Bridging the gap between technology, law, and the board. Using risk to cut challenges down to a manageable size. Leveraging experience gained during 2 decades in IT, information security, and data protection related roles.

Core beliefs: Real solutions do not and will never just come in a box. The core challenges, while driven by laws and legal compliance, are centred on making and scaling the right effort. The most important effort? Identifying priorities, clarifying accountability, and streamlining engagement to make space for what matters.

Veteran of multiple risk and compliance programmes including; Sarbanes Oxley (SOx), supplier governance, IT change assurance, business continuity, and (applying hard won experience and lessons learned) GDPR and more general Data Protection.

Also an award winning blog writer, occasional speaker, and on a tirelessly optimistic mission to give de-techified advice about practical data protection and security to my kids, to cabbies, and to anyone else I can persuade to listen.

Specialties: Data Protection / GDPR requirements and risk assessment, 3rd party due diligence and governance, compliance management, data security, cloud data risk, social media data risk, systems assurance and assurance for change activity.