Thursday 6th May 2021, 10:00 (BST)

Security and Privacy by design: avoiding a “bolt-on” approach

  • Embedding strong security controls from before data is collected to its destruction.
  • Increasing the culture of awareness of privacy and data protection within the organisation
  • Evaluating whether your systems fulfil users’ privacy needs 

Full episode replay

Your host:

Geoff White

Investigative journalist Geoff White has covered technology for BBC News, Channel 4 News, Audible, Forbes online and many others.

An experienced public speaker, he has given keynote talks at some of the UK’s largest tech events, in addition to hosting conferences and chairing panels at venues ranging from London’s Chatham House think-tank to the Latitude music festival.


Victoria van Roosmalen, Chief Information Security Officer, Coosto

Victoria van Roosmalen has a strong technical background with a decade of practical experience in information technology, data protection, and privacy. As a CISO and DPO, she is responsible for the data protection and data privacy governance at Coosto—an all-in-one social media management product ranked no. 1 in the Netherlands.

She is an ambassador of ISACA’s SheLeadsTech program and serves the IAPP as a Training Advisory Board member. Victoria holds various industry certifications, speaks at information security and data privacy conferences across Europe, and participates in working groups of new industry standards and materials—such as the NIST Privacy Framework. In 2019, she was recognised among 200 individuals in Europe for making significant contributions to the security and privacy sector.

Victoria is passionate about technology—including its ever-promising possibilities and opportunities. Yet, concurrently, she also recognises its potential adverse effects and is not afraid to challenge any devil that lingers in the details. Committed to providing a safer future, Victoria is determined to empower technological advancements and its aimed benefits with proper controls.

Julian Osborne, Chief Information Security Officer, Volkswagen Group UK

Driven by Integrity, Transformation, Strategy, Relationship Management, GRC, DPA / GDPR, Operational Excellence.

Informaton Security Professional with extensive leadership, transformation, design, implementation and management experience. Over 24 years evaluating, developing, implementing, managing and securing organisations and delivering organisational change.

Strong technical acumen and a business-positive approach to managing risks and control requirements to information and technology services and to promote Information and Cyber Security as a business enabler.

Passionate about educating and improving awareness of information security and data protection across teams and organisations

Sarah Clarke, Data Protection and Security Governance Expert, Infospectives Ltd

Bridging the gap between technology, law, and the board. Using risk to cut challenges down to a manageable size. Leveraging experience gained during 2 decades in IT, information security, and data protection related roles.

Core beliefs: Real solutions do not and will never just come in a box. The core challenges, while driven by laws and legal compliance, are centred on making and scaling the right effort. The most important effort? Identifying priorities, clarifying accountability, and streamlining engagement to make space for what matters.

Veteran of multiple risk and compliance programmes including; Sarbanes Oxley (SOx), supplier governance, IT change assurance, business continuity, and (applying hard won experience and lessons learned) GDPR and more general Data Protection.

Also an award winning blog writer, occasional speaker, and on a tirelessly optimistic mission to give de-techified advice about practical data protection and security to my kids, to cabbies, and to anyone else I can persuade to listen.

Specialties: Data Protection / GDPR requirements and risk assessment, 3rd party due diligence and governance, compliance management, data security, cloud data risk, social media data risk, systems assurance and assurance for change activity.

[s2Member-Login login_redirect=”” /]