Episode 59

full
Published on:

17th Jan 2023

Unlock The Secrets Of Success: Essential Tools For Every DPO

Are You Ready To Unlock The Secrets Of What Makes A Successful DPO?

Hi, my name is Jamal Ahmed and I'd like to invite you to listen to this special episode of the #1 ranked Data Privacy podcast.

In this episode, uncover:

  • How the DPO role has evolved over the past ten years
  • Changes to the UK's Data Protection laws and if the future of GDPR is at stake
  • The skills every DPO needs to drive cultural transformation
  • The biggest privacy challenges facing the health tech sector

Tune in now for a thought-provoking and informative episode that will leave you with the toolkit to achieve success!

Over the last 8 years, Fay has worked in the healthcare/health tech sector as a legal/data protection advisor.

Fay loves the innovation and the constantly evolving challenges presented by this industry. She is currently a Data Protection Officer and Solicitor for Siemens Healthineers. Most recently Fay has been shortlisted for the Outstanding DPO award at the PICCASO Privacy Awards.

Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/

Follow Fay on LinkedIn: https://www.linkedin.com/in/fay-godfree-925b3578/

Ready to become a World Class Privacy Expert? Book your call to join the World's Leading Privacy Program


Subscribe to the Privacy Pros Academy YouTube Channel

► https://www.youtube.com/c/PrivacyPros


Transcript
Intro:

Look for those opportunities so they're unlikely to just land in your lap. Complacency is probably the enemy in that sort of role. I'll go out and do site visits and they go, oh, is it an audit? Well, I'm coming out to give you some training, so it'd be very unfair to audit you first when I haven't told you what you should be doing yet or what the process looks like.

Intro:

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro:

Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch progress and excel your career as a privacy pro.

Intro:

Hear about the latest news and developments in the world of privacy. Discover fascinating insights from leading global privacy professionals and hear real stories and top tips from the people who've been where you want to get to. We're an official IAPP training partner. We've trained people in over 137 countries and counting.

Intro:

So whether you're thinking about starting a career in data privacy or you're an experienced professional, this is the podcast for you.

Jamilla:

Hi everyone and welcome to the Privacy Pros Academy podcast. My name is Jamilla, and I'm a data privacy analyst at Kazient Privacy Experts. With me today is my co-host is Jamal Ahmed, Fellow of Information Privacy and CEO at Kazient Privacy Experts. Jamal is an astute and influential privacy consultant, strategist, sport adviser and Fellow of Information Privacy. He's a charismatic leader, progressive thinker and innovator in the privacy sector who directs complex global privacy programs. He's a sought-after commentator, contributing to the BBC, ITV News, Euronews, Talk Radio, The Independent and The Guardian, amongst others. Hi Jamal, how are you feeling?

Jamal:

Feeling great. Happy mood so yeah, great.

Jamilla:

And what’s Kazient got planned in the new year or the Privacy Pros Academy? What's the plan in the new year?

Jamal:

We've got so many amazing plans for the new year and one of the things we're focusing on here is to help at least 50 of our academy mentees to attain the Fellow of Information Privacy status from the International Association of Privacy Professionals. So that's amazing. We're also looking to launch more accessible digital products so people can actually come and some people have time constraints where we're going to make stuff available to people so they can really access it as and when they're available, when they're free, and if somebody wants it all at the same time then great. And if someone can only manage five or ten minutes a day then that's great for them too. So we're looking for more ways to better serve people next year. Lots of exciting stuff coming up so stay tuned.

Jamilla:

outstanding DPO award at the:

Fay:

I would say the purple one. Yes. And there's never enough of them, but I think you can buy them separately now. So I can just eat a whole bag of the purple ones?

Jamilla:

You can. My mum bought a big bag of the strawberry ones because they seem to finish quite quickly in my house.

Jamal:

My local superstore is so bad, at the checkout they have, like, a big purple wrapper with loads of them inside. As soon as you get there, that's the first thing you grab when you're there. Very smart but very bad. You know what I’ve realised is that this podcast is going out at the start of the year and most people will be trying to focus on being healthier, but we are sorry. So stay strong, stay focused and be healthy.

Jamilla:

Yeah. Okay, so let's get into the questions. Fay, firstly, how did you find RISK? We met at RISK a few weeks ago. How did you find it? What did you enjoy about it?

Fay:

Obviously, meeting you and going to visit your stall was the highlight. I really enjoyed the whole thing. So I had a spare few moments in between the talks and I went to look around some of the stalls and, I mean, I just sort of got lost in a maze of people and it was just great to sort of network with people and listen to all the speakers. Yeah, it was a really good event. I really enjoyed it.

Jamilla:

Did you have a favourite talk that you went to or a favourite speaker?

Fay:

I did enjoy the Max Schrems talk and I was sort of prepared to sort of think that maybe I'd be challenging some of his views. But he was a very competent speaker and he made some really excellent points. So I really enjoyed his sort of talk especially.

Jamal:

Yeah, I agree. I think from the whole exhibition, Max Schrems was probably the highlight. I mean, he usually is, he's the one that brings all the crowds in anyway, and I just like the way he kind of really presents himself. It's very casual. Some people might not agree with his use of language, it can be a bit explicit sometimes, but I just think he says it how it is and you can see exactly where he's coming from. And the thing is, it actually makes sense. And I know there are some businesses out there that think Max Schrems is antibusiness or whatever, it is, but if you look at what he's doing and why he's doing it, it makes sense. Why would you want people in Europe, why would you want anyone to be subject to arbitrary surveillance like nobody wants to be spied on? We're talking about privacy for privacy professionals and we're saying, look, the reason we care so much about your right to privacy is because when you impact somebody's right to privacy, then that has a domino effect on all the other rights. So, for example, if someone's being surveyed, then it might impact who they choose to go and meet. So your right to freedom of association and assembly. In the UK I know they were using facial recognition and that put me off from going to demonstrate and standing up for what I believe in, because I didn't want to be subject to any profiling, especially, you know, being my demographic. When you get on flights, it's not the kind of challenges you want to have at the airport, so you stay away from those things. That takes away my freedom of speech and my freedom to protest. And then you can see how when you start impacting on that right to privacy, it impacts one gather and I think that's why the work we do is so important and that's why what Max Schrems is doing is super important and we should all be celebrating him and supporting, if anything.

Jamilla:

Fay, you've been in the data protection industry since before GDPR came about. How have you seen attitudes towards data protection changing?

Fay:

started, I had a DPO title in:

Jamilla:

Yeah. How do you see the UK data protection landscape changing, then? Maybe in the next five years? How do you see it evolving?

Fay:

I mean, it is a little uncertain at the moment, to say the least. To be honest, my gut feeling is it probably won't change too dramatically and I've sort of spoken before in different forums about how you've sort of got a seesaw, I suppose. So if you're going to bring in really drastic changes, you can maybe achieve some of the aims that the government are after, but you put us so divergent from the EU GDPR and what they're up to, that you will potentially jeopardize our adequacy decision. So there's that sort of seesaw and it feels like we're probably somewhere balanced in the middle, where maybe there aren't going to be huge changes, maybe it's a safer position in terms of adequacy. So I'm feeling like and I might be wrong, but there might not be a huge shift. But I think globally there's lots of interesting things happening, so that might have an impact, particularly if people are part of global organizations where you've got lots of activity happening elsewhere.

Jamal:

Lots of really interesting points that Fay and I want to dive a little bit further into your expertise and insights into the actual changes to the UK data protection laws. And we'll get into that in a moment because I know you've had so many PrivSec conferences where you've actually discussed this at length and you share some really fascinating insights. But there was something interesting that you said while you was introducing where you were five years ago to where you are now. And you said at that point you didn't feel like anybody would kind of listen to you or you wouldn't have the kind of buy in that you need from the stakeholders, whereas that's completely different to where you are now. So my question is, what advice would you give to somebody who is finding themselves in the first kind of role, where they've got a little bit of self-doubt, where they might have a little bit of imposter syndrome, where they can't feel like they can assert themselves? Or if it helps, what advice would you give to your younger self knowing what you know now?

Fay:

Oh, that's a tricky one. I think it comes down a lot of it to a sort of data privacy compliance culture and it's really difficult to try and build that from scratch. If that's sort of what the blocker is, I suppose it would be to try and get an ally. That was how I eventually sort of overcame that, was to get an ally, which I found in the finance director. So I was quite lucky that they were in a senior enough position to be able to make some of the decisions that I couldn't make. I think maybe I got lucky there to a certain extent, but I think certainly just trying to get somebody on board who can sort of support once you start explaining things to people, that sometimes helps and I found that making things as relatable as possible was also really helpful. So trying to put yourself in the shoes of this could be your mother, your friend, your sister, how would you feel if that was happening to them or you had caused that breach of their personal data and just trying to make it as relatable as possible? Because I think sometimes the misconception is that's something happening at board level or it's a legal thing, it's not anything to do with me. So it's trying to make it as related to what they're up to as possible, particularly in the sales roles or the marketing world where sometimes they feel like they're slightly one step away from it.

Jamal:

Wow, amazing. Two very valuable insights. What you said is the first piece of advice you would give or the first thing that really worked for you was to go and find a senior stakeholder, somebody that has the power, somebody that has the influence and find who your closest allies are going to be. So identify who that person might be, start off with them, get them to really understand what you're trying to do, how it's going to impact the business and why you're making the suggestions that you're making and really get them to help you to push forward your agenda. And the second thing you said, which I really resonate with, is about making things relatable for individuals in the business. So people are really focused on their business objectives. They really want to make sure they're getting the results that they're being measured on. And when compliance and data protection or privacy come in and they start asking questions, usually they see them as these guys, I can't trust them. They're probably just going to block me from whatever I'm doing and they're going to take my time away from what I’m focused on and sometimes they just say what you think you want to hear. But what we found really works is actually explaining things to them in a way that makes sense to them. Explaining things to them in a way that makes it true for them by giving them examples of showing how this could relate to their own family, to themselves, to people they love. And then getting them to think about it, rather than from just their head, but actually from their heart. And that's when you've got the real buy in and you found that the attitude has shifted and was able to, shall we say, mature their understanding of what privacy and security really matters and why what they do has an impact on that and every single person counts.

Fay:

Yeah, absolutely. Yeah, that's definitely it in a nutshell.

Jamilla:

What would you say, Fay, you work in the health sector specifically. What would you say are the biggest challenges in data protection that are faced by the health sector, or the health tech sector specifically?

Fay:

I think they're probably twofold. So I think the first one is the amount of personal data that they're processing. So if you're looking at a hospital, you've got everyday patients coming in, you've got lots of staff, you've got lots of suppliers, so the volume that they're dealing with is a lot bigger than some other industries and then that's sort of compounded by the complexity. So particularly where you've got new or innovative things happening, particularly in sort of a health tech space. I can remember when sort of surgery robotic arms come in for surgery mapping. I was like, wow, that's amazing. And they were like, this is old tech Fay, you need to get up to speed with what we're doing. It's things like that that you're having to then think about cookies and smart TVs come up. And there are sometimes when you're dealing with things that actually haven't been dealt with before because you're right at sort of the cutting edge of tech. So that can add a challenge. If you haven't got the right people involved and the right understanding, that potentially there's nothing there to say it's a problem because we're doing this for the first time. So that's the bit that I find very exciting. But it is also a challenge because you're sometimes paving the way for things that haven't been there before, so there's always going to be a risk that you don't get it quite right because you haven't really got much else to have a look at and to draw inspiration from. So I think those are the two things.

Jamilla:

Very interesting, there's a lot of stuff that you wouldn't necessarily think about, like robot arms, you wouldn't think, oh, that's anything to do with data privacy, so it must be quite difficult, but also like mind boggling in a way.

Fay:

Yeah, absolutely. And I'm not a tech person, so there's also that gap in my own knowledge. So I'm trying to have to okay, well, tell me about that. How does that actually work? Sometimes I say explain it to me like I'm five because I just don't have the tech knowledge there but it's really interesting. But that certainly is a challenge, maybe my own personal challenge.

Jamal:

Fay said what you find exciting but find challenging at the same time is that you're working at the cutting edge of technology that it's all new innovative, revolutionary technology and you're having to go and focus on this and say okay, how does this impact personal information, how are we building in privacy into the design of this and how we want to make sure we've got privacy as a default. And I'm sure you've probably had a number of DPIAs where you probably had to refer them to the supervisor to see if you can move forward with this and how to mitigate some of those risks. Now when it comes to DPIA, one of the things you've explained is you're not the leader in the tech so it's really important to make sure that you go and identify the right individuals and extract the correct information from them. Oftentimes one of the things that really frustrates me is where people in privacy are completing DPIAs but they're not subject matter experts. Obviously as a DPO, the role should be to assist the business, not actually do them. And this is one of the things that really bugs me is when I see I privacy professionals completing DPIAs because they think it's a little bit of a tick box exercise and it needs to be done because it's on their to do list and the business has been bugging them. And I really like the fact that you have to go and engage the right people. Why is it so important to make sure that we engage the right people when it comes to doing DPISs specifically Fay?

Fay:

Yeah, it's super important. We tend to have a little working group sometimes so we'll complete them maybe alongside, I don't know, supply questionnaire or something. But yeah, it's so important because you will often need somebody from IT, somebody from the business, myself, you might need someone from regulatory particularly if it relates to a medical device and actually you're pulling in loads of people because everyone's got a little piece of the puzzle that you need. So I see myself you're right, I'm not the sort of subject matter, sort of business leader on it. So I see myself sort of a bit of a coordinator and then can support with some of the more technical legal language that they have around lawful basis for processing and that sort of thing. But yeah, it's so important because actually they are all practical risks. It's a similar thing I have with contracts. Can you practically comply with that? Can you delete it immediately? Because it's all well and good having these things on paper but can you actually do them in practice? They're meant to be useful and I probably talk about DPIAs being a useful, helpful document more times in the day than anything else. But it's a drum, I think really worth banging.

Jamal:

Thank you for sharing that. So, another valuable tip from Fae, you're giving so much value in this podcast already. Next valuable tip is when you are completing data protection impact assessments, then one of the things that can really help you to get the answers and make sure you get all of the pieces of the puzzle in the up blindsided is set up a working group and bringing people from the relevant departments from the relevant area. So together you can really explore all of the different angles, get the relevant information, really understand what the impact is, and then you can come up with great data protection impact assessments. And what I mean by a great data protection impact assessment is you've actually really understood what the risks are. And because you've understood what the risks are to the rights and freedoms of the individual, to protecting their privacy, you're now in a greater or a better position to work with the business, to be able to mitigate those risks and then roll out an amazing product or an amazing new service that's really going to have a massive impact. And that's what we really are here to do for you, isn't it? We're here to empower businesses to deliver great products and services that have a massive impact on society whilst doing that in a way where we're respectful of individual rights and freedoms.

Fay:

Yeah, absolutely. And I think the respectful bit is just so important.

Jamal:

Now, I want to revisit what we were speaking about earlier when you mentioned about the UK data protection reforms. Fay, I struggle to understand the motivation behind the government for this. And for me, I feel like it's just something political that they're introducing to say there was a benefit of Brexit, this GDPR stuff is causing everybody so many problems and let's rip it up and let's bring our own thing and we're back in business. And what irritates me so much is I see the ICO using the same hashtag and they're also now coming up with quotes, some of them a bit daft on how they're backing business and really taking that government rhetoric. Should the ICO not be impartial from politics?

Fay:

Yeah, I totally agree, and I think that's one of the big challenges with getting business buy in. Because ultimately, if you've got to comply with new law, then you've got to get the business on board to make any changes. And the GDPR felt more of a noble pursuit, I suppose. But this does feel a little bit like politically motivated exercise rather than, yes, I'm the same. I'm struggling to find anything tangible to cling on to that feels like it's going to make a real impact to people and a real positive benefit. And I agree. I think the ICO should be being impartial and supporting sort of causes where there's like a children's code, for example, that felt like a positive push forward and something that the ICO should be championing and getting behind, getting tighter on the use of children's data because they are more sort of vulnerable. But I'm not sure you can say exactly the same thing here with the proposed reform. So, yeah, I think there should be a healthy degree of caution, maybe as to the motives behind it and the unwavering support that you may want to give to that.

Jamal:

And the other thing that confuses me is if we're saying we're backing businesses every time there's a change in the business, it has significant cost to the business, whether that's because they have to pay legal fees, whether that's operational disruption, whether that's the learning curve. If you truly do want to back businesses, why would you cause change? And why would you want them to comply with multiple pieces of legislation when the one we have is doing a great job? It is the one that seems to be inspiring many countries, governments and other international bodies around the world. Why are we going backwards instead of forward? And on the underlying tonality, it seems to me, is our current government seems to have an agenda of where they actually want to erode human rights. And I think there was some talk about actually signing out or leaving the European Convention of Human Rights. As a privacy professional, someone who is here to really protect and promote those civil liberties and those rights, I find that appalling. What are your thoughts on that Jamilla and Fay?

Fay:

I think the issue is lots of organizations spent a lot of money complying with the GDPR. That wasn't that long ago and I could really get business buy in because it felt like the right thing to be doing. This doesn't have the same draw to it. So you're now asking them to spend lots of money on something when actually I'm not sure that there is the business benefit there. So some of the examples of cost saving, it's actually going to cost them more and they're not really seeing the benefit to it. So I think that's going to be a really tough sell to the business, particularly if you're an international organization, because there will be other colleagues who have to commit to potentially higher standards. So why would you pay extra money to bring maybe a slightly lower standard in without really much benefit other than it will cost you to make those changes? So I completely agree with you on that and I completely agree in terms of, eroding sort of civil liberties. It's so important that we sort of are maintaining and really being front runners and champions of people's human rights. So it feels like the wrong direction and the opposite direction to what a lot of our global colleagues are doing to try and, as you say, base their own data protection laws on the GDPR because it's seen as sort of the gold standard. So, yeah, it's an interesting approach to where we're going in terms of direction and I'm not sure that I'm fully behind it.

Jamal:

Well, the good news is, when Jamilla was in primary school, she decided she was going to be the Prime Minister of this country. So, Jamilla get ready to start campaigning. You have the support of all of us and the entire Privacy Pros Community.

Jamilla:

I don't think I've got the energy to do that anymore, but it is true, that is what I wanted to do when I was younger. But it just doesn't make any sense from a layman's point of view, if something's working. It seems like they're just angry about Brexit and they're trying to make a change to show that they can, not because it's the best thing to do. They’re like throwing all their toys out the pram. If the whole world is trying to copy GDPR, as you said, or base their legislation on GDPR, then why would we want to change it for something clunkier that could affect businesses? Isn't this government supposed to be the party of businesses before we get too political? I don't know, it just seems a very strange move.

Jamal:

Let’s out businesses on one side and because we work very closely with business, we're talking about it. But at the heart of everything we're talking about is the individual, the rights of the individual and the freedoms they should have as individuals to live their life free and with confidence, knowing that businesses are actually doing the right thing. And not just businesses, but all organizations, when they share their personal information with them, when they hand it over, they can be safe in the knowledge that it's actually being protected. And why would I want to be a second class global citizen where I know my friends in Europe have higher protections over their information? Whereas when you come to the UK, it's eroded. And why would any European in that case, want to do business with any British company when they know that we have less protection in place for them? It just doesn't make any sense. It doesn't make any sense to me from any angle whatsoever. Let's move to something more positive. Fay, what advice would you give to someone who is looking to pivot their career into data privacy?

Fay:

That's a very interesting question. I would recommend that they attend all of the conferences, talks, podcasts or the like that they can, just to try and embed themselves in the data privacy community, because it's a great community, lots of people sharing lots of content, particularly on LinkedIn, at the likes of RISK or PrivSec or wherever that may be. And people are very generous with their time and their knowledge. So I would suggest that would be a really good place to start to try and start building up the knowledge base. What are the things, the topics that lots of people are talking about? What are the lots of issues that are coming up? Because you see an update happening, LinkedIn explodes with comments on it. So it's a really useful way of getting a gauge of the landscape. So that would be my first recommendation.

Jamal:

Okay, wow. So Fay’s first recommendation is kind of amazing and what she says is be like a sponge and immerse yourself in the right environments. Go to the conferences, go to the webinars, go and listen to the talks, listen to the podcast and just soak everything in. And then once you've started soak everything and you have a really good understanding of what's actually going on, make sure you are relevant, understand what are the hot topics or what are the key issues that businesses are focusing on right now. So when people start discussing, not only can you actually understand the discussions, but you can also start contributing to the discussions. And what you find when you get yourself a powerful community is that people are willing to help people who support you and that's only going to help you to understand things from different points of view. And sometimes we don't even know what it is that we don't even know. And it takes someone like a mentor to go, you ask questions and you actually have to talk about it and think about it, you get the Ha Ha moment. It's like Ahh makes total sense on that. No faith. We have the Privacy Pros Academy and we've been mentoring hundreds of privacy professionals from all over the world. And one of the things that's really been working for us, and it really worked for me in my early career, is what I call the C Five methodology. And basically there's five things that we really focus on. The first thing is about clarity. So I believe that before we can do anything else, we need total clarity. Now, whether that's clarity and understanding what the regulations are, whether that's clarity and understanding what the business is doing or what the business is actually saying, what the objectives are, I believe that without clarity, we're setting ourselves up for to fail and we're going to be working on assumptions of what we think is true. But we actually have no idea. So for me, clarity is the first point. The second thing we focus on is the actual competence. So once you have the clarity, you need the competence, how do we get that competence? Well, you have to go and find the things that are going to help you to upskill yourself to be able to do this stuff. The third thing for me is credibility. Credibility is super important as we discussed earlier, because if you are not able to explain things to people in a way where they can relate to it, you will never be able to get their buy in. And if you can't get their buy in, you won't be able to have a positive impact. In fact, you'll probably find that you're frustrated and you're going to shrink into yourself even more. And that self imposter syndrome and that self doubt is just going to cripple you. So credibility comes from being able to explain the law, the legal requirements, in a way that anyone can understand. And as Fay said make it relatable to the people you're speaking to so they understand how it actually relates to them. So clarity, confidence, credibility, competence. And the final one is community. And I believe that you need a powerful community around yourself of people who are at the same level of you, people who are ahead of you so you can learn from them, and people who are a few steps behind you so you can support them. And they will then push you up and help you to grow even further and really help you to cement your knowledge. What are your thoughts on our C Five methodology?

Fay:

I think that sounds brilliant. That captures absolutely everything and it gives a very sort of well rounded view of, well, rather a well rounded approach to everything. So, yeah, my community bit is part of the wider picture and I totally agree. I think all of those steps are really important.

Jamal:

Thank you. You said your first recommendation that was like you knocked it out the park. I'm really looking forward to what your second recommendation would be. So the first one was for someone that's looking to pivot into the industry. I want to ask you what your second recommendation would be, let's say somebody is already in the industry, they're in a role, maybe they're in a junior role. They've got about two to three years experience, and now they're looking for a new challenge. They're looking to grow, they're looking to expand, they're looking to get into a more challenging and fulfilling role. What advice would you have someone in that situation?

Fay:

So I think that would probably be twofold. So one would be to try and get yourself a really good mentor. So maybe somebody like you’re saying a couple of steps ahead of you, who can help you to maybe understand what their journey was like and what they did to get to their more senior position. And the second one would be to maybe go and look at some additional courses or something that could bring your knowledge base up so that you can demonstrate that you are that expert that you want to be. You've got the knowledge base behind you to carry out that additional role. And it could be that maybe you need to look at additional skills. So maybe the next step is to become a people manager, in which case you would be looking at an additional skill set above and beyond the subject matter. So they would be my two recommendations, mentor and build your skill set and your knowledge base up for the role that you want.

Jamal:

Wow Fay you are on fire today. So Fay’s recommendation for everyone who is actually in a role experience in a role and moving forward, or thinking about growing and thinking about a promotion or thinking about your next highly paid rewarding role. Fay says what you should do is find somebody who's already achieved what you're looking to achieve and ask them to guide you and mentor you. And the next piece of advice she has for you is to get the credibility. So go and get the relevant industry certifications, the ones that have commercial value, the ones that actually can demonstrate you have the subject matter expertise, you have the relevant skills, you have the relevant required knowledge. And the final kind of tips you had as part of that was those subject matter skills. The knowledge will only get you so far, but to really take your period to the next level, you need to develop the soft skills, the people management skills, the communication skills, the ones that will actually help you to be a leader. So you can really transform not just teams, but actual organizations and have a greater impact. And that leads me on to my third question for somebody who is quite happy in their role. They have responsibility, they know their stuff, they have the good skills, they have the knowledge, they have the soft skills, but they just want to become a leader a little bit like yourself. They want to be known as the go to person in the industry. So for example, you go to PrivSec conferences and you're known as the go to person and people ask you for your opinion and they really value that. How does someone then start creating that personal brand where they become the go to expert? What advice would you have? Somebody in that situation is in a senior role, happy with the role. They're not looking to change, but they're just looking to serve better and serve on a greater scale.

Fay:

For somebody in that sort of position, it would probably be to go out and look for those opportunities so they're unlikely to just land in your lap. You're going to have to, you know, how can I get involved? What do I want to do? Is there a particular area that I'm very passionate about? So I think complacency is probably the enemy in that sort of role. So it would be go out, seek out the opportunities, speak to people, and also what direction do you want to go into, push forward with those. But I think it's got to be self-driven at that point.

Jamal:

Fantastic. And one of my mentors said to me, winners create their own and the way they do that is through the activity. One of the things we teach on the Mindset program is actually how your focus is going to determine your results. So if you're thinking about those opportunities, if you're on the lookout for them, if you're actually doing something, you will notice them. Whereas if you're being complacent, if you're thinking about Netflix and how much of that you're going to binge, then even if those opportunities are in front of you, you'll never see them. And sometimes people think, wow, this person had this great idea just because they observed something. But hundreds and thousands of people saw that same observation every single day. What's the difference between that one person who noticed it and everybody else? And if the fact is this person was already working towards their goals, their brain was already seeking these opportunities because that's where the focus was and they just happened to capture, what all the other people walking by were seeing and have a massive impact. And what you're saying there, Fay, is we need to do the same, is we need to identify this is where we want to be, identify a niche for something we're particularly passionate about and we want to push forward and then just go and seek out the opportunities by taking action.

Fay:

Yeah, absolutely right.

Jamilla:

Fay, what is your favourite thing about your job? Ending the podcast on a lighter note.

Fay:

I think my favourite thing about my job is the number of people that I get to engage with across the business. So I'm not just working with one team and maybe I'll interact with a few other people, request for advice and projects and all the work that I'm doing spans across the whole organization. So I really enjoy getting to speak to lots of different people and learn about lots of different areas of the business. And I know as part of the GDPR project, I loved there was a particular point where I had engagement with every stakeholder from every team almost at all levels. And that was just amazing to be able to sort of say, I know what that team are up to because I've engaged with them and I know what that team are up to. So you get a real overview of what your organization is up to. And I think that's probably my favourite thing.

Jamal:

I love that Fay. And one of the things I say to everybody on my team when they're doing these records of processing activities is if you walked away or if you walk in there with a computer and a spreadsheet, then don't bother walking in there at all. What I want you to do is go in there and find out what these people do, how they do it, why they do it, and how that relates to what we see documented in the processes and the job description and just have conversations, get to know them, get to understand them. Because when you get to know what they do and you understand what they do, you'll be better aware of the risks. And they feel like, oh, face cool. I can talk to her. I don't have to be worried that she's trying to catch me. She's going to say I can't do something. She's actually really nice. She was interested in what I'm doing. And I think sometimes people overlook just, like, human sound. Like, you spoke about soft skills earlier, and when you go and actually, somebody might have been doing this role for six months. They might have been there for five years. Nobody in their team is going to sit there and say, hey, let me take an interest in your role. They expect you to perform. That's the reason you're there to perform that role. When someone comes and shows and interest in what you're doing, how you're doing it, why you're doing it, and has those natural conversations, then it can really help you build those relationships which will come in useful later on. And if you need that buy in, if you need privacy champions, and if you need people as part of your steering groups or your working groups, now you know what everyone does. You know who the best people are to feed that information to you. And you can also have eyes and ears on the ground, especially when you're looking for large companies. But having this network of privacy champions, who are actually going to help you to make sure that you can serve better.

Fay:

Yeah, absolutely. And I think the positioning piece is key as well. So I'll go out and do site visits. They go, oh, is it an audit? I'm coming out to give you some training, so it'd be very unfair to audit you first when I haven't told you what you should be doing yet or what the process looks like. And they sort of say, well, that's good, people will talk to you then. And it's like, yeah, I don't want them to have their guard up because they'll start talking. And then I'll start thinking, that's interesting. Maybe we need a process there. If you're doing it, maybe someone in another site is doing it in exactly the same role. I really enjoy the conversational piece, taking the time, as you say, to understand people's roles. So, yeah, that's definitely the approach. It's got to be more personal.

Jamal:

How often you take Quality Street down to those training sessions?

Fay:

Well, actually, I'm quite a good cake baker, so bribery with cakes is not above me.

Jamilla:

Last question, Fay. We like to get our guests to ask Jamal a question. It could be anything at all.

Fay:

So I would like to know, Jamal, what your biggest challenge has been in your career? And if I can have a two part question, how did you overcome that challenge?

Jamal:

Wow, that is a very interesting question. I would say my biggest challenge during my career was getting people to actually pay attention and listen to anything I had to say at all. Whether it was applying for my first role and listening to why they should give me that role over anyone else or why they should listen to what I'm asking them to do in their business or anything at all. So I think my biggest challenge, and it's a common theme, is getting people to listen to or getting people to kind of understand why they should listen to anything I have to say. And the way I overcame that was to make things easy peasy, break it down in a way that anyone can understand. And one thing I quickly realize is it doesn't matter if I can memorize the 99 articles of the GDPR and all 170 theory samples and show how smart I am. It doesn't mean anything to anyone. They could have googled that I'm not adding any value. But when I go and I break it down and explain what this actually means, what the requirements are in a way that anyone can understand and how it relates to their role or how it relates to what they're doing or how it's going to have an impact on what they may or may not be able to do. Then I started saw people actually paying attention. People actually wanted to talk to me, people actually wanted me to come on podcast, they wanted me to come to conferences, they wanted e to come and train their team. So I think breaking things down, exactly what you said earlier on, making things relatable to individuals in a way that anyone can understand, is the biggest skill that I've had to develop, which has been the game changer for me. And when you look at my background, I shouldn’t have kind of be in this place. I'm not a lawyer, I don't have a technical background, I don't have a legal background and there is nothing super relevant in any of my earlier roles. So how did I manage to really pivot my career and enjoy the journey I've enjoyed so far? And the bigger secret is just by making things easy peasy, making things clear, making things concise. And I think that's one of the things that a lot of lawyers do actually find challenging, which is something that we really help them through in the academy, is how do we lose that legalese and how do we just have conversations with individuals where we're not losing the requirements of the law, we're not making it less serious, and we're not making it watering it down. But how do you actually then convey that in the language that any man, any woman or even a child can understands that. And that has been the thing that's really helped me to propel my career before. That's the thing that really attracts individuals to come and train with me. And that's the thing that helps me to deliver training and get great results anywhere in the world, regardless of language values. Because you know how to simplify things, you know how to break things down and you know how to teach concepts, complex concepts, in a way that anyone can grasp. And then they actually understand how to operationalize and implement the knowledge into their day to day pragmatically and practically.

Fay:

Well, thank you. That was really interesting. And I think you touched on a really good point there, because I always think a good lawyer can regurgitate the applicable law, but a great one can tell you the so what. So what do I do with that now? What does that actually mean, practically for me? And I think that was certainly a lesson that I had to learn.

Jamal:

On behalf of everyone across the world who's been listening, I want to say thank you, because that was a super valuable podcast. You made some really good points and those points if anyone goes and implements them, it's going to be a game changer for the career. So thank you so much on all of those individuals you're going to impact in advance.

Fay:

Thanks both for having me on. I've really enjoyed it.

Outro:

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro:

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro:

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro:

Please leave us a four or five star review and if you'd like to appear on a future episode of our podcast, or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.uk

Outro:

Until next time, peace be with you.

Show artwork for Privacy Pros Podcast

About the Podcast

Privacy Pros Podcast
Discover the Secrets from the World's Leading Privacy Professionals for a Successful Career in Data Protection
Data privacy is a hot sector in the world of business. But it can be hard to break in and have a career that thrives.

That’s where our podcast comes in! We interview leading Privacy Pros and share the secrets to success each fortnight.

We'll help guide you through the complex world of Data Privacy so that you can focus on achieving your career goals instead of worrying about compliance issues.
It's never been easier or more helpful than this! You don't have to go at it alone anymore!

It’s easy to waste a lot of time and energy learning about Data Privacy on your own, especially if you find it complex and confusing.

Founder and Co-host Jamal Ahmed, dubbed “The King of GDPR” by the BBC, interviews leading Privacy Pros and discusses topics businesses are struggling with each week and pulls back the curtain on the world of Data Privacy.

Deep dive with the world's brightest and most thought-provoking data privacy thought leaders to inspire and empower you to unleash your best to thrive as a Data Privacy Professional.

If you're ambitious, driven & highly motivated, and thinking about a career in Data Privacy, a rising Privacy Pro or an Experienced Privacy Leader this is the podcast for you.

Subscribe today so you never miss an episode or important update from your favourite Privacy Pro.

And if you ever want to learn more about how to secure a career in data privacy and then thrive, just tune into our show and we'll teach you everything there is to know!

Listen now and subscribe for free on iTunes, Spotify or Google Play Music!

Subscribe to the newsletter to get exclusive insights, secret expert tips & actionable resources for a thriving privacy career that we only share with email subscribers https://newsletter.privacypros.academy/sign-up

About your host

Profile picture for Jamal Ahmed FIP CIPP/E CIPM

Jamal Ahmed FIP CIPP/E CIPM

Jamal Ahmed is CEO at Kazient Privacy Experts, whose mission is safeguard the personal data of every woman, man and child on earth.

He is an established and comprehensively qualified Global Privacy professional, World-class Privacy trainer and published author. Jamal is a Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E) and Certified EU GDPR Practitioner.

He is revered as a Privacy thought leader and is the first British Muslim to be awarded the designation "Fellow of Information Privacy’ by the International Association of Privacy Professionals (IAPP).