Building a Scalable Vendor Assessment Process (GDPR & NIS2) | Natalija Bitiukova

How privacy teams can deliver proactive change | Ben Westwood

In Episode 12 of Practical Privacy, Orla Dormer is joined by Ben Westwood, Head of Compliance and DPO at the Motor Insurers’ Bureau, to discuss one of the biggest challenges facing privacy and compliance professionals today: How do you deliver proactive change when reactive work never stops? Ben shares how structured annual planning, maturity assessments, risk registers, and alignment with business objectives have transformed the way his team delivers privacy and compliance outcomes. We discuss: * Why every privacy team should have a strategic plan * How to balance proactive vs reactive work * Using maturity assessments to prioritise effort * Connecting privacy goals to wider business objectives * Getting executive buy-in for compliance initiatives * The importance of reviewing and demonstrating progress A practical conversation packed with actionable ideas for privacy leaders, DPOs, and compliance professionals trying to create meaningful change inside busy organisations.

Building a Scalable Vendor Assessment Process (GDPR & NIS2) | Natalija Bitiukova

Building a scalable vendor assessment process sounds straightforward—until you’re dealing with 50,000+ vendors across 40+ countries.In this episode, Natalija Bitiukova (Head of Data Protection & Digital Law at Carlsberg) shares how her team tackled this challenge in practice, moving beyond fragmented systems and “paper compliance” to a more operational, scalable approach.We discuss: * The pitfalls of running privacy and security assessments separately * Why most vendor assessments fail after the questionnaire stage * How to simplify assessments for real users (not lawyers) * The importance of data quality and realistic resourcing * Change management in large, decentralized organisations * Getting leadership buy-in by framing compliance as a business issue A practical conversation for anyone working on vendor risk, GDPR, NIS2, or scaling compliance processes. About the podcast: Practical Privacy explores how privacy and security teams solve real-world challenges at scale. Brought to you by TrustWorks https://www.trustworks.io/ [https://www.trustworks.io/]

Being a global data protection leader (why privacy alone isn’t enough) | Vicky Owens

In this episode of Practical Privacy, Orla Dormer speaks with Vicky Owens, Senior Data Privacy and Compliance Counsel at SkyShowtime, about the challenges of being a global data protection leader. Vicky shares why a privacy-only mindset often falls short, and how understanding business priorities, aligning with stakeholders, and positioning privacy as an enabler is key to success. A practical conversation on influence, prioritisation, and making privacy work in complex organisations.

Designing a global privacy framework (what actually works) | Marcelo Canha

What does it take to build a global privacy framework that actually works? In this episode, Marcelo Canha, Global Privacy Director and DPO at Organon, shares his experience designing a privacy program from scratch across 80+ countries — starting with a technically perfect framework that ultimately failed. The lesson? Complexity doesn’t scale. Marcelo explains how shifting to a simple, practical approach — focused on DPIAs, RoPAs, and real business needs — made the difference, and why buy-in is not just a buzzword, but a strategy. A must-listen for privacy leaders navigating global compliance, limited resources, and the gap between regulation and reality.

How to become a DPO (without a traditional background) | Naveed Malik

What does it really take to become a DPO? In this episode, Naveed Malik (Group DPO at Informa) shares his journey from a non-traditional background into a senior privacy role — and why technical expertise alone isn’t enough. From building leadership skills outside of work to learning inside established governance frameworks, this episode explores the practical steps needed to bridge the gap and grow into a DPO role.