Matthew Kay

Matthew holds the CIPP/E, CIPM, a Masters in Information Rights Law and Practice, and the BCS certificate in Data Protection. He is also an IAPP Fellow of Information Privacy as well as being a certified Level 5 SAFe Agilist.

He currently leads the Advisory and Records Management functions for Metro Bank(UK) operating under the SMCR regime providing strategic leadership to a team of data protection and records management professionals ensuring the bank complies with the UK GDPR and other associated legislation.

Prior to working in financial services he has worked as a Data Protection Officer for large scale organisations across numerous sectors such as media, technology, construction, health and safety and local government. In these roles he has provided expert guidance across 96 jurisdictions, driving robust compliance by implementing strong controls to reduce privacy risk.

Before his time as an in house Data Protection Officer he led a team of Auditors at the Information Commissioner’s Office (ICO) within the Assurance department helping organisations improve their data protection, privacy and information security(assessing to ISO27001 standard) practices to reduce risk. He provided expert advice to local government, criminal justice and health organisations through on-site audits which were followed up with listed recommendations. Matthew also worked as part of a network of trainers delivering internal training to all levels within ICO.

In addition to his core work in Financial Services he is also a board member of the Data Protection Network and a regular speaker at numerous external events on Data Protection and Privacy to help assist other organisations with compliance and share best practice.