How to be a digital enabler without compromising compliance | Naureen Hussain

Scaling ROPA, PIAs & privacy documentation across 1,000+ applications | Aaron Mendelsohn

How do you complete privacy documentation across hundreds of teams and more than 1,000 applications without overwhelming the business? In this episode of Practical Privacy, Orla Dormer is joined by Aaron Mendelsohn, Director and Senior Privacy Officer at The LEGO Group, to discuss how his team rebuilt and scaled privacy documentation across a large global organisation. Aaron explains how they combined privacy technology, risk-based prioritisation, and extensive team enablement to successfully document over 1,000 applications within a 12-month period. He also shares why privacy professionals need to move beyond policy writing and spend more time understanding how product and engineering teams actually work. This episode covers: • Scaling ROPAs, PIAs and privacy documentation programmes • Using risk-based approaches to focus effort where it matters most • The role of change management in privacy success • Building stronger relationships with internal stakeholders • Creating sustainable compliance processes that teams will actually use • Future opportunities to combine privacy, AI and broader compliance assessments A practical conversation for privacy leaders, DPOs and compliance professionals looking to improve documentation processes without creating unnecessary friction for the business.

Enhancing privacy, security & compliance without slowing business growth | Fred Descloux

In this episode of Practical Privacy, Orla Dormer is joined by Fred Descloux, privacy, security, and governance leader, to discuss how organisations can align engineering, security, privacy, and compliance in fast-moving environments where execution speed is critical. Drawing on his experience in highly regulated industries, Fred shares why traditional compliance approaches often create friction, bottlenecks, and what he describes as "compliance theatre"—generating documentation without meaningfully reducing risk. Together they explore how to: • Embed privacy and security directly into engineering workflows • Move away from compliance as a gatekeeping function • Focus on outcomes rather than perfection • Build scalable operating models that support growth • Make privacy and security everyone's responsibility • Avoid creating bottlenecks while maintaining strong controls • Prepare for audits through operational excellence rather than audit-driven processes • Balance business agility with regulatory expectationsA practical conversation for privacy professionals, security leaders, compliance teams, and anyone trying to support innovation without compromising governance. 🎧 Follow Practical Privacy for more real-world lessons from privacy, security, and compliance leaders.

How to be a digital enabler without compromising compliance | Naureen Hussain

Traditional privacy teams were never designed for agile digital transformation. In this episode of Practical Privacy, Orla Dormer speaks with Naureen Hussain, Founder of Luminate Advisers and former DPO at Virgin Media, about how privacy leaders can support rapid digital transformation without compromising compliance or creating unacceptable risks. Naureen shares why adding more privacy resources initially failed, how her team embedded into product and digital workflows, and why adopting a product mindset fundamentally changed the way the privacy function operated. The conversation explores cross-functional collaboration, agile delivery, privacy by design, and the importance of experimentation and user-centric compliance processes.

How privacy teams can deliver proactive change | Ben Westwood

In Episode 12 of Practical Privacy, Orla Dormer is joined by Ben Westwood, Head of Compliance and DPO at the Motor Insurers’ Bureau, to discuss one of the biggest challenges facing privacy and compliance professionals today: How do you deliver proactive change when reactive work never stops? Ben shares how structured annual planning, maturity assessments, risk registers, and alignment with business objectives have transformed the way his team delivers privacy and compliance outcomes. We discuss: * Why every privacy team should have a strategic plan * How to balance proactive vs reactive work * Using maturity assessments to prioritise effort * Connecting privacy goals to wider business objectives * Getting executive buy-in for compliance initiatives * The importance of reviewing and demonstrating progress A practical conversation packed with actionable ideas for privacy leaders, DPOs, and compliance professionals trying to create meaningful change inside busy organisations.

Building a Scalable Vendor Assessment Process (GDPR & NIS2) | Natalija Bitiukova

Building a scalable vendor assessment process sounds straightforward—until you’re dealing with 50,000+ vendors across 40+ countries.In this episode, Natalija Bitiukova (Head of Data Protection & Digital Law at Carlsberg) shares how her team tackled this challenge in practice, moving beyond fragmented systems and “paper compliance” to a more operational, scalable approach.We discuss: * The pitfalls of running privacy and security assessments separately * Why most vendor assessments fail after the questionnaire stage * How to simplify assessments for real users (not lawyers) * The importance of data quality and realistic resourcing * Change management in large, decentralized organisations * Getting leadership buy-in by framing compliance as a business issue A practical conversation for anyone working on vendor risk, GDPR, NIS2, or scaling compliance processes. About the podcast: Practical Privacy explores how privacy and security teams solve real-world challenges at scale. Brought to you by TrustWorks https://www.trustworks.io/ [https://www.trustworks.io/]