Stine: 00:00

Day two, I was talking to the CTO, and he was starting to ask me about APIs and what was my opinion on using APIs and if there's any kind of, like, legal implications from a privacy standpoint. And I was kind of like, this is such a different way for me to use my legal skills, because as soon as you're doing that, they feel listened to. They feel that you're interested in fixing their problems, that you care about the business. And what it also does is that if you can fix one of those things, it'll make you shine. And if you shine, your ability to make a difference just increases dramatically.

Intro: 00:40

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro: 00:45

Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts, the podcast to launch progress and excel your career as a privacy pro.

Intro: 00:56

Hear about the latest news and developments in the world of privacy, discover fascinating insights from leading global privacy professionals, and hear real stories and top tips from the people who've been where you want to get to.

Intro: 01:11

We're an official IAPP training partner.

Intro: 01:15

We've trained people in over 137 countries and counting.

Intro: 01:20

So whether you're thinking about starting a career in data privacy or you're an experienced professional, this is the podcast for you.

Jamal: 01:36

Good morning, good afternoon, and good evening to wherever you are listening from today. My name is Jamal Ahmed, your host at the Privacy Pros podcast. And today I am joined by an amazing guest. Stine is co-founder and CEO at Openli, which aims to help companies get control of GDPR. She combines a legal and privacy background, six years as an attorney at Plesner law firm in six years as Senior Vice President for Legal and Compliance at TrustPilot with her passion for building software that helps companies become better data citizens. That's right, it helps you become better data citizens. Dina. Welcome to the Privacy Pros podcast.

Stine: 02:16

Well, thank you. Thank you so much for having me.

Jamal: 02:18

We're absolutely thrilled to get a deep dive into all of your thoughts and takeaways. Now, we always start off with an icebreaker question. So the icebreaker question for you today is, if you could choose one superhero power to help you in your mission of making privacy more easy and transparent, what would that superpower be and why?

Stine: 02:39

Oh, I love that question. I think there are so many great things. Firstly, the cape that Harry Potter has, like the Invincible cape sometimes that would be amazing. But I've always liked Wonder Woman. I think she's cool, she's powerful, she has strength, but still being herself, fighting for the right things. So yeah Wonder Woman and her capabilities.

Jamal: 03:09

Okay. Is there any specific quality? I know you mentioned about the authenticity and the integrity, but is there a specific quality of Wonder Woman that you would embody and why?

Stine: 03:18

Well, she's strong and she's not afraid to jump in at the deep end. I think it's more of a characteristic than a strength, right. Or a specific superpower. But being able to combine that is something that you also need when you're working with privacy. It's not the easiest job in the world. It's definitely not the easy solutions. So just being able to swing your sword and lightning comes out, well, that doesn't nail privacy. You have to work more for it. So having that stamina that she also has, I think is pretty cool.

Jamal: 03:55

Awesome. I love that. I love that. So having that strength, having that stamina, having that courage to go on is something that's going to be important as part of your privacy mission. Okay. Stine a huge portion of our listeners, they're actually lawyers or people with legal background. Can you tell us about your transition from working as an attorney to building a privacy software and starting your own company?

Stine: 04:14

y standpoint. And this was in: 2012

Jamal: 07:56

I completely resonate with that. And I think to be world class privacy professionals, you have to want to make a difference. You have to want something more than yourself, and you have to want to be able to do the right thing, and not just for us, but for the just greater world. We want to make a difference for every woman, every man, and every child, and at the Privacy Pros Academy and at Kazient, what we want to do is make sure that every woman, every man, and every child has freedom and control over their personal information. So I completely resonate with your desire to have a legacy, create a lasting impact, and make a positive contribution to the world. So thank you very much for sharing that. Now, what do you think we're missing in the industry when it comes to making privacy practical?

Stine: 08:39

Well, what I think has been the case in the beginning when we got GDPR, everybody was struggling a little bit about figuring out what it actually meant. What is it that we're supposed to do? Therefore, when you have this uncertainty, some people over implement, others under implement, and some people decide to do nothing. So I think to become very practical. It's about taking it down a level. And by that I don't mean dumbing it down, but let's take something like the record of processing. I think in many ways, what we're hearing a lot of people do is they will go to their HR team and they will start by interviewing the HR team, and then they will say, so we're building our record of processing in accordance with GDPR article 30. And then I just want to hear, what data processing activities do you guys have? And HR will be standing and looking at you and thinking, what is she talking about? And then you'll try and say, oh, I mean, what type of data do you have? Oh yeah, like data about employees. Yeah, exactly. What do you have? Well, we typically have the name, the address, emergency contact person, employment, start date, salary, and stuff like that. You're scribbling down and great. And then you might ask, so what systems do you have? And then they start talking about systems, and all of a sudden they start talking about an employee engagement survey. They didn't talk about having that type of data. And then you say, you didn't mention that. Oh yeah, we do kind of like profiling and surveys and employee satisfactions, but that's data too. So I think what I mean is, when we're talking about making privacy practical, it's about talking the language of the people that you're working with. So if you're doing your article 30 and you're doing it manually and sitting with your spreadsheets, talk in the way that they get it and my way of doing it I'm not saying it's perfect in a way, but I always went to my teams, and then I started saying, so what systems do you have in HR? See that they know, and you then ask them, so in your recruitment tool, could you show me what you have? Then they will say, every single piece of data, and all of a sudden it becomes much more practical. Instead of debating, oh, so what legal basis are you guys using? Like HR have no idea what legal basis is.

Jamal: 11:14

I completely resonate with everything you're saying. And one of the things that I'll often do when we get a new recruit is ask them to go and do a bit of data mapping or go and create a record of processing. And I always want to see the approach they take before I give them the training. And usually it goes something a little bit like what you just described is they go and ask a question, and the HR or whoever they're talking to is like, what are you talking about? And what you described there was a nice scenario. Sometimes they get offended because people don't like being made to look silly or made to look stupid, especially when you're going to someone a senior and you're just an intern walking in and you're asking them a question. They're like, I have no idea what you're asking me, but I've been here a manager for five years. Why are you making me feel stupid for? They can get quite aggressive. So I like to see how new recruits respond to that. But you're right, they don't have a clue. And this is one of the things that we speak about at the Privacy Pros Academy is meeting your stakeholders where they are, meeting them with their level of knowledge, meeting them with their level of understanding, instead of hiding behind articles and recitals that no one knows what they mean. Even you probably don't know what they mean. If you're honest with yourself. It's only when you break it down and you actually say, okay, this is what this is looking for. And now you figure out how to make it easy peasy and how to go and have that conversation where you can get the buy in from the stakeholders so they understand why you're asking the questions you're asking. They understand how this is going to help their department. They understand how this is going to help meet the business objective. So thank you for sharing that. I really love that. Next thing I want to ask you is what are your best tips? What are your top tips for companies and privacy professionals who want to make privacy more practical?

Stine: 12:50

So, firstly, I think one of the best ways is copy pasting. And I'm not talking copy pasting terms, right, but I'm talking about copy pasting, what others have been doing. At Openli, we have this community just had a great conversation with Stripe's Head of Privacy, and she's a smart lady, like super smart. And she was sitting there and she was also talking a little bit about how she's recruiting. And I was just thinking, I like how you're doing that and like, mentally noting, okay, next time I'm going to do a recruitment, I'm going to do like she did. This is just one of the ways. Another thing is also and I think when we're talking, you said it said you meet your stakeholders eye to eye, but often that can also be like a little fluffy. The way I normally would go about it, let me say that I'm starting at a new company and I am a part of this senior management team. I would start by firstly talking. If I'm not heading up the team to talk to GC, and then I would say, okay, so hi, GC, great to be on board. If I were to ask you, what are you most afraid of in terms of GDPR and non-compliance? What's your gut feel? He might say, I'm most afraid of data breaches. Okay, so data breaches in what regard? Like, are we sending out emails with wrong attachments? Is it because the system isn't secure enough? What is it? Then you get his feedback. Then I would go to the CEO and I would say, hi, CEO. If I were to ask you, just like, top of mind, what's your biggest, biggest worry when it comes to GDPR? I have no idea if we're doing it good enough Stine. Can you help me here? Just as an example. So, what I would do, totally low practical, is just by starting to map out what their biggest worries are. Because as soon as you're doing that, they feel listened to. They feel that you're interested in fixing their problems, that you care about the business. And what it also does is that if you can fix one of those things, it'll make you shine. And if you shine, your ability to make a difference just increases dramatically.

Jamal: 15:18

Golden nuggets there. So essentially, Stine, what you're saying is the first thing we need to do is adopt best practice. Have a look at what people that you look up to, similar organizations, what they're doing. And in the industry, it's quite common to have Roundtables, and in the roundtables say, hey, what are you guys doing? Okay, we think that works well, or this is what we're doing. And people will go and say, okay, that's best practice. So that's absolutely fine. So what you're not saying is go and find someone's privacy notice, copy and paste it and make it yours. No, that's not what Stine is saying at all. Guys, come on. You know as much as I do how much we hate templates and that templates approach never works, we're talking about Bespoke approach. What she's saying is copy and paste Best Practice. Best practice framework. What is the approach they've taken? Let's go and adopt that approach and make sure that it works for us in a way where we can actually pragmatically apply that to our company. And then she says, listen, you need to identify your key stakeholders and make sure you understand where they are, what their problems are. And once somebody feels understood, you have that buy in. And if you can understand their key problems and you can actually make them feel you can solve them, then it's only going to make you stand out and make you be popular amongst the stakeholders and now you've got their full buy in and they're fully behind you moving forward with whatever it is that you need to do. They know you've got their back, they know you've got their best interest, and you've just proven that you're there to solve the biggest problems, which means they can go to bed and sleep easier at night. So they're absolutely going to love you. And that's only going to open up opportunities for you to help the business mature through the privacy rankings and get them to where they need to be so that together you can make sure that all of your stakeholders information is actually being treated with the respect that it deserves. Does that sound about right?

Stine: 17:00

It does. And that also just gives you the ability to take on like we all know that there are some projects that are just much more difficult to get buy into, but if you've helped, you've been successful or they feel listened to, the likelihood of you being able to tackle on those more tricky elements will just increase dramatically.

Jamal: 17:24

Yes, absolutely. Now I have another interesting question for you actually. So given all of this around Chat GPT and AI and evolving technology, how do you see the role of the privacy professional evolving in the coming years as technology continues to advance and data protection becomes increasingly more important?

Stine: 17:45

look at Chat GPT and you see: 1100

Jamal: 19:40

Very insightful. Thank you there for sharing that. That leads me on to my next question. So you explained earlier how you built a team of around 50 people at Trust Pilot. What is it that you look for when you're hiring world class privacy professionals? Or what are you looking for when you're hiring people to bring into your team to develop into world class privacy professionals?

Stine: 20:02

Firstly, I am looking for an appetite. And what do I mean by that? I'm looking for curiosity because if you're not interested in the business, in what's going on, never really going to get it. Because privacy is all about understanding the business. You cannot, in my opinion, be a very good privacy professional if you don't understand your business. If the tech team aren't sitting there and thinking, okay, she has a pretty good understanding of the tech stack and our cloud infrastructure, and the way that we've built the core product and the data floating, and when is data leaving and being processed and so forth. So if you don't have that curiosity, and you don't need to be programmer, you don't need to be super techy, but you need to be curious. The next thing I'm also looking for is people skills, because privacy is all about people, data is about people. So that's the next thing. And then I'm also looking for some kind of adaptability. And what I mean by that is that privacy is changing. Like one day you get GDPR, then you get CCPA, then you find out Google Analytics is an issue in Europe. Okay, then what would you do? Then you get the SECs, well then you have the Schrems II. Then you're getting challenged on that. Then you are sitting with the CEO, sitting and thinking, what the hell do we do now? Can you drop everything we're having? And then you have a data breach. So being able to adapt to that constant change and not just sitting there and thinking, I don't like change, I don't like that, we have to do it another way. I have my spreadsheet, I have my templates, and they work. If that's the way you're going about it, well, yeah. And then I'm also finally looking for communication skills, and it's not just internal communication skills. I'm looking for skills like many privacy professionals will need to communicate to end users, data subject access requests. And I think that's some of the biggest issues that I'm seeing. People have a tendency to hide behind articles, to hide behind links and privacy policies, and saying, you can read more here if that's what you're doing you're not really giving them that information that they need in a way where they understand it. So yeah, that's what I'm looking for.

Jamal: 22:42

Wow, thank you. I think if anyone listening just takes that advice and adopts it into their own practice, it's really going to help them thrive. And it's very closely aligned to what we teach at the Privacy Pros Academy. The first thing you said is, you need curiosity. You need that curiosity to really understand the business. And what we speak about in our C Five methodology is clarity, having clarity. So you need to be curious to get that clarity. Because if you don't have any clarity, how can you have any confidence in the advice you're giving? How can the business have any confidence in you when you're giving some advice, when you're giving some guidance, if they don't feel like you've understood what's going on, if you don't have that clarity, so that curiosity will spark that clarity. And I believe that's the first step. And then you said what you need to do is you need to be credible with the stakeholders. You need to have good communication skills in how you manage them. And you also need to be able to be adjustable. You need to be able to be versatile to deal with whatever challenges or whatever flavour comes and hits you. It's not you sit there and say, hey, these are my templates and this is my way of doing things, and this is the right way, the only way. We must do everything and make people tick boxes. That is such a rubbish way of doing stuff. And if you're listening and that's the way you're doing stuff, I'm sorry. Actually, I'm not sorry. You need to get out of privacy or you need to come and join the academy, because that is not the approach to take. Every business is different. Every business needs to be treated with respect, and we need to go and find bespoke pragmatic solutions for every business. Yes, we can use frameworks. Why wouldn't we use frameworks? Why wouldn't we borrow frameworks that other people have said works right? We want to follow best practice, but there are no such thing as templates that you tick the box to achieve compliance. We want to go beyond that. We want to go beyond compliance. We want to inspire trust. We want to cultivate confidence and ultimately make a bigger impact. And so for us to be able to do that, we need to adopt Stine's advice, and we need to have that curiosity to get that clarity. We need to be able to communicate and make sure we've understood the problems. We need to be versatile and flexible and buy in. And we also need to be able to say, hey, I'll love a challenge. Let's be honest, if you don't thrive on challenge, then privacy probably isn't going to be a great role for you. Like, you might do okay in a mediocre role for a mediocre company. And if you want that, then this podcast isn't for you. But if, on the other hand, you want to thrive and you want to really make a massive impact and you want to make a massive impact to inspire people and you want to drive change, then you really need to make sure you roll your sleeves up and you're ready to get stuck in. You're ready for that hard work and you're ready to adapt to whatever challenge comes at you.

Stine: 25:10

And then don't be afraid of not knowing everything. When I joined Trust Pilot, in the beginning, I was talking a lot with the developers because they were sitting and they were building the platform and there was so much data, right? And they were talking about different types of codes and different types of frames and widgets and so forth. And I was just thinking in the beginning, I have no idea what they're talking about, but I showed an interest. And what they did is that they created this little academy for me so I could learn to code so I could learn to code HTML in C Sharp and whatever. I have no clue today in all honesty, I've forgotten it, but it gave me just a general understanding. And what it also did is that I think I earned a lot of credibility by simply saying, I don't know. And another thing, don't be afraid to make mistakes. Because if you're afraid to make mistakes, you most likely are going to make them, and then you're not going to learn from them. So that was just a total side note. Yeah.

Jamal: 26:14

No, I love that. I love that. Essentially, that's exactly what we're teaching at the Accelerator is to have courage, is to have the courage to say, I don't know. And there's nothing wrong with saying, I don't know, because you have to be confident about what you do know, and you have to be confident about what you don't know. And when you own what you don't know, people will create opportunities because they respect the fact that you said, hey, I don't know everything and I'm willing to learn. And it's okay to make mistakes because that's how we learn. That's how we grow. We just need to make sure we make mistakes in the safe environment where something can be done, rather than pretend we know something, go somewhere, make a massive mistake, and it's going to have severe consequences on other people. If you make a mistake and it doesn't hurt anyone, that's okay. So that's where we should make the mistakes. We should make the mistakes early on. We should make the mistakes in training. And the only way to do that is to be clear about what we know and be clear about what we don't know, and to have the courage and the conviction to stand up for those things as well. Thank you. That was absolutely amazing. I have one final question for you before I let you ask me a question. This is a question. Is what's one thing you wish you knew at the start of your career that you would tell yourself now, looking back?

Stine: 27:18

arted working with privacy in: 2007

Jamal: 29:38

Wow. I don't know if I'm on a privacy pros podcast or a Ted Talk right now. That was super inspiring. And what you said there earlier about not getting disheartened about people not caring about privacy right now, this podcast goes out to over 113 countries, and I often get messages on LinkedIn from individuals saying, hey, I'm getting a little bit dispirited. No one seems to take privacy seriously here. Everyone's still kind of ignoring it. But like you said, hey, that's okay. They're very short sighted because they don't know what's around the corner and around the corner. This is going to be the biggest thing that happens in the legal space in any country around the world. And we can see the GDPR has really come. And it's made a massive difference in inspiring laws all over the world. Even in third world in developing countries, they're talking about bringing in privacy legislation. It's actually quite fascinating. So if you're listening and you're not in Europe and you're worried about does people take you seriously, I'm stuck doing this right now. No one seems to care. Just listen to what Stine has said, right? Just take a deep breath and know that in a few years time, everything is going to be different. And the skills that you're going to develop, all of those people skills, the communication skills, the analytical skills, the management skills, the budgeting skills, all of this are going to come together, put you in a position where you become so valuable that you can actually go and do whatever it is that you put your mind to. So get excited, get passionate, and put the work in, because it's only going to pay dividends.

Stine: 31:05

Yes.

Jamal: 31:06

All right, Stine, so you get to ask me a question now before we wrap up, so you can ask me anything you like. What would you like to ask me?

Stine: 31:12

Well, I think what you're really good at is communicating. It's about striking that chord between something like GDPR that is super complex, super difficult, and making it understandable. So how did you do that? I told you before, we jumped on this podcast, reading your post about can. You did it again. Is it check TBT that you're using? How are you doing it?

Jamal: 31:43

Okay, excellent question. And first of all, thank you very much for the compliment. I really appreciate it and I'm very thankful and humbled. Now, how do I take complex stuff and make it easy? It's very simple. And I've said this on many webinars and many podcasts, and I teach this on the actual Accelerator program. So what I say is pick one person in your life who is not privacy educated, who you love, who you respect, who loves and respects you back. And whenever I write, whenever I speak, I'm writing to that one person. And for me, it's my niece. My niece, she's like 14 years old, right? She's not privacy educated. She doesn't know much about much, and she's still learning and she's curious, but she still needs to understand these things. So if I can speak to her and she gets it and it makes sense, then I can speak to anyone else. And it doesn't have to be that I'm speaking to everyone. I can just speak to her. And everyone else finds value in that. So that's what I say. That's my advice to anyone who wants to change their communication. Because a lot of the time, people don't like writing on LinkedIn is because they don't know who they're writing to. Am I writing to my colleagues? Am I writing to my future employer? Am I writing to my friend? Who am I writing to? I don't know which tone of voice to use. I'm just going to stay off and not do anything. But instead I say just write to one person. Write to the person who's going to make you feel good. Someone who you love, who you respect, who loves and respects you back. The tone will be nice and warm and friendly. You will be kind with what you do. And you'll get that balance, right? Like, you're not going to go too much into legalese, you're not going to dumb it down too much like you're talking to a child at a nursery. Because people don't actually want to be made to feel like you're doing them a favour and that they want to be respected. And that's how you find the right balance. And that's the advice I give. So hopefully if every single person listening can just think of that one person who they love and respect and just write to them, then we can all make GDPR and other privacy regulations nice and easy for everyone.

Stine: 33:39

Writing to your 14 year old niece, that's it?

Jamal: 33:43

Yes.

Stine: 33:43

Amazing. I'm going to replicate that. Thank you.

Jamal: 33:48

It's an absolute pleasure so we've had an amazing podcast with Stine. We've covered everything from the things that we're looking for when we're building a world class privacy program to borrowing ideas and approaches all the way through to the top skills that Stine looks for when hiring those individuals. And that's really going to help you thrive in your privacy career. It's been an absolutely amazing session Stine, thank you so much for coming along and sharing your time and giving up your time to talk to us more. If someone's interested to learn more about Openli, where can they find that information.

Stine: 34:17

So they can go to Openli with i.com and see how we're helping getting on top of all the data processors so they don't need to. We automate that work from start to finish. And they're also welcome to follow me. It's not that I'm writing about Openli, it's more about me and my journey and some of the things that are happening in the privacy field.

Jamal: 34:42

All right, awesome. So, guys, if you want to get some top tips from someone who's been where you want to get to and who's been there, done it, learnt the lesson and sharing them and also sharing updates on things that might be of interest to you, then make sure you follow Stine on LinkedIn. I'm going to link her profile into the show notes. I'm also going to link in Openli, so don't worry if you haven't made any notes. I want to plug all of those things if the show knows, and I'll see you on the next podcast. Until then, peace be with you.

Outro: 35:08

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 35:16

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro: 35:21

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro: 35:28

Please leave us a four or five star review and if you'd like to appear on a future episode of our podcast or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.uk

Outro: 35:43

Until next time, peace be with you.