Guest: Yagmur Sahin, Information Governance and Data Protection Manager at Data Privacy Simplified
Host: Jacob H. Larsen, Wired Relations

In this episode, Jacob H. Larsen sits down with Yagmur Sahin, a qualified lawyer with dual master’s degrees in law and cybersecurity, to discuss her unique career journey into data protection. Yagmur shares insights on fusing law and tech, the growing importance of data protection, and the skills required to thrive in this dynamic field.

Key Topics Discussed

• Yagmur’s Career Path: From criminal and employment law to cybersecurity and data protection
• The Turning Point: How her distaste for mass surveillance and digital profiling led her to pivot her career
• Legal vs. Technical Approach: The benefits of having both legal and technical expertise in data protection
• Diverse Backgrounds in Data Protection: Why professionals from various fields can thrive in this industry
• Essential Skills for Data Protection Professionals:
  • Analytical thinking
  • Strong communication skills
  • Adaptability and resilience
  • Research skills and continuous learning mindset
• The Importance of Data Protection:
  • Safeguarding personal rights and freedoms
  • Building trust in businesses and compliance culture
  • Addressing challenges posed by AI, quantum computing, and data profiling

Key Takeaways

• Data protection is not just about compliance; it’s about trust, autonomy, and safeguarding people’s rights.
• Professionals from various backgrounds, legal, technical, marketing, psychology can succeed in this space.
• Organisations must embed data protection into their culture to maintain trust and meet regulatory standards.
• Passion, curiosity, and a problem-solving mindset are more important than a specific degree when entering this field.

Resources & Links

• Connect with Yagmur Sahin on LinkedIn: https://www.linkedin.com/in/data-privacy-yagmursahin/

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

Episode Summary:
In this episode of Sustainable Compliance, host Jacob H. Larsen talks with Susanne Bitter, a seasoned information security and data protection expert with over 15 years of experience. Susanne shares her insights on the transformative role of AI in cybersecurity, the challenges of governance and supply chain risks, and why getting the basics right is still critical.

Key Topics Discussed:

• AI's Role in Cybersecurity: The benefits and risks of AI, from increased productivity to challenges like data breaches and misinformation.
• Governance in AI: The importance of context, governance, and understanding AI’s underlying processes to reduce risks.
• Supply Chain Risks: How organisations can choose the right partners and manage complex digital supply chains effectively.
• The Human Factor in Security: Why simplifying security measures for end users is key to improving overall organisational defenses.
• Ethics and Privacy: The growing importance of privacy and data protection in an interconnected world, and how individuals and organisations can protect sensitive data.
• Susanne’s Journey: How Susanna’s passion for computers and logic led her to a fulfilling career in cybersecurity and information security.

Quotable Moments:

• “AI governance isn’t just about technology; it’s about understanding how and why decisions are made in the context of your organisation.”
• “Let’s not forget the basics—strong passwords, good governance, and effective collaboration are still at the heart of information security.”
• “We’ve learned how to use technology, but using it safely? That’s an ongoing challenge.”

About Our Guest:
Susanne Bitter is the Head of Regional Strategic Alliances at the Cybersecurity Forum Initiative and a passionate advocate for AI governance, supply chain security, and data protection. With a strong belief in collaboration and education, Susanna is committed to making complex cybersecurity topics accessible and actionable for organisations and individuals alike.

Resources Mentioned:

• Susanna Bitter’s LinkedIn Profile: https://www.linkedin.com/in/susanne-zuzana-bitter/

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
  • Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

In this episode, Jacob Høedt Larsen, talks to Claire Archibald about:

Claire's Background: Claire Archibald, a legal director at Browne Jacobson, specializes in data protection and information governance in education, with a strong passion for children’s and staff privacy in schools.

Path into Data Protection: Claire’s career began in regulatory law, notably environmental law, which had parallels with data protection, especially regarding compliance and regulatory pressures. Her diverse experiences, including mediation and working in education, naturally led her into data protection.

Challenges in Data Protection for Education: Claire highlights that many schools in the UK lack proactive privacy programs, often reacting to data breaches without thorough root-cause analysis or strategic planning.

Safeguarding and Privacy: She stresses that privacy and safeguarding are not mutually exclusive; instead, strong data protection measures can support safeguarding efforts within schools.

Role of DPIAs: Claire is a strong advocate for Data Protection Impact Assessments (DPIAs) as a valuable tool for schools to understand the "why" behind their data processing activities, which helps mitigate risks and improve decision-making around digital tools.

Vendor Influence and Digital Strategy: Schools often rely on EdTech vendors' sales pitches without sufficient critical analysis. This has led to a lack of strategic oversight, with schools frequently adopting new technologies without clear justifications or understanding of their impacts.

Operational and Strategic Gaps: Schools often struggle with operational confidence in data protection, and trustees, who may lack time or resources, aren’t fully aware of strategic risks, resulting in a reactive rather than proactive approach to data protection.

Personal Stories and the Importance of Privacy: Claire shares experiences showing the real-life impact of privacy issues, particularly on vulnerable groups like children and individuals with specific needs, emphasizing the nuanced harms that can arise from data misuse.

Future Concerns in Data Protection: Claire is concerned about the accumulation of unnecessary data (“haystacks”), as this approach complicates data management, increases potential harm, and has environmental costs.

Children’s Technology Use and Privacy: She highlights society’s cognitive dissonance around children’s use of technology—on one hand, technology is encouraged for educational use, while on the other, it poses risks to children's mental health and data privacy through tracking and recommender systems.

Follow Claire on LinkedIN: https://www.linkedin.com/in/claire-archibald-dpo/

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

“Will we live in a world where tracking is the norm, or are we going to fix this global issue?”

Arthur Edelstein is concerned for the future of the web and people's privacy online.

He is a senior research and privacy engineer at Brave browser and founder of the project privacytests.org, where he runs objective privacy tests on major web browsers.

Here he is focused on uncovering the hidden privacy risks, and his work tests how browsers handle issues like fingerprinting and cookies – results that are shared publicly.

We talk about his most important findings. We also talk about:

1. Why he chose privacy as a career
2. Why it is important
3. What he is interested in right now and
4. What he is most worried about when it comes to the future of digital privacy.

Reach out to Arthur Edelstein on Linkedin and check out his project privacytests.org

In today’s episode, we dive deep into the world of privacy red teams—where the goal isn’t just to protect data, but to break it first. Join us as we explore how this adversarial approach helps businesses identify and fix vulnerabilities before they become threats.

Your host Jacob Høedt Larsen speaks to red team expert, Rebecca Balebako.

Rebecca is a Privacy Engineer, who has worked with RAND corporation and Google. She now runs her own business, Balebako Privacy Engineer in Switzerland.

Find her on: https://www.privacyengineer.ch/

In this episode we talk about he e-book on adversarial privacy testing. Get your free copy here: https://www.privacyengineer.ch/blog/

We also talk about:

1. Why he chose data protection as a career
2. Why it is important
3. What he is interested about right new and
4. What he is most worried about when it comes to the future of data protection

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

"Hang on, let's look at what their day to day job is, what their business processes are, and optimize those processes so they become inherently compliant," Jonathan Craven says about his perspective on creating great data protection and information security.

Jonathan Craven was previously Global Privacy Operations Lead at iRythm Technologies, now a self employed consultant. He came to data protection from a background and career in psychology and we talk about how that has informed his view on how to create a culture of data protection.

We also talk about:

1. Why he chose data protection as a career
2. Why it is important
3. What he is interested about right new and
4. What he is most worried about when it comes to the future of data protection?

Reach out to Jonathan Craven on https://www.linkedin.com/in/jonathanbcraven/

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

"So first of all, OG privacy people who were scrappy and had to fight really hard to get any kind of budget and to even get people to understand that this was a necessary component of a business. They're ready for anything," Shoshana Rosenberg says in this podcast.

We discuss:
- The future of AI and whether privacy people are equipped to take that on.
- The importance of privacy in feedback and inclusion data
- ... and how Shoshana ran towards a career in privacy

Shoshana Rosenberg is a chief AI governance and privacy officer at WSP in the US, founder of SafePorter, a Privacy-by-Design engangement feedback and diversity and inclusion tool that won the PICASSO EU Privacy Award in 2023. Moreover, she is the programme advisor to Logical AI Governance. Find her on Linkedin: https://www.linkedin.com/in/shoshanarosenberg/

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

"My life has been filled with epiphany moments, you know, moments where the scales have fallen from my eyes and I thought, ah, get it," says Emma Martins in this interview.

For a number of years Emma Martins was the Data Protection Commissioner at the Office of the Data Protection Authority of the Channel Islands. She now advises on data protection matters.

In this interview, Emma Martins talks about her epiphany moments that led her to a career in data protection. We talk about why data protection is important, what excites her about it and what she is worried about ... and much much more.

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.