Blog Post

Q&A: Debbie Evans Offers a Close-Up View of the Role of Data Protection Officer

Downtown
  • LinkedIn icon
  • Twitter icon
  • Print icon

Debbie Evans, Managing Director within FTI Technology’s EMEA Information Governance, Privacy & Security practice, is passionate about data protection. She cared about it long before it was a hot topic, having served as a leader in regulatory compliance, security and corporate governance programmes within large, global organisations for more than 20 years. In her role at FTI Technology Debbie is continuing her work as a champion for strong data privacy and protection in the U.K., Europe and globally. In this Q&A, Debbie discusses her approach to data privacy and offers a unique view of the responsibilities of corporate data privacy professionals.

Debbie, how did you get started in the field of privacy and data protection?

I’ve always been active in human rights matters. The ways these play out in the data privacy space are particularly compelling to me. I believe that people should be able to have their own digital space and identity, without fear of losing control over their data. Early in my career, I reviewed legislation on spying and surveillance, and after becoming a lawyer, I was involved in numerous criminal cases relating to personal data. The stakes can be really high, and if the right measures are not in place, a breach of privacy can lead to severe consequences for individuals and their personal safety.

Your commitment to those values have led you through a diverse career in this field. What ultimately drew you to FTI Technology?

I was impressed with what the team here had already established in terms of information governance and data privacy offerings and advisory. It was exciting to have the opportunity to be a part of that and help codify new offerings.

I also love engaging with people in all roles, at all levels. I get to do this at FTI Technology in an incredibly meaningful way. I interact with board members at my clients’ organisations and help educate people about the complex landscape of data privacy regulations and rights.

What are you working on now?

I’ve been fully immersed in supporting, developing and promoting our Data Privacy Officer service offering. Through this, we can provide service at many levels, with an agile team that’s able to work with a range of organisations. We provide companies with the assurance that they’ll have support from experts in this space — people who are experienced with meeting global regulations and have learned through years of working in-house what works and what doesn’t. In addition to our global reach and deep expertise, we’re also highly flexible, so our DPO service and other IG offerings can be tailored to each client’s unique needs and dynamically adjust as data privacy law and best practices evolve. We align with the cultural needs of our clients while shifting the culture to be more privacy centric.

Tell me more…how do you align with and shift culture?

We meet the company where they are. At the same time, we help them foster a deeper understanding of privacy and why it’s a business priority. Through holistic programmes, training and education, that eventually becomes part of the DNA. A DPO is responsible for ensuring that the organisation has the appropriate controls and can implement, operationalise and maintain them. So, we provide that as a trusted partner working alongside our client and act as the primary contact for data protection escalations as they arise. In this type of engagement, we advise clients on all privacy-related matters, including general risk management, vendor risk management, due diligence and privacy by design, as well as create an internal network of privacy officers and champions.

How are most companies tracking with data protection best practices?

For many companies, having a DPO is either a requirement or at least recommended. Unfortunately, many organisations still see data privacy compliance as a cost rather than a business value add. As a result, some organisations double up on roles, by adding DPO responsibilities to an existing role, rather than bringing in a dedicated privacy professional. The people tagged for this don’t always have the necessary skills or experience. This can add significant risk given how quickly and frequently the regulations are changing.

Beyond your passion for data privacy, is there anything you’d like to share about your leadership style and your life outside of work?

I don’t view leadership as it’s been traditionally defined. I like people to have opportunities to figure things out independently, and I support them in getting there. I aim to be as consultative as possible, helping each team member shine in their brightest way.

Outside of work, I love a good competition, so I’ve done everything from soap box carting races to boxing matches to netball. Right now, I play premier league ice hockey, and I’ve been classified as an elite athlete in my 50s (a shock to my family!).

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.