Victoria van Roosmalen to speak at Global Privacy Day

Livestreaming on 25 January 2024 as part of Data Privacy Day, Global Privacy Day brings together thought leaders and senior industry professionals to discuss the present landscape of data protection and privacy, and the current and future challenges that professionals face.

Victoria van Roosmalen is DPO and CISO at content and social media marketing firm, Coosto. A regular speaker at conferences across Europe, Victoria serves the IAPP, and sits on numerous global advisory boards as a trusted voice. She holds prestigious industry certifications, educates students in her areas of expertise, and helps forge (new) industry standards and materials—such as from NIST and the EDPB.

Victoria will be at Global Privacy Day to discuss the importance of measurability in effective data privacy strategies, and give guidance on how organisations can build privacy initiatives that extend beyond compliance. 

Below, Victoria answers questions on her professional journey and introduces some of the key issues arising in her Global Privacy Day session.

Could you outline your career pathway so far?

I’m formally educated in electronics & electrical engineering. Yet, my career took off through my self-gathered knowledge and experience in software development, system administration, and ethical hacking. In my late teens, I started architecting and developing software systems for e-commerce and various regulated industries, including securing sensitive personal information.

From there on, I became increasingly driven to foster safety and the right to privacy in the ever-evolving digital realm. In my late twenties, my focus shifted towards information security governance and data protection—including handling relevant legal and compliance affairs. Now, in my late thirties, I enjoy that my collective interests have become increasingly pertinent and thoroughly intertwined with practising my profession. It’s never a dull moment.

What are the main challenges facing organisations as they bid to embed measurability into privacy strategies; what does such a privacy strategy look like?

To begin with, privacy is many things; privacy is contextual; privacy is subjective; privacy is culturally influenced. Put simply, privacy means different things to different people. There’s no way to get ‘privacy’ universally right. Too often, organisations reduce individuals to mere data—essentially erasing their humanity, along with their fundamental needs and rights.

As such, privacy strategies commonly revolve around mere compliance with data protection regulations. However, laying down arrangements and measuring whether one timely responds to DSARs or data breaches is not enough. An effective privacy strategy prioritises the needs of individuals and protects their interests through proactive measures. Organisations shouldn’t underestimate their role in potentially ruining someone else’s life by mishandling data.

In short, there is no one-size-fits-all approach to privacy. Organisations should regularly review and evaluate their data processing activities, focusing on protecting individuals. The digital landscape constantly evolves, and privacy strategies must keep up.

In short, regular collaboration and independent assessments are necessary to ensure a suitable and effective strategy—and yes, this also includes reviewing whether your key performance and risk indicators are still meaningful.

Beyond compliance, what are the benefits that come with getting this right?

Prioritising and protecting the interest of individuals requires explaining the risks and consequences associated with not protecting their privacy. However, these insights must be delivered in a personable way so that they hit home and emotionally resonate with people.

Once privacy threats and potential outcomes are well understood, it forces necessary actions arising from intrinsic motivation. In my opinion, this is the most powerful driver to getting things done.

There are numerous advantages of this relatable approach. It enhances trust, reduces overall risk, yields cost savings, and sets a competitive edge in the marketplace. Most importantly, this approach encourages people to speak up when they identify or anticipate potential issues. After all, don’t we want everyone to act responsibly because it’s the right thing to do?