Meet the expert: Alexandra Khammud to speak at PrivSec Global

Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.

Alexandra Khammud is a Senior Information Security Project Manager (Data Protection and Privacy Engineering) specialising in IT SOX Audit and Operational Audits (e.g. CyberSecurity, Privacy, Cloud). She obtained an LL.M. degree in IT Law and Data Protection, graduated from an exchange program at HHL Leipzig School of Management and undertook summer school on Data Management at Maastricht University. 

Alexandra is a certified Data Protection Officer and passed the CISA (Certified Information Systems Auditor) exam last year. She appears exclusively at PrivSec Global to host a panel discussing the UK government’s reform of Britain’s data protection regulation framework. 

Below, Alexandra answers questions on her professional journey and the themes of her PrivSec Global session.

Could you briefly outline your career pathway so far? 

I embarked on my professional journey at Delivery Hero, where I started as a Legal Associate in August 2019. During my three months there, I gained valuable insights into the legal intricacies of the business world, setting the foundation for what would become a dynamic career in data protection and cybersecurity.

Eager to expand my horizons, I joined RSM International in October 2019 as an IT Audit and Data Protection Consultant. Over the course of a year and two months, I delved into the realm of data protection consulting and audit activities, performing cybersecurity and privacy audits. Engaging in international audit engagements across Europe, I managed to blend my legal background with the technical intricacies of IT controls, governance, and risk management.

Building on this enriching experience, I transitioned to Activision Blizzard in November 2020 as an IT and Cybersecurity Auditor. In this role, I focused on cybersecurity audits, SOX compliance, and privacy assessments, advising on the implementation of robust security measures and contributing to effective cyber risk management. 

My journey at Activision Blizzard evolved further as I assumed the role of Senior Project Manager for Data Protection, Privacy, and Information Security in November 2022. Over the past year and a month, I’ve been at the forefront of managing privacy projects, ensuring alignment between legal and tech teams, and providing guidance on compliance activities. 

Collaborating with internal and external stakeholders, I’ve played a pivotal role in the development and delivery of strategic cross-functional projects, with a keen focus on compliance requirements.

Each step in my career has been a building block, contributing to a holistic skill set that seamlessly blends legal acumen, IT expertise, and project management skills. The challenges and successes along the way have shaped me into a professional ready to navigate the complex and ever-evolving landscape of data protection and cybersecurity.

What are the primary changes to UK data protection law that will be introduced through the Data Protection and Digital Information Bill (No.2)?

The Data Protection and Digital Information Bill (No.2) signifies a pivotal shift in UK data protection. It introduces heightened individual control over personal data, stricter penalties for data breaches, and a comprehensive framework to address the evolving challenges posed by emerging technologies. The emphasis is on fortifying privacy rights and adapting regulatory measures to the dynamic digital landscape.

How do British businesses and data practitioners in the UK stand to benefit from these changes?

The changes ushered in by the bill offer substantial advantages to both businesses and data practitioners in the UK. 

Firstly, the enhanced control individuals have over their data fosters a climate of trust, crucial for businesses to build and maintain strong customer relationships. The stiffer penalties for data breaches act as a powerful deterrent, encouraging organisations to invest more in cybersecurity measures, thereby safeguarding sensitive information. 

Moreover, the bill’s forward-looking approach ensures that businesses and data practitioners remain agile and well-prepared to navigate the complexities of technological advancements, fostering innovation and compliance simultaneously.