$$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Expert
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Data protection specializing in GDPR and Data protection act
Samuel Allan
,
London, United Kingdom
Experience
Other titles
Skills
I'm offering
I have extensive experience in designing, building, delivering and implementing major digital and data transformation programmes, essentially focused on delivering data protection, data security, data realisation strategies and regulatory compliance. I have built from the ground up, ran teams and managed data, cyber and privacy programmes. I have a solid risk management experience and a grounded work ethic, I also command a comprehensive technical, economic, political and business understanding. I am highly practiced at embedding cultural change and transformation programmes and really enjoy making a difference.
Having served as a Data Protection Officer and Information Security Architect and held pther roles I have gained a full appreciation of what is required to establish appropriate operating and reporting structures, including building capabilities for a function / department to be successful. My experience includes being a lead architect and I possess a collective 'hands-on' pragmatic experience (18 years) of developing and managing people.
I love everything digital and technology fascinates me. I understand today's challenges and demands of protecting an organisations reputation and consumers privacy, and fully appreciate risks from different sources, such as; social media, digital, IT security, Cybersecurity, Data Leakage, Data Protection legislation, resilience, fraud, third party, regulatory complexities, contractual and organisational perspective.
What can I bring to your organisation?
• Leadership and direction, vision, clarity and the ability to translate words into action and a safe pair of hands.
• The ability to design and build a day-to-day privacy 'functional operating model' needed to ensure the safeguarding of your key assets, your customer data, your IP and your reputation.
• A seasoned technician with the ability to shape and influence stakeholders, bring together different people and strands and the ability to think holistically, or 'join-up-the-dots'. I can help influence internally and externally the thoughts and attitudes of your senior business leaders and help to ensure privacy/security when it comes to all things data.
• Delivery experience of major programmes, and lead-point on the security and data privacy engagements, including helping to design the architecture, including the enterprise architecture, cross functional dependencies and cross legal requirements to ensure a robust strategy is put in place.
• Leadership and management of individuals and project teams and acting as a fully contributing member of the leadership team - in terms of strategy, innovation, vision and direction.
• Experience of working with regulators (i.e. ICO) and drive through a PII policy that can have a lasting effect.
• Leading multi-disciplinary teams and can ensure the support of the teams through mentoring colleagues in achieving their objectives.
• First-hand experience of building solid relationships across a complex enterprise environment to enable a strong understanding and close alignment with business needs, direction, and risk appetite.
• Implementation experience of a privacy control framework built on experience of implementing risk control frameworks that can drive through real business benefit and value.
Having served as a Data Protection Officer and Information Security Architect and held pther roles I have gained a full appreciation of what is required to establish appropriate operating and reporting structures, including building capabilities for a function / department to be successful. My experience includes being a lead architect and I possess a collective 'hands-on' pragmatic experience (18 years) of developing and managing people.
I love everything digital and technology fascinates me. I understand today's challenges and demands of protecting an organisations reputation and consumers privacy, and fully appreciate risks from different sources, such as; social media, digital, IT security, Cybersecurity, Data Leakage, Data Protection legislation, resilience, fraud, third party, regulatory complexities, contractual and organisational perspective.
What can I bring to your organisation?
• Leadership and direction, vision, clarity and the ability to translate words into action and a safe pair of hands.
• The ability to design and build a day-to-day privacy 'functional operating model' needed to ensure the safeguarding of your key assets, your customer data, your IP and your reputation.
• A seasoned technician with the ability to shape and influence stakeholders, bring together different people and strands and the ability to think holistically, or 'join-up-the-dots'. I can help influence internally and externally the thoughts and attitudes of your senior business leaders and help to ensure privacy/security when it comes to all things data.
• Delivery experience of major programmes, and lead-point on the security and data privacy engagements, including helping to design the architecture, including the enterprise architecture, cross functional dependencies and cross legal requirements to ensure a robust strategy is put in place.
• Leadership and management of individuals and project teams and acting as a fully contributing member of the leadership team - in terms of strategy, innovation, vision and direction.
• Experience of working with regulators (i.e. ICO) and drive through a PII policy that can have a lasting effect.
• Leading multi-disciplinary teams and can ensure the support of the teams through mentoring colleagues in achieving their objectives.
• First-hand experience of building solid relationships across a complex enterprise environment to enable a strong understanding and close alignment with business needs, direction, and risk appetite.
• Implementation experience of a privacy control framework built on experience of implementing risk control frameworks that can drive through real business benefit and value.
Markets
United Kingdom
Language
English
Fluently
Ready for
Larger project
Ongoing relation / part-time
Full time contractor
Available
My experience
2018 - 2019
freelance
GDPR Consultant (SME) / DPO
The Careers and Enterprise Company.
Create and execute General Data Protection Regulation, Information Security and ISO 27001 tasks for an organisation with no information/data security or previous GDPR practices. This involved:
Creating and managing a GAP Analysis Policy Development
Data Mapping and DPIA SAR and Breach Process development
Supplier Contract Review Training Programs created and delivered
Record of Processing Defined legal basis for processing and data retention
Creating a Risk Register for ongoing Privacy Program management Developed a Privacy Management Accountability Framework compliant with GDPR and ISO 27001
Acting as a key point of contact for all GDPR matters (DPO) Privacy notice development and provider contract writing
Key Accomplishments:
• Appointed as Data Protection Officer (DPO)
• Developed and implemented procedures and systems for IT Security, data security and data privacy from scratch.
• Dramatically improved end user awareness and knowledge of data security and privacy.
• Created a company culture where data security and data privacy played a major role in daily operations.
• Standardised multiple procedures to increase efficiency and streamline data security and privacy management.
• Built a sustainable infrastructure to enable continues improvement and repeatability of data security and data privacy practices.
Creating and managing a GAP Analysis Policy Development
Data Mapping and DPIA SAR and Breach Process development
Supplier Contract Review Training Programs created and delivered
Record of Processing Defined legal basis for processing and data retention
Creating a Risk Register for ongoing Privacy Program management Developed a Privacy Management Accountability Framework compliant with GDPR and ISO 27001
Acting as a key point of contact for all GDPR matters (DPO) Privacy notice development and provider contract writing
Key Accomplishments:
• Appointed as Data Protection Officer (DPO)
• Developed and implemented procedures and systems for IT Security, data security and data privacy from scratch.
• Dramatically improved end user awareness and knowledge of data security and privacy.
• Created a company culture where data security and data privacy played a major role in daily operations.
• Standardised multiple procedures to increase efficiency and streamline data security and privacy management.
• Built a sustainable infrastructure to enable continues improvement and repeatability of data security and data privacy practices.
Infrastructure, Processing, Framework, DPO, Process development, Retention, ISO 27001, Organization, Development, Writing, Security, It, Management, Information Security, Program Management, GDpr, Training
2017 - 2018
freelance
GDPR Consultant
SME.
Developed compliance guidelines following initial audit and briefing document. Prepared comprehensive strategy to initiate document, plan to remove duplicated, sensitive, unnecessary and outdated data. Produced multiple policy and process paperwork including managing royalties. Collaborated with stakeholders to secure business requirements to define scope of GDPR. Assessed and proposed remediation options to enhance data usage, and storage. Conducted GDPR Data Flow Mapping/Audit/Inventory of data libraries. Authored detailed audit trail of all data categories. Studied data and user access rights with HR/Legal/Sales/Marketing/Compliance/Finance team and types of process data. Reviewed and audited data retention policy. Noted and suggested methods to block various data exit points. Established legal basis for processing all process activities. Worked with stakeholders to develop data breach response and notification impact and templates for response.
Key Accomplishments:
• Completed project to design privacy best practices, governance, data retention, risk assessment, complaint/incident handling, security monitoring, and consent management in five months.
• Introduced data monitoring compliance in all business systems/functions for internal and external controllers/processors of data ensuring clear understanding of legal obligations.
• Initiated GDPR DSAR Incident Management Plan and response to manage request.
• Conducted GDPR awareness workshops and wrote GDPR Role and Responsibility Matrix.
• Leveraged information risk management, privacy impact assessment, and data protection impact assessment to aid clients in identifying and resolving privacy risks and issues.
• Developed data retention and disposal policy and procedures and privacy target operating model.
• Administered Data Discovery phase Gap Analysis to reveal loopholes obligations, security, and data and readiness protocols including data classification and processing, usage, storage/retention, and transfer outside of EU Risk Assessment.
• Designed procedure allowing response to erasure and portability questions without extra delay and within one month of receipt.
Key Accomplishments:
• Completed project to design privacy best practices, governance, data retention, risk assessment, complaint/incident handling, security monitoring, and consent management in five months.
• Introduced data monitoring compliance in all business systems/functions for internal and external controllers/processors of data ensuring clear understanding of legal obligations.
• Initiated GDPR DSAR Incident Management Plan and response to manage request.
• Conducted GDPR awareness workshops and wrote GDPR Role and Responsibility Matrix.
• Leveraged information risk management, privacy impact assessment, and data protection impact assessment to aid clients in identifying and resolving privacy risks and issues.
• Developed data retention and disposal policy and procedures and privacy target operating model.
• Administered Data Discovery phase Gap Analysis to reveal loopholes obligations, security, and data and readiness protocols including data classification and processing, usage, storage/retention, and transfer outside of EU Risk Assessment.
• Designed procedure allowing response to erasure and portability questions without extra delay and within one month of receipt.
Security, Processing, Assessment, Audit, Incident Management, Monitoring, Retention, Storage, Workshops, Design, Compliance, Finance, Audit, Sales, Risk Management, Management, GDpr, Marketing
2016 - 2017
freelance
GDPR Consultant
Palmer and Harvey.
Conducted complete GDPR readiness assessment and stakeholder training sessions for major automotive organisation. Delivered fast gap analysis and readiness analysis and income threat and safety prototype. Executed risk based GDPR quick-start project methods. Investigated tasks required to reach compliance and proposed approach and unique ways to educate key stakeholders. Taught staff about specifics of data collection and usage.
Key Accomplishment:
• Initiating Information Security Risk Management policies and procedures and undertaking and managing a high-level risk assessment across the group to develop and agree risk treatment plan/reports;
• Significantly raising the level of Information Security awareness across the organisation;
• Introducing Information Security Incident Management policies and procedures;
• Establishing an IT Services Information Security Board and risk management process.
Key Accomplishment:
• Initiating Information Security Risk Management policies and procedures and undertaking and managing a high-level risk assessment across the group to develop and agree risk treatment plan/reports;
• Significantly raising the level of Information Security awareness across the organisation;
• Introducing Information Security Incident Management policies and procedures;
• Establishing an IT Services Information Security Board and risk management process.
Training, GDpr, Information Security, Management, Risk Management, Compliance, It, Security, Organization, Incident Management, Data collection, Safety, Assessment
2014 - 2016
freelance
Information Security Consultant
Group Information Security Governance Board.
Helped Norway's largest outsourced payroll provider comply with global data protection in all jurisdictions. Initiated SME trust platform addressing periodic regulatory compliance changes. Based on new OECD Privacy Guidelines.
Key Accomplishments:
• Initiating and managing a senior level Group Information Security Governance Board (ISGB). This board included key senior level representatives from across the Group e.g., Head of Corporate Governance, Head of HR, Executive level Information Security Champions for each Directorate. The board was chaired by the group's Senior Information Risk Owner (SIRO)/Strategic Director of Finance;
• Establishing key Information Governance roles and responsibilities, which included Senior Information Risk Owners (SIRO), Executive level Information Asset Owners (IAO) and Information Asset Administrators (IAA) for each Directorate;
• Devised and constructed first compliance platform.
Key Accomplishments:
• Initiating and managing a senior level Group Information Security Governance Board (ISGB). This board included key senior level representatives from across the Group e.g., Head of Corporate Governance, Head of HR, Executive level Information Security Champions for each Directorate. The board was chaired by the group's Senior Information Risk Owner (SIRO)/Strategic Director of Finance;
• Establishing key Information Governance roles and responsibilities, which included Senior Information Risk Owners (SIRO), Executive level Information Asset Owners (IAO) and Information Asset Administrators (IAA) for each Directorate;
• Devised and constructed first compliance platform.
Information Security, Finance, Compliance, Security, Regulatory, Norway
2009 - 2014
job
Information Security Architect
EQUALITY ACCREDITATION SERVICES.
Designed, Plan, implemented and monitored security measures and frameworks to protect Sensitive Personal Data (Special Category Data GDPR Articles 9/10). Worked independently to ensure that appropriate security controls and strategies are in place to safeguard digital infrastructure. Develop and implement plans, processes, and program improvements for the Information Security to prevent unauthorised access, destruction, or disclosure of information.
Develop leading-edge concepts and frameworks for information security incorporating existing Sensitive Personal Data (Special Category Data GDPR Articles 9/10).
Key Accomplishments:
• Directed the implementation of Information Security, from concept through completion for on-premise/hybrid/cloud environments;
• Developing tools and competencies in information security including best practices
• Directed compliance objectives to meet requirements for standards such as PCI DSS and PECR.
• Provide security guidance and oversight for processes and technology in the areas of sensitive data protection, security vulnerability management and reduction, attack prevention and incident response.
Develop leading-edge concepts and frameworks for information security incorporating existing Sensitive Personal Data (Special Category Data GDPR Articles 9/10).
Key Accomplishments:
• Directed the implementation of Information Security, from concept through completion for on-premise/hybrid/cloud environments;
• Developing tools and competencies in information security including best practices
• Directed compliance objectives to meet requirements for standards such as PCI DSS and PECR.
• Provide security guidance and oversight for processes and technology in the areas of sensitive data protection, security vulnerability management and reduction, attack prevention and incident response.
GDpr, Cloud, Information Security, Management, Compliance, Technology, Security, Infrastructure, Implementation, Hybrid, Processes
2006 - 2009
job
Privacy and Security Architect
GRC CONSULTANCY.
Secured and worked with stakeholders to accurately identify impeding information security issues. Conveyed comprehensive governance risks and threats to clients for timely remedial action.
Key Accomplishments:
• Provided service-oriented architecture (SOA) advice to 50+ UK-based financial service companies on governance, information risk management, compliance (GRC), and data security and policy.
• Improved client SOA framework by more than 800% by helping potential client identify and address unique privacy and security challenges in deploying SOA architecture.
Prior experience as Consultant for Anderson/Arthur Andersen Clients, London, UK; Director of Digital Solutions for Andersen/Arthur Andersen, London, UK; Sales Director for Xpedior UK WEB Technology SI, London, UK; Project Manager for MODE International, London, UK; Asia Program Supervisor for Overseas Development Agency, London, UK; Major Accounts Manager for Oracle, London, UK; CAE Product Marketing Director for Racal Redac Global, London, UK/Hong Kong; and Cpl Flight Systems in Royal Air Force, UK and Germany
Key Accomplishments:
• Provided service-oriented architecture (SOA) advice to 50+ UK-based financial service companies on governance, information risk management, compliance (GRC), and data security and policy.
• Improved client SOA framework by more than 800% by helping potential client identify and address unique privacy and security challenges in deploying SOA architecture.
Prior experience as Consultant for Anderson/Arthur Andersen Clients, London, UK; Director of Digital Solutions for Andersen/Arthur Andersen, London, UK; Sales Director for Xpedior UK WEB Technology SI, London, UK; Project Manager for MODE International, London, UK; Asia Program Supervisor for Overseas Development Agency, London, UK; Major Accounts Manager for Oracle, London, UK; CAE Product Marketing Director for Racal Redac Global, London, UK/Hong Kong; and Cpl Flight Systems in Royal Air Force, UK and Germany
Technology, SI, Manager, Asia, Framework, Web, Mode, International, Development, SOA, Security, Marketing, Architecture, Compliance, Service, Sales, Risk Management, Management, Information Security, Project Manager, Oracle
My education
n/a
Unspecified, Object Orientated Design
Unspecified, Object Orientated Design
Samuel's reviews
Samuel has not received any reviews on Worksome.
Contact Samuel Allan
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Samuel directly in Worksome.
38100+ qualified freelancers
are ready to help you
Tell us what you need help with
and get specific bids from skilled talent in Denmark