Update 02-08-2022: Part II on Habits and Systems for Success is now live|

Ten years ago I started my career in privacy and data protection when started writing my LL.M thesis on the first published draft of the GDPR. I’ve gotten so much from the privacy community that I want to mark my decade in privacy by giving back. This post will be part of a series on the topic of privacy careers.

So far, I have held the following positions:

• privacy-tech entrepreneur;

• consultant for my own company as well as for one of the Big 4;

• in-house as a Senior Privacy Manager at a multinational tech company;

• professional public speaker;

• lecturer;

• in-house as the Global Head of Privacy at Logitech, which is where I am now.

This post is the first in a series where I talk about what I have learned to date about these different roles and what I think is important if you want to develop or start your privacy career. Bear in mind that I will be using the word ‘privacy’ to refer to both privacy and data protection - I am acutely aware they mean different things, but I also want to make this an easy read. I sourced quite a few questions to incorporate on LinkedIn and I intend to cover most of them in this series, so do subscribe to this blog if you want to receive updates. Lastly, here is my disclaimer: there is not just one way to start and develop your privacy career, this is what I have found helpful with my personal opinions thrown in for good measure. Also, public sector and law firm experience are not covered in this post.

However, I am confident a lot of what I am about to cover could be applied to most privacy career paths.

How can i get into privacy?

Most roles now require an undergraduate degree in a relevant discipline or other proven privacy knowledge or expertise. A law degree may be the most obvious one. to choose but business and technical degrees also fit for many privacy roles. If you are starting out, actually knowing the law is required. How else will you be able to translate the legal requirements into organisational processes, policies and controls? This does not mean you need to go from 0 to 100 overnight, but a basic understanding is needed. While the laws around the world do differ, an understanding of the GDPR, CCPA/CPRA and how the ePrivacy Directive works will definitely be helpful as you start your job hunt. This may sound overwhelming, but you can start with getting a certification such as those offered by the IAPP. Also, do your homework. There are lots of reliable free resources such as law firm blogs and papers on SSRN. When I started out, I followed a lot of experts on Twitter and Linkedin to learn more and stay up to date which is still helpful to me today.

Personally, I believe that it is important to believe in what you do for a living. This is especially true if you are just getting started. Believing that privacy matters will be a key factor in your success. After all, it is hard to power through a steep learning curve when you do not believe that what you are working on will make a difference. I’ve never had time for the “privacy is dead”-people, I still don’t. Privacy is not going anywhere. In fact, it will continue to become more important as absolutely everything becomes a data point. For example, Web 3.0 will bring new challenges with the Metaverse forcing us to define what privacy will even mean in there and the expanding adoption of A.I creating privacy-adjacent questions in relation to data ethics and algorithmic transparency. The opportunities are endless and the world needs people with different skillsets and interests.

Do you need to be A lawyer?

This has become a controversial question in some circles and the short answer is: it depends who you ask. My personal view is that the answer to this is: it depends (sorry not sorry). If you want to be a privacy counsel then yes, you need a law degree and you should qualify as an attorney. Do you need it to work on a privacy team: no, you do not. I believe the power lies in multi-disciplinary teams. In other words: successful privacy teams need different types of roles in those teams such as privacy analysts, project/program managers, people managers, privacy counsels and privacy engineers (though these usually work in technical teams) . When it comes to the day-to-day of privacy work, a lot of it is incredibly operational and having a law degree is not necessary. There are many other ways to get the legal knowledge you need to be successful in some of those roles without going to law school as discussed above. Technical and business skills are incredibly important. Your success will often depend on:

• whether you understand what a product/service aims to achieve;

• from a technical standpoint, how it works;

• your ability to explain complex legal concepts into normal language and workable solutions. If you have to use jargon you do not understand it well enough.

Lastly, interpersonal skills (“soft skills”) are essential. You need to be able to bring people along, it helps if people like you and are comfortable talking to you and of course, energy! The latter is not talked about enough. Compliance can be seen as boring, but you don’t have to be. Bring a sense of humour and plenty of energy to your engagements with people. It will make all the difference.

HOW TO LEVEL UP?

This is for those of you happily working in your role but looking how to get to the next level. There are a couple of questions I suggest you think about when it comes to what you are doing inside the company:

• Does your manager know? If not, it may be good to talk to them and see what opportunities are out there for career development. I’ve done this many times and I’ve only had great conversations follow. Fortune favours the brave.

• Are you doing more than what your role requires right now?

• Can you talk about additional education that might help improve your chances of a promotion?

What you do outside of your day job is also important. Here are some of the things I have found helpful:

• Continue your education. I cannot stress this enough, even now I am in college continuing my executive education at Stanford. It took me a while to get there but here we are. I’ve done CIPP/E as well and I’ve trained other people to sit the exam as part of previous roles. There are also lots of informal ways to keep learning such as attending conferences or looking at conference recordings for free on Youtube. (Shout out to CPDP!)

• Apply for mentorships and fellowships.

• Write. It does not have to be a dissertation, a short LinkedIn or Medium article will do.

• Engage. Be active on social media such as Linkedin and Twitter, get to know the community.

• If you can, speak at events. It does not have to be a keynote, starting with a panel can be a lot less intimidating. It is worth the investment to get good at public speaking.

• If events are too much, perhaps you could consider a podcast.

In short, it helps if people know who you are.

In the following paragraphs I will go into two different roles I have held and my experience with them.

Entrepreneurship

When I started out, privacy-tech was quite a new space and I had a good idea so I went for it. Whether this is the route to go down depends on a variety of factors. First, it is helpful if you actually have a business idea and some of the skills required to make this work. I got a second Master’s degree in Business Information Systems supplement my undergrad in Law and Master’s in E-Law and IP. After all of this academic work I still knew nothing and I learned most from my years actually being an entrepreneur. Action eats strategy for breakfast. Entrepreneurship is certainly not for everyone, but it can be an exciting adventure for some.

I really liked:

• The excitement of it, no day is the same and there are so many amazing things that can happen when you consistently work hard to make it work. The highs make up for the crushing rejection which is part of it too.

• Pitching for money and/or awards, I am fiercely competitive!

• The autonomy, it is nice to be in control of your day.

• Being out there in the world. I was pitching to ANYONE who would listen, and probably many who didn’t want to listen but were too polite to send me away. I love being around people, so this made me happy and energised.

• Feeling empowered, there is something really special about going out there on your own. It is terrifying, but it also feels like you are walking the talk if you are into female empowerment especially.

• Steep learning curve. I used to joke I was the Chief Everything Officer (CEO). I had to do everything and learn everything, fast. I thrive with a challenge, but not everyone does so it is important to be aware of that.

• The community and startup life. There is a real sense of belonging and being in it together. I’ve made some friends for life and remain involved by giving back now that I am in-house.

entrepreneurship has unique challenges, I found these difficult at times:

• It is volatile. There is very little security unless you are starting off with plenty of cash in the bank. Risk taking can be stressful, those with anxiety should be mindful of this.

• Doing tasks I disliked such as financial projections, book keeping etc. It felt so tedious to me and I was not playing to my strengths.

• Loneliness. I promise I am not suffering from cognitive dissonance, you can be part of a community and still experience loneliness. After all, when you are the founder and CEO, some of your challenges are only felt by you. It can also be tough to grind it out by yourself for years with little to show for it.

Would I do it again? In a heartbeat! But I would recommend not being a sole founder, starting with a multidisciplinary founding team is essential. You basically need ALL the skills imaginable.

Consultancy

I was a consultant at one of the Big 4 and also independently with my own company. They were slightly different experiences but there are enough similarities for me to cover them in one section. I particularly enjoyed:

• That I got to work with incredible people; colleagues and clients.

• Exposure to very large and well-known organisations/brands.

• Lots of variety in terms of what industries you could be doing work for.

• Great way to build your network as there may be various events such as breakfast briefings.

• I did quite a lot of speaking in front of groups for this, which I enjoyed and helped me improve my public speaking skills.

• Learnt a lot about project delivery, management and leadership.

In terms of the skills I think are useful if you want to work as a consultant:

• Privacy expertise.

• Good interpersonal skills, especially being good at interviewing people if gap-analyses will be part of your job.

• Basic understanding of project management.

• Presentation skills and the ability to create a slick powerpoint preso.

Stay tuned for part II where I will discuss in-house roles and various other questions you have asked me. If you have any other questions for me, please leave a comment below. We will see how many parts there will be to this series. Do share this if it was useful for you.