Data Protection Services
Data Privacy Framework Implementation Help
DPO Consultant Services
Data Privacy Assessment and Audit Consultant Support
Data Privacy Records Management Consulting Support
Data Privacy and Protection Staff Training Consultant
Home Slide
ISO / NIST Controls
We can help implement robust data privacy and security controls for better governance!
Image not available
Image not available
Frameworks Slide
Privacy Controls
Embed privacy controls in your AppDev and system architecture using our expertise
Image not available
Image not available
DPO Service
Data privacy legislation
Stay up to speed with the latest rules for EU and US privacy legislation.
Image not available
Image not available
Auditing Slide
AUDITING
DPIA's / DLP Policies / Risk Register Remediation & Processor Due Diligence
Image not available
Image not available
Records Management Slide
records management
We support GDPR requirements for management of ROPAs / BCRs / DSARs / Processor Agreements & Data Retention polices.
Image not available
Image not available
Corporate Training
Corporate Training
Onboarding, Annual Compliance, AppDev Privacy Controls & CyberSecurity Training!
Image not available
Image not available
previous arrowprevious arrow
next arrownext arrow
PlayPause

Data Privacy & Security
Governance Services


What I Provide: I provide data privacy and protection consultant services on a short to medium term basis for firms needing a qualified privacy technologist.
An example of recent projects as a contract DPO / Privacy Technologist that I have worked on include,

    • A data privacy program implementation based on ISO27701:2019 to support a multi CSP environment migration
    • An enterprise data de-identification project using several P.E.T. technologies
    • A DLP system implementation leveraging data mapping, a privacy safeguards policy base and SIEM alerting functionality
    • A RBAC review of systems in the transmission path of PII data in a financial services company
    • A multi-modal privacy awareness program development and tracking system for 2500+ user base.

The Privacy Resource Challenge: According to numerous data privacy industry reports including the 2020 data privacy officer priorities report and the veeam 2020 data protection trends report there is a systemic shortage of skilled staff who are fluent in data privacy and protection, particularly in cloud environments. Veeam classifies the staffing problem as chronic particularly when it comes to new data protection initiatives.

Their report further classifies problems behind staffing and budget
as firms face an inability to support DevOps or AppDev and an inability to demonstrate assurance for compliance which is seriously hampering their ability to meet regulatory obligations and business goals.
Within the staffing challenge of course their are even more nuanced issues as it typically takes firms 2-5 months before permanent data privacy roles are filled while most candidates that do take up roles have an average of 18 months direct experience in data privacy.

The Solution:
As a data privacy and cyber security professional of 25 years international experience for over 15 different financial services and healthcare firms, I know a thing or two about data privacy and protection.
I’ve worked on digital transformation projects as a privacy officer and cyber security professional in AWS and Azure cloud environments and am well versed in ISO-27001, GDPR, PCI-DSS, NIST, OWASP and CIS controls positioning me well to work with IT security, AppDev and business teams.
I work exclusively on a contract basis, giving you the flexibility to expand or contract the scope of engagement and actually save money in comparison to the overheads associated with a FTE.
Read more about specific service offerings in the next section.

What I Provide: I provide data privacy consultant services on a short to medium term basis for firms needing a qualified privacy technologist.
An example of recent projects as a contract DPO / Privacy Technologist that I have worked on include,

  • A data privacy program implementation based on ISO27701:2019 to support a multi CSP environment migration
  • An enterprise data de-identification project using several P.E.T. technologies
  • A DLP system implementation leveraging data mapping, a privacy safeguards policy base and SIEM alerting functionality
  • A RBAC review of systems in the transmission path of PII data in a financial services company
  • A multi-modal privacy awareness program development and tracking system for 2500+ user base.

The Privacy Resource Challenge: According to numerous data privacy industry reports including the 2020 data privacy officer priorities report and the veeam 2020 data protection trends report there is a systemic shortage of skilled staff who are fluent in data privacy and protection, particularly in cloud environments. Veeam classifies the staffing problem as chronic particularly when it comes to new data protection initiatives.

Their report further classifies problems behind staffing and budget
as firms face an inability to support DevOps or AppDev and an inability to demonstrate assurance for compliance which is seriously hampering their ability to meet regulatory obligations and business goals.
Within the staffing challenge of course their are even more nuanced issues as it typically takes firms 2-5 months before permanent data privacy roles are filled while most candidates that do take up roles have an average of 18 months direct experience in data privacy.

The Solution:
As a data privacy and cyber security professional of 25 years international experience for over 15 different financial services and healthcare firms, I know a thing or two about data privacy and protection.
I’ve worked on digital transformation projects as a privacy officer and cyber security professional in AWS and Azure cloud environments and am well versed in ISO-27001, GDPR, PCI-DSS, NIST, OWASP and CIS controls positioning me well to work with IT security, AppDev and business teams.
I work exclusively on a contract basis, giving you the flexibility to expand or contract the scope of engagement and actually save money in comparison to the overheads associated with a FTE.
Read more about specific service offerings in the next section.

Data Privacy Services

These are key service areas I can offer help with.

  • Act as Your Registered DPO

  • ISO 27701 Implementation

  • Data De-Identification
  • Privacy Risk Awareness Training

  • Impact Assessment Programs
  • Enterprise DLP Projects
  • Cloud RBAC Reviews
  • Legal / HR / DPC Liaison

an image of Paul Rogers - Data Privacy and Protection Consultant - data-privacy.io

I’ve worked on major data privacy projects for Wall st firms, New York HHC hospitals,  UK banks and multi-national insurers, bio-tech and other market segments over the last 20 years.

As a highly qualified and experienced privacy and cybersecurity consultant I help firms navigate the complexities of HIPAA, GDPR, CCPA and other privacy focused regulations in an international context and in context of their overall compliance strategy.

Using my extensive experience in privacy and security supports stakeholders decision making efforts over what controls to implement, risk management and efforts to comply with evolving regulations.

I believe my background in data privacy & governance, cybersecurity, forensics and engineering offers clients a hard to find blend of skills in a competitive jobs market.
In addition to privacy focused frameworks I have an extensive track record in developing security processes and procedures including ISO-27000, NIST, Cloud CSM, OWASP, PCI-DSS and regularly work with Agile development teams, business analysts, IT, Legal and HR to implement data privacy tasks.


I offer fixed price rates tailored to suit your organisation. There are no hidden costs ensuring there is no uncertainty with price when it comes to data privacy.

You can preview my CVHere- and use the enclosed form at the bottom of the screen to request a full version be emailed to you. We can setup a call to discuss your needs at your convenience.

Why a privacy consultant maybe the right fit!

When time pressure is a factor and shortage of in-house skillset is also a challenge, particularly when it comes to international regulations, then getting immediate help from a qualified consultant is the answer.
Most hiring managers have reported on average 2-5 months before full time compliance positions are filled. The average number of candidates being interviewed is between 2 and 4 per week.
When you factor in the interview time, CV review time, overheads with having a full time staff member and time taken away from other tasks, it makes the recruitment and retention process costly in terms of money and onboarding effort.

Fixed Term Contract

A fixed term contract from 3 months to 1 year is probably a good option while you wait to hire a FTE or up-skill an internal resource. It may also be a case that you only need part-time support for example 80 hours per month, we can discuss that too.
In any instance, I can act as your point person on all things privacy related and take on any necessary tasks such as;

  • Records management
  • Policy development
  • Dealing with EU data privacy authorities, State AG offices etc.
  • privacy and security assessments and remediation
  • Incident handling
  • Implementation of privacy enhancing technologies (PET’s)
  • Training and more.

Which are all required under data privacy rules

an image of Paul Rogers - Data Privacy and Protection Consultant - data-privacy.io

I’ve worked on major data privacy and cyber security projects and roles for highly regulated firms including the New York Stock Exchange, Wall st investment banks, Irish & UK banks and insurers and other market segments over the last 25 years.

As a highly qualified and experienced privacy and cybersecurity consultant I help firms navigate the complexities of privacy regulations in an international context and in context of their overall compliance strategy.

Using my extensive international experience in privacy and security, I help stakeholders in their decision making efforts over what controls to implement, risks to priortise and efforts to comply with evolving regulations.


I offer fixed price rates tailored to suit your organisation. There are no hidden costs ensuring there is no uncertainty with price when it comes to data privacy.

You can preview my CVHere- and use the enclosed form at the bottom to request a full version be emailed to you. We can setup a call to discuss your needs at your convenience.

When a privacy consultant maybe the right fit!

When time pressure is a factor and shortage of in-house skills is also a challenge, particularly when it comes to international regulations, then getting immediate help from a qualified consultant is the answer.

Most hiring managers have reported on average 2-5 months before full time compliance positions are filled. The average number of candidates being interviewed is between 2 and 4 per week.
When you factor in multiple rounds of interview time, overheads with having a full time staff member and time taken away from other tasks, it makes the recruitment and retention process costly in terms of money and onboarding effort.

Benefits of a Contract

A fixed term contract from 3 months to 1 year is a good option while you wait to hire a FTE or up-skill an internal resource. It may also be a case that you only need part-time support for example 80 hours per month, we can discuss that too.
In any instance, I can act as your point person on all things privacy related and take on any necessary tasks such as;

  • International data transfers
  • Control mapping to various regs
  • Records management
  • Policy development
  • Dealing with EU data privacy authorities, State AG offices etc.
  • privacy and security assessments and remediation
  • Incident handling
  • Implementation of privacy enhancing technologies (PET’s)
  • Training and more.

Which are all required under data privacy rules



Why Work With Me

EXPERIENCE
COMMUNICATION
INTEGRITY

Experience : Data protection work requires an ability to interpret often complex legal regulatory text and apply them to specific ISMS controls in different business units.  This ability must be complimented with direct experience in conducting data privacy impact assessments in a structured method along with keeping on top of remediation activities, data subject access requests, communications with the DPC /ICO, record keeping and staff training etc.

Combine all these requirements with a need for deep technical understanding and application of privacy controls such as data minimisation techniques..

 

read more…

Data protection work requires an ability to interpret often complex legal regulatory text and apply them to specific ISMS controls in different business units.  This ability must be complimented with direct experience in conducting data privacy impact assessments in a structured method along with keeping on top of remediation activities, data subject access requests, communications with the DPC /ICO, record keeping and staff training etc.

Combine all these requirements with a need for deep technical understanding and application of privacy controls such as data minimisation techniques, cryptography, data loss prevention (DLP) policies, identity and access management (IAM), multi factor authentication (MFA) and other vendor specific methods to deliver it all effectively.

In short, in order to win stakeholder confidence, the voice of experience will always be top of the list and will make the difference in project outcomes every time. Settling for something less will risk financial and personal reputational loss which is avoidable by engaging with us.

Experience must be accompanied by effective communication to all stakeholders in the data privacy sphere. Stakeholders such as CIO’s, compliance officers, data processors, security staff, HR, legal, marketing, parent/subsidiary offices, data protection authorities and so on. Effective communication is contingent on recognising who the audience is, explaining risk in plain english and in the context of the standard model of threats, likelihood and impact.

Communication like this is built on the experience of using effective reporting metrics, well structured slide decks and information sessions in the context of first hand experience. Underpinning all of this of course is the ability to listen to stakeholder needs and setting and delivery of expectations.

Holding a high ethical standard and maintaining independent judgment within sight of the best interest of the client and clients they serve is always of paramount importance. Never more so when it comes to data protection activities. GDPR regulations of all the regulatory standards singles out independence and integrity as essential characteristics for this type of role.

With this in mind, telling the truth on a factual basis, being fair to all parties and accurate representation in reporting as all of the utmost importance. Integrity is synonymous with being fair and balanced at every decision point. This, along with experience and communication is what we believe to be the difference in our service approach.

COMMUNICATION SKILLS
INTEGRITY
EXPERIENCE


“Paul effectively applied his data privacy skills to assist the team. He handled specific objectives within a collaborative team atmosphere while simultaneously working on a variety of projects. Paul maintained a good working relationship with clients and worked effectively with client management and staff at all levels to gather information and perform services. He is truly a pleasure to work with and his passion for his profession is very refreshing.”

Sabara Heath , Philadelphia Insurance

“Paul has outstanding communication skills and works well with people at all levlels. He has the intellect to grasp complex problems quickly and experience to identify vulnerabilities and weaknesses in existing controls, to understand related risks and to design controls that need to be in place to mitigate those risks. I look forward to the opportunity to work with Paul again in the future.”

Danko Panchich, Barclays

“Paul’s work was always extremely diligent and thorough, and Paul was a very conscientious and dedicated worker. I highly recommend Paul and would gladly work with him again in the future.”

Vas Rajan, Philadelphia Insurance

I highly recommend Paul as an asset to any group. He demonstrated an appreciable work ethic with deep knowledge of his area of expertise. This was coupled with a complementary understanding of the interactions of his responsibilities with the rest of the organziation. I am eager to enjoy the opportunity to work with him again.

Paul Kipping, Elan Pharmaceuticals
TRUSTED BY GLOBAL BRANDS

Visit my Profile on Linkedin or Partner Company on Facebook

My Objective

My objective is to increase your capability maturity model so stakeholders become more security and GDPR regulation aware in their decision making processes

Blog Section


– NEW-

  • How to security your wordpress site, ways to improve your website security

How to Secure WordPress

In this article we cover how to secure your wordpress from hackers and spammers using a few simple tips and precautions.

GET IN TOUCH

If you’d like to to talk us about your data privacy needs, please use the form below and I’ll get back to you shortly.

    Subscribe to our mailing list