing, so big projects and stuff like not not just admin work and sometimes like initially at the very least the life of a paralegal is admin, you know, just making sure the files are all up to date and correct according to whichever standards then I would see like the rest of the team like working on big contracts and stuff and I'm like, you know I did just come out of law school like I can contribute something for sure.

Jamal: 25:51

Yeah, I hear you and I think a lot of people that come and join on the Privacy Pros accelerator programme is because they come from a place where they're frustrated they've often done an LLM they've invested lots of time, energy and money in previous qualifications, only to find the kind of work they're getting, the kind of career prospects they have it's always unfulfilling. And I think that's one of the biggest reasons I see a lot of people joining the programme is because they're fed up of being stuck, they're fed up of being rejected. They're fed up of putting in all that work, getting nothing back, called up when they're three minutes late into the office and they're fed up of being treated as a child and they want to really be treated as a professional, they want to do a meaningful job that is challenging and rewarding, and data privacy really offers that for all of those individuals,

Alex: 26:38

Literally 100%, without a doubt, like Data Privacy is like one of the roles that you can say at whichever level you are, you're making a difference. So even if you know someone might think oh but come on, like entry level Privacy Role like what impact can you have, you're gonna have a pretty big impact yourself, you know, even if it is amending the company's privacy notice, that is something that, however many 1000s or hundreds of 1000s or even millions of people will see and that's your work, literally like they're on public display like making sure that company doesn't have any issues on their privacy notice, even if it is a simple edit one word, but you can at least say that's your edit.

Jamal: 27:17

That was awesome,

Jamilla: 27:18

Amazing, and some great advice to end on there. Thank you so much for joining us today Alex we really enjoyed it. Thank you. Thank you. If you enjoyed this episode be sure to subscribe, like and share.