Taking place March 12 and 13 at Park Plaza, Riverbank, London, PrivSec & GRC Connect London provides a platform for organisations to address the cumulative nature of risk.

PrivSec & GRC Connect London’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape.

Event speaker, Alexandra Khammud is a Senior Information Security Project Manager (Data Protection and Privacy Engineering) specialising in IT SOX Audit and Operational Audits (e.g. CyberSecurity, Privacy, Cloud).

Alexandra will be at PrivSec & GRC Connect London to discuss the UK’s new version of the Data Protection and Digital Information Bill, and what the revision means for British businesses and their trading partners.

Below, she answers questions on her professional journey and introduces the key issues of her PrivSec & GRC Connect London session.

Could you briefly outline your career pathway so far?

I embarked on my professional journey at Delivery Hero, where I started as a Legal Associate in August 2019. During my three months there, I gained valuable insights into the legal intricacies of the business world, setting the foundation for what would become a dynamic career in data protection and cybersecurity.

Eager to expand my horizons, I joined RSM International in October 2019 as an IT Audit and Data Protection Consultant. Over the course of a year and two months, I delved into the realm of data protection consulting and audit activities, performing cybersecurity and privacy audits. Engaging in international audit engagements across Europe, I managed to blend my legal background with the technical intricacies of IT controls, governance, and risk management.

Building on this enriching experience, I transitioned to Activision Blizzard in November 2020 as an IT and Cybersecurity Auditor. In this role, I focused on cybersecurity audits, SOX compliance, and privacy assessments, advising on the implementation of robust security measures and contributing to effective cyber risk management.

My journey at Activision Blizzard evolved further as I assumed the role of Senior Project Manager for Data Protection, Privacy, and Information Security in November 2022. Over the past year and a month, I’ve been at the forefront of managing privacy projects, ensuring alignment between legal and tech teams, and providing guidance on compliance activities.

Collaborating with internal and external stakeholders, I’ve played a pivotal role in the development and delivery of strategic cross-functional projects, with a keen focus on compliance requirements.

Each step in my career has been a building block, contributing to a holistic skill set that seamlessly blends legal acumen, IT expertise, and project management skills. The challenges and successes along the way have shaped me into a professional ready to navigate the complex and ever-evolving landscape of data protection and cybersecurity.

How does the UK government’s new version of the UK Data Protection and Digital Information Bill differ from the first?

The new version of the UK Data Protection and Digital Information Bill likely incorporates feedback from stakeholders and experts, addressing concerns raised during consultations and parliamentary debates.

It may include additional provisions for data breach notifications, stronger penalties for non-compliance, and clearer guidelines on cross-border data transfers. Furthermore, advancements in technology and changes in societal expectations regarding privacy may also influence the updated bill’s provisions.

What changes will organisations need to make in order to accommodate the new Bill?

Organizations will need to undertake several steps to accommodate the new Bill. Firstly, they may need to review and update their data handling policies and procedures to ensure alignment with the new regulatory requirements. 

This could involve conducting thorough data audits, implementing robust data protection measures, and providing regular training to employees on data privacy practices. Additionally, organizations may need to invest in new technologies or security systems to enhance data security and encryption.

Obtaining explicit consent from individuals for data processing activities and establishing procedures for handling data subject requests, such as access and deletion requests, will also be crucial for compliance. Finally, organizations may need to designate or appoint a data protection officer to oversee compliance efforts and serve as a point of contact for regulatory authorities.