In today’s episode, we dive deep into the world of privacy red teams—where the goal isn’t just to protect data, but to break it first. Join us as we explore how this adversarial approach helps businesses identify and fix vulnerabilities before they become threats.

Your host Jacob Høedt Larsen speaks to red team expert, Rebecca Balebako.

Rebecca is a Privacy Engineer, who has worked with RAND corporation and Google. She now runs her own business, Balebako Privacy Engineer in Switzerland.

Find her on: https://www.privacyengineer.ch/

In this episode we talk about he e-book on adversarial privacy testing. Get your free copy here: https://www.privacyengineer.ch/blog/

We also talk about:

1. Why he chose data protection as a career
2. Why it is important
3. What he is interested about right new and
4. What he is most worried about when it comes to the future of data protection

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

"Hang on, let's look at what their day to day job is, what their business processes are, and optimize those processes so they become inherently compliant," Jonathan Craven says about his perspective on creating great data protection and information security.

Jonathan Craven was previously Global Privacy Operations Lead at iRythm Technologies, now a self employed consultant. He came to data protection from a background and career in psychology and we talk about how that has informed his view on how to create a culture of data protection.

We also talk about:

1. Why he chose data protection as a career
2. Why it is important
3. What he is interested about right new and
4. What he is most worried about when it comes to the future of data protection?

Reach out to Jonathan Craven on https://www.linkedin.com/in/jonathanbcraven/

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

"So first of all, OG privacy people who were scrappy and had to fight really hard to get any kind of budget and to even get people to understand that this was a necessary component of a business. They're ready for anything," Shoshana Rosenberg says in this podcast.

We discuss:
- The future of AI and whether privacy people are equipped to take that on.
- The importance of privacy in feedback and inclusion data
- ... and how Shoshana ran towards a career in privacy

Shoshana Rosenberg is a chief AI governance and privacy officer at WSP in the US, founder of SafePorter, a Privacy-by-Design engangement feedback and diversity and inclusion tool that won the PICASSO EU Privacy Award in 2023. Moreover, she is the programme advisor to Logical AI Governance. Find her on Linkedin: https://www.linkedin.com/in/shoshanarosenberg/

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

"My life has been filled with epiphany moments, you know, moments where the scales have fallen from my eyes and I thought, ah, get it," says Emma Martins in this interview.

For a number of years Emma Martins was the Data Protection Commissioner at the Office of the Data Protection Authority of the Channel Islands. She now advises on data protection matters.

In this interview, Emma Martins talks about her epiphany moments that led her to a career in data protection. We talk about why data protection is important, what excites her about it and what she is worried about ... and much much more.

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

At TDC NET they have a strong privacy and security culture. No system or vendor enters the network without being thoroughly vetted by both data protection and information security. This happens due to a governance model that is anchored in the organisation and has buy-in at top management.

TDC NET provides a great part of the digital infrastructure in Denmark, through fixed-line and mobile networks.

In this podcast, Jacob Høedt Larsen, talks to Head of Privacy Compliance, Mona Persson about how they make it work.

They discuss:

1. How the governance model is set-up
2. How a new system or a new vendor goes through the governance process
3. What it takes to make it all work

You'll gain practical insights into how to set-up your own process.

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

The Powerpoint-presentation: https://3963040.fs1.hubspotusercontent-na1.net/hubfs/3963040/Webinars/Pr%C3%A6sentation%20til%20andre%20BU%20-%20Wired%20(english).pptx.pdf

Follow Mona Persson on Linkedin: https://www.linkedin.com/in/monapersson/

In this podcast you get a 7-step cheat sheet to securing buy-in for your data protection programme.

Get the presentation here: https://3963040.fs1.hubspotusercontent-na1.net/hubfs/3963040/Presentations/20240425_masterclass_DPIA%20securing%20buy-in.pptx.pdf

The steps are:

🎯 What do you really want?

🌍 What do they think about this right now?

🎤 What will they lose by not doing what you think?

🗞 Where can you reach them?

👯 Who will support you?

🧠 Speak to the mind … and the gut

📅 Get organised

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

The DPIA process is important. In this podcast we look at it from the organisational perspective. How do you make it work - not legally or technically - but organisationally.

You find the presentation here: https://3963040.fs1.hubspotusercontent-na1.net/hubfs/3963040/Presentations/20240405_masterclass_DPIA.pptx.pdf

It:

• Supports good decision-making,
• Good governance
• Compliance
• Often no DPIA is required – documents the non-action
• It is also good practice to do a DPIA for any other major project which requires the processing of personal data. (ICO)

However, data protection often doesn't now when a new system is coming on board.

It is a cultural issue and we have to do many things to chance it:

• Training and awareness
  • Don’t forget VIP’s
• Let’s put it in a policy (and get it out there)
• Hybrid organisation and ambassadors
• We have a process (or more)
• We have buy-in
• Ask…

That is what you'll learn about in this podcast.

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

Shifting Privacy Left is a conscious effort to embed privacy practices earlier in the development life cycle to prevent privacy harms and data breaches from forming, Privacy Tech Advisor Debra Farber says.

In this interview Debra Farber and I discuss what Shifting Privacy Left does, how it helps organisation, what competencies are needed and how it is implemented.

My take-aways from the interview:

• Privacy requirements should be table stakes and functional product requirements, not something that comes from legal or the privacy team.
• Privacy by Design is the strategy, Shifting left is the implementation.
• It's a cultural shift which requires upskilling. Today, most developers, don't think privacy is their responsibility. Therefore, they should learn about privacy and data protection.
• Shifting Privacy Left can solve problems, lessening the compliance burden down the line.

You host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Debra J. Farber is a globally-recognized Privacy, Security and Ethical Tech Advisor and Principal and Host of The Shifting Privacy Left Podcast.

The Shifting Privacy Left Podcast: https://shiftingprivacyleft.com/audio/8323

Sustainable Compliance is brought to you by Wired Relations - read more about here: https://www.wiredrelations.com