The Data Protection and Privacy Podcast

David Clarke

The latest in Data Protection and Privacy Podcast by David Clarke  Follow me on Twitter @1davidclarke 96k Followers Join Linkedin GDPR Group 32,500 Others Members for FREE Top 50 Global Thought Leaders and Influencers on Privacy 2025! Top 100 B2B Thought Leaders, Analysts & Influencers You Should Work With In 2025 Top 50 B2B Thought Leaders & Influencers You Should Work With In 2024 (EMEA)Top 25 Thought Leader Privacy 2023 Top 100 Thought Leader Social 2023 Top 100 Thought Leader Security 2023Top 50 B2B Thought Leaders & Influencers You Should Work With In 2023 (EMEA) Who’s Who in Cybersecurity? 2022 Who’s Who in Cybersecurity? 2020 Top 20 Privacy Thought Leaders September 2021 Thinkers 360Top 50 Global Expert 2018 Kingston Technology Top 20 Global Tech Influencers by @Thinkers360 2020/2021Top 30 Thomson Reuters Top Influencers In Risk, Compliance 2017Who's Who in Remote Working? 2021Who’s Who in Risk Management? 2021No 2 Thinkers360 Cybersecurity June 2019 This Podcast is sponsored by Vciso.co www.vciso.co  helps SAAS Companies SAAS Unicorns, B2B SAAS and Pre Revenue SAAS start-ups. to meet privacy and cyber security requirements and ISO27001,ISO42001, and SOC2 standards so they close sales deals quicker and can achieve cyber , privacy alignment certifications faster in minimum time .

  1. 12/29/2025

    What The EXPERTS Do Not TELL Us About Data Protection? Part 29. Aakash Suri on Privacy, AI, and Culture Change

    Aakash Suri joins David Clarke to reveal how privacy can drive business, demystify AI governance, and end tick-box compliance for good. Guest: Ash Siri, Founder of AS Privacy and AI Solutions Ltd  1. Privacy as a Strategic Enabler — Not a Blocker Ash positions privacy as a business asset, not a compliance burden.He communicates legal requirements in plain English and offers practical steps, gaining trust from senior stakeholders.By aligning privacy with business goals, he earns top-down buy-in and builds privacy into strategic objectives. Insight: Translate law into value. Privacy earns respect when it drives business outcomes.  2. In-Person Training > Tick-Box E-Learning Ash designed live privacy training that replaced generic e-learning.Used interactivity, real examples, and group tasks to create engagement and cultural change.Everyone from customer service to board members participated.Insight: Changing behaviour requires human connection, not slide decks. 3. Proactive AI Governance is Missing Most companies rush into AI for efficiency but lack governance.Ash advises organisations to ask: “Where’s your policy? Who’s accountable?”Governance doesn’t have to be complex — just clear, intentional, and privacy-by-design.Insight: If you're using AI without a policy, you’re gambling with compliance.  4. Incident Management Requires Calm, Speed, and Process Built practical incident response systems — forms, workflows, and clear roles.Created a safe culture where teams felt comfortable reporting issues.Emphasised speed of execution, not fear.Insight: Most failures happen in the first 2 hours. Clarity beats chaos. 5. Build Privacy Culture Through Simplicity, Trust, and Visibility Ash used SharePoint hubs, quizzes, sweet incentives, and dialogue to make privacy visible and normal.Delivered transparency training that related directly to people’s day-to-day jobs.Insight: Privacy works when people understand how it affects them, not just the business. You can contact Aakash Suri here https://www.linkedin.com/in/aakashsuri-thoughtleader/ The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    23 min

  2. 10/06/2025

    What The EXPERTS Do Not TELL Us About Data Protection? Part 28: The Hidden Link Between GDPR and Competition Law

    In this episode Arletta Gorecka Ph.D in Competition law | Lecturer in law at GIC | discusses competition law and privacy   🎙️ Top 5 Insights from the Podcast with  Arletta Gorecka  Topic: Competition Law, Privacy & the Facebook Case 1. Facebook’s Exploitation = Competition Breach via Privacy Violations The German competition authority found Facebook abused its dominant position not through pricing or exclusion but by violating users' privacy.Consent was often buried in complex terms; users weren’t truly aware they were agreeing to pervasive data tracking.  Insight: This case set a precedent for framing GDPR breaches as competition law violations.2. Excessive Data Collection Can Be Anti-Competitive Under Article 102 TFEU, collecting personal data in ways users don’t understand can be seen as an exploitative abuse.Even “privacy-enhancing” features like Apple ATT and Google Privacy Sandbox may still mislead or confuse users. Point: Quality degradation (privacy loss) can now be treated as harm to consumers — even if there’s no price involved.3. “Privacy Traps” Are a Growing Concern Whether a platform claims to be privacy-friendly or not, users can still be manipulated or exploited.Alet introduces the idea of the “privacy trap” — where both pro-privacy and anti-privacy approaches can lead to exploitative practices. Key Thought: It’s not just about collecting data — it’s about how and why it’s being collected.4. EU Law Now Recognises GDPR Breaches in Competition Context The CJEU (Court of Justice of the EU) now affirms that GDPR violations can be considered under competition law, but it’s not automatic.Collaboration between Data Protection Authorities (DPAs) and Competition Authorities is crucial — though still inconsistent across EU states. Takeaway: Legal coordination is improving, but still needs reform (e.g., decentralising enforcement beyond Ireland).5. Transparency Is the Solution — For Both Consumers & Businesses People often don’t read or understand terms, and consent is mostly uninformed.Alet recommends practical transparency tools like videos, visual cues, or real-time data usage popups to help users understand what’s happening.  Advice to businesses: Be clear, simple, and proactive about data use.  Advice to users: Know that your data = your value, even if you don’t pay with money.You can contact   Arletta Gorecka Ph.D here https://www.linkedin.com/in/arletta-gorecka-25110413b/  Views are personal. Not legal advice. Info based on public sources at time of recording.  The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    25 min

  3. 10/01/2025

    What The EXPERTS Do Not TELL Us about Data Protection? Part 27 – Securing AI Before It Secures You – With Stas Levitan from DeepKeep.ai

    In this episode with Stas Levitan, AI Governance Expert & Co-founder @ DeepKeep we dive deep into the wild west of AI security, shadow AI, and the real risks lurking behind your favourite GenAI tools. Stas shares hard-hitting insights on why most companies are blind to their AI usage, and how governance isn’t just about tick-box compliance — it’s about survival. Here’s what we covered: AI Risk Starts Way Before You Deploy It Most think risk begins at runtime. Nope. It starts the moment you grab that model from a repo — and trust me, most are not as “safe” as they look.Shadow AI Is Everywhere Employees are quietly using ChatGPT, Gemini, and open-source models — often with good intentions, but zero oversight. Big risk, bigger blind spot.Guardrails Aren’t Optional Anymore Enterprise AI needs serious guardrails — not just generic APIs. Think AI-native tools that track, monitor, and enforce behaviour in real time.LLMs Don’t Forget… Ever Feed your chatbot personal data, and you might just see it pop up later — possibly in someone else’s output. AI Security ≠ Traditional SecurityFirewalls won’t save you here. This is about controlling model behaviour, not just access and networks. Totally different mindset needed.Big AI Providers = Not Enterprise-Ready The default tools don’t cut it. The second you fine-tune a model or use it with your data — you own the risk.EU AI Act Isn’t Just Hype — It’s Happening  Risk assessments, monitoring, documentation — this isn’t optional for high-risk sectors. And no, you probably aren't ready yet.Step One: Get Visibility You can’t protect what you can’t see. Start by discovering what AI is actually being used in your org — you might be shocked.  It’s a frank and eye-opening conversation that every CIO, CISO, and compliance lead should hear. Tune in — and if you’re using GenAI without a plan, maybe… stop. Stas Levitan  can be contacted here  •DeepKeep official website: https://www.deepkeep.ai •Stas Levitan LinkedIn: https://uk.linkedin.com/in/stas-levitan The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    29 min

  4. 05/18/2025

    What The EXPERTS Do Not TELL Us about Data Protection? Part 26 – Emeka Mosanya, CTO at Certifaction: The Only E-Signature Platform That Can’t See Your Documents. Built for Privacy. Compliant by Design.

    Emeka Mosanya, CTO of Certifaction, talks to David Clarke about how their Swiss-based e-signature platform ensures total document confidentiality using end-to-end encryption and local processing—ideal for sectors like healthcare and finance. Top 5 Key Points: Zero Document Access: Certifaction never sees or stores your documents—everything is fully encrypted.Local Processing: All signing happens in your browser or via an on-premise gateway—no cloud exposure.Strict Compliance: Fully aligned with GDPR and Swiss data protection laws; identity is traceable but private.ISO 27001 Certified: Strong security framework with end-to-end encryption and no backdoors.Fast Integration & White Labelling: Simple Docker-based API, designed to embed easily into third-party platforms. Emeka Mosanya CTO at Certifaction  can be contacted here   https://www.linkedin.com/in/emekamosanya/   info@certifaction.com The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    16 min

  5. 11/06/2024

    What The EXPERTS Do Not TELL Us about Data Protection ? Part 25 Lorenza Binkel CEO at prodify.it AI regulation platform that enables a company to use any AI platform safely. Without Worrying About Data Leaks

    5 Key Points from the Podcast with  Lorenza Binkel   CEO of  prodify.it 1.Data Protection Challenges: Companies, especially in regulated industries, struggle with secure AI usage due to data leakage risks, prompting many to ban certain AI tools. 2.Prodify's Security Approach: Prodify uses encryption and role-based permissions to control data access, ensuring that sensitive information remains protected within company systems. 3.Compliance and Integration: Prodify supports compliance with GDPR and other regulations by tracking data usage and offering default settings for various regulatory frameworks. 4.Cross-Industry Relevance: While critical in sectors like finance and healthcare, Prodify's solution is adaptable across industries, benefiting teams in areas like sales, law, and creative fields. 5.Implementation Flexibility: Companies can quickly integrate Prodify's basic functions, with more comprehensive solutions available for long-term, secure AI implementation. Lorenza Binkel   CEO at prodify  can be contacted here    https://www.linkedin.com/in/lorenza-binkele-17319254/ https://prodify.it/home https://prodify.it/home The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    24 min

  6. 08/29/2024

    What The EXPERTS Do Not TELL Us about Data Protection ? Part 24 Revolutionizing Data Privacy: How AI is Transforming Privacy Management with Leila Golchehreh of Relyance.ai

    5 Key Points from the Podcast with  Leila  Golchehreh from Relyance.ai Legacy Issues and Modern AI-Driven Privacy Solutions:  Traditional privacy tools are outdated, slow, and inefficient. Reliance AI provides a modern, AI-powered platform that automates key tasks like DSARs, data mapping, and records of processing activities, reducing manual effort and increasing accuracy.AI as Both a Challenge and an Opportunity in Privacy Management:  AI complicates data privacy but also provides solutions to manage these complexities. Reliance AI uses static code analysis and large language models to predict data processing behaviors and ensure compliance, making privacy management more efficient and scalable.Benefits of Reliance AI Software:  Minimal engineering resources needed for implementation. Fast setup with automation that reduces reliance on manual processes. Provides continuous monitoring and alerts for data inconsistencies, reducing risks. Acts as a "co-pilot" for privacy professionals, enhancing capacity and reducing time spent on repetitive tasks.Balancing AI Automation with Human Expertise:  AI handles repetitive and data-intensive tasks, but human experts are essential for strategic decision-making, such as evaluating alternative data processing methods and negotiating nuanced contracts.Embedding Privacy as a Core Business Function:  Organizations must go beyond compliance by integrating privacy deeply into all functions. Building cross-functional teams, securing executive buy-in, and leveraging AI like Reliance AI are critical to fostering a privacy-focused culture that builds trust with customers. Leila  Golchehreh, Co-Founder & Chief Strategy Officer can be contacted here    https://www.linkedin.com/in/leilagolchehreh/ https://www.relyance.ai/company#contact The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    31 min

  7. 07/16/2024

    What The EXPERTS Do Not TELL Us about Data Protection ? Part 23 Fortified Security: Protecting Legal Data in a Digital World with Rich Kanadjian from Kingston Technology .

    Top 5 Key Points from the Podcast with Rich Kanadjian from Kingston Technology  1.       Cybersecurity Importance: Critical for legal professionals to protect client confidentiality.Increased vulnerabilities due to remote work from the pandemic.2.       Common Vulnerabilities: Internal servers need strong intrusion protection.Human errors, stolen credentials, and social engineering are major breach causes.3.       Best Practices: Use air-gapped systems to disconnect sensitive data from the internet.Employ hardware encrypted drives like Kingston’s IronKey for data security.4.       Travel Risks: Public Wi-Fi at airports, hotels, and coffee shops are hotspots for hacking.Carry data on encrypted drives instead of connecting devices to public networks.5.       Customs and Legal Compliance: Customs can image devices, exposing data.Use encrypted drives with features like crypto erase to protect sensitive information.  Rich Kanadjian, Global Business Manager – Encrypted Solutions at Kingston Technology can be contacted here: www.kingston.com / richard_kanadjian@kingston.com / www.linkedin.com/in/richkanadjian/ The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    24 min

  8. 04/03/2024

    What The EXPERTS Do Not TELL Us about Data Protection ? Part 22 Dr. Rachel O'Connell CEO of TrustElevate discusses how to create a safer internet for children by verifying the ages of users under 13 and confirming parental responsibility.

    Top 5 Key Points from the Podcast with Dr. Rachel O'Connell  CEO of TrustElevate Overview and Mission of TrustElevate:TrustElevate aims to create a safer internet for children by verifying the ages of users under 16 and confirming parental responsibility. This is crucial for companies to comply with data protection laws regarding children’s data.Methodology for Verification:The verification process uses a zero-knowledge privacy model, where parents provide minimal information (child’s name, DOB, parent’s mobile number) that is checked against hashed, authoritative data sources without storing personal data.Regulatory Environment and Compliance:The importance of regulatory compliance is highlighted, noting that regulations like GDPR have increased scrutiny on how companies process children’s data. TrustElevate’s service helps companies navigate these regulations by verifying user ages and parental relationships.Technological Innovation and Challenges:TrustElevate employs AI and multi-factor authentication to verify details provided by parents. The discussion also touches on the limitations of age estimation technologies and the ongoing challenges posed by criminals using deep fakes and other methods to circumvent age verification measures.Future Vision and Advice for Companies:The conversation envisages a future where TrustElevate’s verification process is integrated into various services (e.g., social media, banking) to ensure children’s safety online. Companies are advised to adopt clear policies and collaborate across teams to meet their duty of care towards young users, emphasizing trust as a market differentiator. Dr. Rachel O'Connell CEO of TrustElevate can be contacted here https://www.TrustEleavate.com/   info@TrustEleavate.com The latest in Data Protection and Privacy Podcast by David Clarke Follow me on Twitter @1davidclarke 96.1k Followers Join Linkedin GDPR Group 33,475 Others Members for FREE CoAuthor of an ICO certified GDPR scheme

    29 min
See All (27)

About

The latest in Data Protection and Privacy Podcast by David Clarke  Follow me on Twitter @1davidclarke 96k Followers Join Linkedin GDPR Group 32,500 Others Members for FREE Top 50 Global Thought Leaders and Influencers on Privacy 2025! Top 100 B2B Thought Leaders, Analysts & Influencers You Should Work With In 2025 Top 50 B2B Thought Leaders & Influencers You Should Work With In 2024 (EMEA)Top 25 Thought Leader Privacy 2023 Top 100 Thought Leader Social 2023 Top 100 Thought Leader Security 2023Top 50 B2B Thought Leaders & Influencers You Should Work With In 2023 (EMEA) Who’s Who in Cybersecurity? 2022 Who’s Who in Cybersecurity? 2020 Top 20 Privacy Thought Leaders September 2021 Thinkers 360Top 50 Global Expert 2018 Kingston Technology Top 20 Global Tech Influencers by @Thinkers360 2020/2021Top 30 Thomson Reuters Top Influencers In Risk, Compliance 2017Who's Who in Remote Working? 2021Who’s Who in Risk Management? 2021No 2 Thinkers360 Cybersecurity June 2019 This Podcast is sponsored by Vciso.co www.vciso.co  helps SAAS Companies SAAS Unicorns, B2B SAAS and Pre Revenue SAAS start-ups. to meet privacy and cyber security requirements and ISO27001,ISO42001, and SOC2 standards so they close sales deals quicker and can achieve cyber , privacy alignment certifications faster in minimum time .

Information