I am responsible for ensuring that Oracle complies with all global data protection laws that may apply to our services and operations, and also for helping to facilitate our customers’ compliance with those laws when using Oracle products and services.
In addition to knowing the law, I find the challenge of operationalising legal requirements in a global organisation with different lines of business to be equally challenging and rewarding.
While technology and the potential use of data will evolve, the core privacy and data protection analysis we perform will remain constant. The role will remain one of digging in, understanding new technologies and how they process data, and working with engineers and operations teams to apply the appropriate design, processes and controls.
I look for advisers who not only are masters of highly specialised areas of law, but can also articulate how those laws may impact the business operations at issue. All lawyers can read the law, but having insight into how it should be applied to a company’s business is what separates a good external counsel from a great one.
[Preparing for the GDPR] took two years, 10 workstreams, dozens of lines of business and internal organisations, hundreds of products and services, and untold hours of labour. The coordination, cooperation and support within the company was extraordinary.