Linda Thielová serves as Head of Privacy CoE, DPO at OneTrust, the world’s most widely used privacy, security, and trust technology platform.

In her role, Linda provides guidance on GDPR, ePrivacy, and global privacy-related obligations to support customers and product innovation. She is also responsible for overseeing OneTrust’s data protection strategy and implementation to ensure compliance with GDPR requirements. 

Linda conducts training and workshops on the global privacy landscape and regularly contributes to various publications and conferences.

GRC World Forums spoke to Linda as part of her participation in our Women in GRC Forum, about her career journey and the advice she would offer to professionals starting out in the privacy field today.


Before starting at OneTrust, you held a number of legal roles. Could you explain how you came to be interested in the field of privacy?

Since law school, I was very passionate about human rights law and (perhaps surprisingly) also legal compliance. I was instinctively pursuing these themes in my roles—in the supreme administrative court as well as during in-house legal practice. 

Privacy was a recurring topic that was at the intersection of my favourite subjects, and I came to appreciate that privacy is one of the few human rights that can be operationalized and advocated for from inside the business itself. 

What is more, privacy can be used as a business enabler and competitive advantage, which is what makes it very unique from a compliance perspective. 

These two sides of privacy were what got me “hooked”, and seeing the potential (as well as real challenges) while implementing privacy “sealed the deal” for me.


How important do you think it is for a Chief Privacy Officer to have a legal background?

I think it can be helpful to have legal background or some form of legal knowledge for the CPO function, because a large portion of Privacy is rooted in legislation, regulations and case law.

Legal education can be helpful to unlock the understanding behind how all of these resources work together, how to interpret them, and how to decode the ‘legalese’ of these documents. 

With that said, I get a sense that the legal background’s importance sometimes overshadows a lot of other equally important skills and knowledge that are critical for the CPO function. 


Some people come into senior privacy roles primarily via an interest in technology, rather than the law. Do you think it’s important for a privacy professional to have a solid knowledge of tech?

It’s critical for privacy professionals to have a solid interest and open mind towards learning about tech. 

With the speed of current tech developments, we can’t expect everyone to know everything, but people who are keen to learn about new tech and who are not afraid to ask questions are typically the ones who add a lot of value to the privacy tech debate. 

Each business will have a different appetite for innovative technologies’ use, but a solid understanding of the privacy basics relating to cloud computing or cookies will be needed by most privacy pros. 


Do you think it’s important, for those just starting out in the privacy sector, to earn privacy certifications or qualifications alongside professional experience?

I think it’s definitely helpful to pursue and earn privacy certifications. 

With privacy still being a relatively young and rapidly expanding field, privacy certifications are sought after by many businesses (including ours) as a good recommendation of the candidate’s overall privacy understanding and genuine interest in a career in the field. 

Privacy certifications (such as the IAPP CIPP/E or CIPP/US) are also extremely helpful in exposing the candidate to a more holistic overview of privacy in a certain jurisdiction, which can be great for those who are more specializing towards a particular area in their privacy careers. 


What advice would you give to someone in a junior privacy role who is looking to progress to a more senior position?

Try to build out your knowledge in technology, privacy law, as well as security and other compliance areas. 

It’s also extremely helpful to nurture connections with teams across the business and different business owners, because this helps you to understand the potential privacy issues as they emerge. 

Finally, don’t be afraid to seek out mentors from inside or outside your organization.


Did you miss the Women in GRC Forum? Here are two great sessions available on-demand:

Joining the Board and Getting Your Voice Heard

The lack of women on company boards is an ongoing issue in the GRC profession. 

Join Fiona Hathon, CEO of, Katherine Tulpa of Wisdom8, Victoria Stubbs of the Cambridge Building Society, and Lisa Campbell, CMO at OneTrust as they discuss how women in compliance can reach the top of their organisations.


Finding and Keeping Your Authenticity on the Path to Leadership

We know we can’t be all things to all people—yet we catch ourselves trying to be. 

You nod and smile at something your boss says, when in fact you don’t agree. Or you dress in a certain way to fit in and impress others.

In this keynote, Asha Palmer, Chief Ethics & Compliance Officer & EVP at Convercent by OneTrust, explores what it means to be an intentional and authentic leader and shares tips and tactics for how to do s