Ozan Mert on Data Collection & Visibility
Privado celebrates the work of Ozan this Data Privacy Day.
Privacy Engineer & Consultant
What is your role and how does it relate to ensuring data privacy?
My role is a mixture between privacy risk manager and privacy architect. I am working on the architecture of the organizational data inventory, identifying potential risks, and coordinating the effort for privacy risk management.
Tell us about your approach to building privacy programs
I could categorize the approach for building privacy programs in 3 steps:
- Gathering the data to perform privacy impact analysis
- Performing the privacy risk/ impact analysis to identify if the process is compliant with privacy principles like purpose limitation or storage limitation
- Identifying and implementing auditable controls to achieve security of processing and compliance with legal frameworks
How do you measure and prioritize data privacy risks?
When measuring and prioritizing data privacy risks, we check if the processing activity and the assets utilized as a part of the processing are compliant with the privacy and information security principles and assign a risk score per each non-conformity.
What’s one thing that has surprised you in your data privacy work?
Well, I had many, but the most surprising thing I faced and am still facing is; defining processing activities with the business teams, as it almost always takes more time than expected and requires the team first to describe their as-is business. It is very rare that a team I am working with has data available for impact analysis.
What are some challenges you have faced and how have you overcome them?
The root cause of challenges I face in privacy is almost always solved by convincing the relevant team of the impact of the subject. An example could be our cookie consent management rollout; the effort for implementing the solution was around four weeks, whereas the effort to convince the teams of the necessity of the project required multiple high-level decision-making meetings in around two years.
What has been your experience engaging technical or developer teams?
Although I have engaged with technical teams who are aware of the challenge and are willing to contribute to the effort, the technical teams mostly expect to put in the minimum effort to achieve compliance. Discovery tools become very essential in this sense to minimize the effort required and engage the technical teams.
What are some best practices to share or pitfalls to avoid when trying to ensure data privacy?
It is challenging to go with the best practice approach in privacy as the business risk appetite is either open or hungry, with high growth expectations and privacy being the blocker. Targeting higher maturity levels like managed or optimized in CMMI model might be aiming too high, and the concrete approach would be going step by step, focusing primarily on identifying before rushing into actions for risk mitigation.
What predictions do you have for Data Privacy in 2023?
It is very hard to tell, as per my understanding, privacy remains one of the greatest challenges for the digitalized era, and the current methodology to overcome the problem requires organizations to have a standardized and structured approach which they lack the motivation for, especially where the sanctions are not intimidating enough. It is hard to forecast and coordinate the organization to take proactive action as the effort is perceived as a cost center with limited opportunities to monetize.
What does Data Privacy Day mean to you?
A chance to raise awareness on data privacy, last year we had the idea of organizing a data privacy quiz with privacy perfume as the reward for the winners
Continue reading
Privacy All Stars
Stay updated with future events and resources
Get updates on email
Stay up to date with our Data Privacy events and gatherings, and when new insights are published.
We are also on Slack
Connect with like-minded professionals and learn from the best in the field of data privacy.
More about the event
Who are Data Privacy Stars?
Data Privacy Stars are innovative privacy champions who have a grasp of today’s challenges and can project a vision about what should come next. ‘Privacy All Stars' are professionals with considerable data privacy-related achievements accumulated over the years, while 'Privacy Rising Stars’ are passionately driving data privacy initiatives.
Data Privacy Stars are innovative privacy champions who have a grasp of today’s challenges and can project a vision about what should come next. ‘Privacy All Stars' are professionals with considerable data privacy-related achievements accumulated over the years, while 'Privacy Rising Stars’ are passionately driving data privacy initiatives.
How is Privado celebrating Data Privacy Day?
Privado is celebrating Data Privacy Day by recognizing individuals doing outstanding work in implementing innovative privacy programs. As part of its Data Privacy Stars campaign, Privado has planned a series of activities to celebrate and recognize these individuals.
Privado is celebrating Data Privacy Day by recognizing individuals doing outstanding work in implementing innovative privacy programs. As part of its Data Privacy Stars campaign, Privado has planned a series of activities to celebrate and recognize these individuals.
What does it mean to be a Data Privacy Star?
The ‘Data Privacy Star’ recognition validates individuals who receive it as innovative privacy champions who have a grasp of today’s challenges and can project a vision about what should come next.
The ‘Data Privacy Star’ recognition validates individuals who receive it as innovative privacy champions who have a grasp of today’s challenges and can project a vision about what should come next.
What activities does the program entail?
As part of the Data Privacy Stars campaign, Privado has planned a series of activities to celebrate and recognize the privacy stars. These include a series of 10-minute video interviews called 'Star Insights', a microsite featuring Data Privacy Stars, celebrating the Privacy Stars on the NASDAQ Billboard, exclusive Data Privacy Week Dinners in the US and Europe, and ongoing engagement on the Privado Community.
As part of the Data Privacy Stars campaign, Privado has planned a series of activities to celebrate and recognize the privacy stars. These include a series of 10-minute video interviews called 'Star Insights', a microsite featuring Data Privacy Stars, celebrating the Privacy Stars on the NASDAQ Billboard, exclusive Data Privacy Week Dinners in the US and Europe, and ongoing engagement on the Privado Community.
I still have questions, who can I connect with?
If you have any questions or want to know more about the Data Privacy Stars campaign, you can reach out to Privado on hello@privado.ai.
If you have any questions or want to know more about the Data Privacy Stars campaign, you can reach out to Privado on hello@privado.ai.