Meet the expert: Sam Smith to speak at #RISK London

Taking place on October 18 and 19 at EcXel London, #RISK London addresses the issues impacting organisational risk today, from Governance, Risk and Compliance (GRC), to Environmental, Social and Governance (ESG), organisational culture, and much more.

The event builds on the success of #RISK 2022, allowing organisations to examine the cumulative nature of risk, unite GRC specialities and share views with subject-matter experts.

Sam Smith is Head of Data Compliance and Data Protection Officer at Merlin Entertainments. A qualified solicitor and CIPM accredited Group Data Protection Officer, Sam has extensive knowledge of GDPR and international privacy and data protection laws. She is attending #RISK London to discuss how AI and other emerging technologies may influence privacy and upcoming data protection regulation.

Sam spoke with us recently to give more details on her career pathway and to introduce the themes on the table at her #RISK London session.

Could you outline your professional journey to date?

After finishing university, I qualified as a solicitor and began working in the corporate/commercial field. I had always had a keen interest in technology and when a role in data protection became available, I had to go for it.

I invested a lot of time learning the specialist field of law and then applied it in practice through working full-time. Having worked across both the public and private sector advising small, medium and global organisations on data compliance matters, I am now the Group Data Protection Officer for a worldwide entertainments company.

How significant an impact will AI have on data protection and privacy regulations?

AI is a real hot topic at the moment and in all honesty, it seems as though business and regulators are still getting to grips on how exactly the technology will work in practice.

We all know that technology advances far faster than the law can keep up with and there will need to be an acceptance that the evolution of technology has led to us leading our lives the way we do today.

Blocking the use of AI is not the way to go but navigating through the complexities of bias, malicious actors and trust in the tech is going to take years to really get a handle on. There will be a need to continually update and adapt guidance to account for changes in the ways businesses operate and the technology advances.

What are the best approaches organisations can take as they bid to embrace emerging technologies while prioritising compliant data handling practices?

I encourage all my colleagues to come and speak to my team when they are looking at new technologies involving the use of AI and machine learning. This technology is going to drive optimised working within organisations but at the moment, there are very little assurances around how the technology works or in fact how it could work.

My key advice is to always understand the purpose: what is the purpose of using AI? Can the organisation justify it and what can we do to make sure we have documented the decision-making and testing of the technology to meet that purpose?

When it comes to data protection, it all comes down to the risk-based approach and transparency – with AI that becomes all the more difficult!