The Hague, South Holland, Netherlands
Senior Interim Privacy Counsel | Bridging the Gap Between Legal Complexity, Technical Security, and Business Growth. I am a senior privacy professional with a decade of experience guiding global organizations (such as ASML, BMW, Ayvens and Bayer) through complex privacy challenges, projects and programs. Why my profile is unique: 1. Dual Legal & Security Authority: I am one of the few professionals globally holding a Master of Laws (Privacy) alongside Master-equivalent information security certifications: CISSP and CISM. This allows me to act as a "translator" between legal requirements and technical IT/Cybersecurity teams, proposing measures that are both compliant and technically feasible. 2. Pragmatic Privacy Risk Management: I advocate for a business-first approach. Rather than acting as a "compliance blocker," I focus on Privacy Risk Management, helping organizations achieve commercial objectives through creative, legally sound solutions. 3. Your Next Best Steps: My experience spans (a.o.) the Pharma, Finance, High tech, Retail, and Public sector, assisting clients with different privacy ambitions, budgets, and ways of working. This broad experience allows me to quickly understand, propose and implement the next best steps to improve your privacy program. 4. Consultancy DNA: With 5 years of experience in consultancy, I bring a structured, results-driven methodology to every assignment. I am highly adaptable to new organizational cultures, can quickly create tangible results, and am skilled at representing Privacy to every department/layer of an organization. 5. Responsible AI & MS365 Copilot Implementation: I have a proven track record of managing high-stakes AI privacy projects, including SURF’s DPIA on MS365 CoPilot for the Dutch educational sector, and assessing and mitigating the risks associated with implementing MS365 CoPilot at FrieslandCampina.
As Global Privacy Officer Marketing at FrieslandCampina, I autonomously managed and contributed to high-complexity privacy workstreams across the Corporate Legal, Global Supply Chain, and Information Security departments. My contributions included: 1. Responsible AI (MS365 CoPilot): - Orchestrated the end-to-end DPIA and risk mitigation strategy for the global rollout of Microsoft 365 Copilot. I ensured the implementation met stringent security and privacy compliance standards while remaining aligned with the organization's risk appetite to enable a secure, functional AI implementation. 2. Marketing & AdTech Specialization: - Led the implementation of a new methodology for online consent management (OneTrust), bridging the gap between legal requirements and digital marketing needs. - Realized measurable improvements in compliance by launching quarterly website compliance dashboards and managing technical remediation (Cookies, Social Media Pixels/Plugins, GTM) with local teams and web agencies. 3. Privacy Program Maturity: - Served as the lead contributor for elevating privacy maturity across the global Marketing domain. - Designed and facilitated specialized privacy training for hundreds of marketing professionals, fostering a culture of "Privacy-by-Design". 4. Privacy Risk Management: - Performed DPIAs on the client's 10 most important Marketing processes, and on the 5 most privacy-sensitive IT processes; bridging the gap between legal requirements and technical execution. - Engineered and implemented a scalable, risk-based methodology for supplier onboarding, streamlining the vendor assessment process while significantly enhancing data protection standards. - Conducted comprehensive privacy assessments and designed tailored mitigating measures for 20 supply chain locations.
No-nonsense privacy guidance that adds value to your organization. Expertly and independently manages any privacy compliance activity you wish to outsource. Visit externaldpo.com for an overview of my services, and the Privacy Toolbox which contains free guidance, formats and examples you can use to independently manage privacy compliance.
As Interim DPIA Project Lead at SURF - the collaborative organization for IT in Dutch education and research - I was responsible for 3 high-stakes, sector-wide DPIAs that set the standard for the entire Dutch educational sector. My contributions included (a.o.): 1. M365 Copilot DPIA Lead: - Managing the DPIA for Microsoft 365 Copilot, focusing on the intersection of Generative AI and GDPR compliance. 2. Service Design: - Co-developed SURF Vendor Compliance service, including its governance and way of working. This service centralizes and streamlines privacy and security assessments for hundreds of educational institutions, ensuring a unified and robust approach to third-party risk management.
As Senior Privacy Officer at LeasePlan (now Ayvens), I was responsible for privacy risk management within a large IT transformation program, to ensure secure and privacy compliant program delivery. My contributions included: 1. Privacy Risk Management: - Enabled the successful onboarding of the UK and NL entities to the new digital architecture in a controlled manner. Identified and assessed critical privacy risks, reporting directly to senior management and steering committee members to facilitate informed, risk-based decision-making. 2. Privacy Risk Mitigation: - Served as the lead contributor to complex privacy risk mitigation projects, including the implementation of data retention requirements and Transfer Impact Assessments (TIAs) for international data flows. 3. Audit & Assurance: - Acted as the primary privacy lead for both internal and external audits, including SOC2 type II compliance. 4. Training & Awareness: - Designed and delivered tailored privacy trainings for technical teams, such as Data Analysts and IT Architects, as well as mentoring junior privacy colleagues.
Language course in Madrid, hiking through Patagonia, living in Rio de Janeiro and Buenos Aires, reading lots of books, setting up my company ExternalDPO.