Épisodes

  • Inside the vCISO Mind: David Clarke on AI, GDPR, and Real‑World Risk with David Clarke

    Inside the vCISO Mind: David Clarke on AI, GDPR, and Real‑World Risk with David Clarke
    Feb 6 2026
    In this episode, Aakash Suri sits down with David Clarke, a veteran security leader and virtual CISO with experience spanning global trading floors and AI-driven startups. They dig into the reality of building trust in 2026, moving beyond simple compliance to address the messy world of data sprawl. David shares why mapped data flows are the true foundation of business velocity and explains the dangerous accountability gap teams face when integrating AI. KEY TAKEAWAYS Data Sprawl vs. Regulation: Regulation like GDPR isn't what slows companies down; it’s data sprawl, unmanaged copies of data across too many systems that kill business velocity. The AI Accountability Trap: Organizations often believe using vendor AI offloads risk, but under GDPR, the organization not the model or vendor remains fully accountable for every automated decision. Governance Through Visibility: Building a simple asset register or data map is more valuable than complex policies, especially during a breach, when knowing where the data is is the only thing that matters. Preparation for Breach Response: Effective breach response requires a clear "escalation process" that involves the C-suite and Board early. Most organizations fail because they wait too long to communicate. Privacy as a "Shared Language": Success in 2026 requires breaking down silos; privacy, security, legal, and product teams must share a common language to turn privacy from a hurdle into a competitive advantage. BEST MOMENTS "It doesn’t take long before that [data management] kind of gets out of hand and it's just in living memory... it's just our own mess." "MFA on its own now... you can download toolkits to bypass basic MFA. The battleground is getting tougher and tougher." "AI doesn't let anyone off the hook. You still own the decision, the risk, and the explanation." "People don't rise to the occasion; they fall to the level of their preparations." "One second of outage [on a trading network] could cost you $20,000... you don't necessarily have the luxury of saying, 'Hey, can we turn this off?'" TO CONNECT WITH DAVID https://www.linkedin.com/in/1davidclarke/ TO CONNECT WITH YOUR HOST https://www.linkedin.com/in/aakashsuri-thoughtleader/ HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk/
    Afficher plus Afficher moins
    40 min
  • Inside a Political DPO’s Mind: Labour Party, Voter Data and Life as a Consultant with James Robson

    Inside a Political DPO’s Mind: Labour Party, Voter Data and Life as a Consultant with James Robson
    Jan 30 2026
    In this fascinating episode, Aakash Suri sits down with James Robson, former Data Protection Officer for the Labour Party, to go behind the curtain of one of the most high-stakes roles in the privacy world. James discusses the delicate intersection of privacy, power, and politics, sharing stories of the "uncomfortable conversations" required when data use clashes with political ambition. KEY TAKEAWAYS The Independence of the DPO: Even at the highest political levels, a DPO must remain independent, prioritizing the data rights of the public over the immediate goals of the organization. Communication is a Core Skill: Technical knowledge is only half the battle; the ability to articulate red lines to senior stakeholders, often through storytelling and empathy, is essential for effective governance. The Challenge of Volunteer Data: Political parties rely on thousands of volunteers who may not be bound by professional contracts, making app-based data security and training critical for compliance. Consultancy Myths: Aspiring privacy entrepreneurs often wait too long for perfection. James highlights that you don't need a polished website or a perfect logo to start adding value to clients. Personal Growth Fuels Professional Success: James attributes his effectiveness to a shift from a "hard-nosed" corporate mindset to an empathetic "growth mindset," largely influenced by his training as a yoga and meditation teacher. BEST MOMENTS "You are independent and your responsibility is to the people whose data are on those platforms, not the organization that you're in." "Data protection is not a defensive role; it’s a protective role... it is a stewardship of everything that’s going on to make sure we’re not going to harm people." "I’m not about fighting the battles; I’m just about solving the problem." "The Data Protection Act and UK GDPR are data sharing manifestos... why have them if they’re not enabling you to use data?" "Visibility is credibility. How you do it is up to you, as long as it aligns with your core values." TO CONNECT WITH JAMES http://linkedin.com/in/-james-robson TO CONNECT WITH YOUR HOST https://www.linkedin.com/in/aakashsuri-thoughtleader/ HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk/
    Afficher plus Afficher moins
    54 min
  • The Governance Paradox: How Constraints Accelerate Enterprise AI with Brendan Jayagopal

    The Governance Paradox: How Constraints Accelerate Enterprise AI with Brendan Jayagopal
    Jan 30 2026
    In this episode, Aakash Suri is joined by Brendan Jayagopal, VP of AI Products at Futuri, to dismantle the common misconception that safety and speed are opposing forces in AI adoption. Brendan argues that treating governance as a "bottleneck" or a "retrospective box-ticking exercise" actually slows organizations down and increases risk. Instead, he advocates for governance as infrastructure. KEY TAKEAWAYS Dismantling the Speed vs. Safety Myth: Speed and safety are not a trade-off; they are two sides of the same equation. Effective governance allows a company to move faster by providing a clear, safe runway for innovation. The Three Pillars of AI Governance: To move from "governance as theater" to "governance as infrastructure," organizations must embed compliance directly into product workflows so it becomes seamless and nearly invisible. Regulatory Ambiguity as an Opportunity: Instead of waiting for regulators to define the rules, organizations should use the current uncertainty to build robust, principled internal frameworks that will eventually serve as a competitive "moat". AI Literacy is Mandatory: Governance and privacy professionals must evolve to understand the technology deeply to provide qualitative validation rather than just quantitative box-ticking. Governance as Organizational Memory: Good governance ensures that when key personnel leave, the "why" and "how" behind AI prompts and pipelines remain understood and manageable by the organization. BEST MOMENTS "Governance should feel like plumbing: always there, but rarely discussed." "Regulatory ambiguity is not a blocker... if anything, it's a window of opportunity." "You can't wait for the regulators to tell you what to do, because they don't know." "The word 'risk' has a negative connotation, implying you have something to lose. But the other side of risk is upside potential." "AI is definitely past experimentation. Playtime's over." TO CONNECT WITH BRENDAN https://www.linkedin.com/in/brendan-jayagopal TO CONNECT WITH YOUR HOST https://www.linkedin.com/in/aakashsuri-thoughtleader/ HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk/
    Afficher plus Afficher moins
    43 min
  • From GDPR to AI: How Privacy Leaders Create Value with Jamal Ahmed

    From GDPR to AI: How Privacy Leaders Create Value with Jamal Ahmed
    Jan 30 2026
    FREE GIVEAWAY INFORMATION: Jamal has provided a discount for all Let’s Talk Privacy listeners up to 20% off any of The Pro Academy courses by using the code: AAKASH10 HERE ARE MORE FREE GIVEAWAYS 8 Day Carrer Accelator Training International Data Transfer Training DIYA Resources In this debut episode, Aakash Suri sits down with Jamal Ahmed, the King of Data Protection, to dismantle the myth that certifications alone make a privacy professional. Jamal shares his journey from tower blocks to the European Commission, explaining why paper-pushing is a career dead-end and how true value lies in operationalising the law. KEY TAKEAWAYS Certifications are Vehicles, Not Destinations: A certification like the CIPP/E only gets you in the door; real success comes from your ability to connect with stakeholders and solve practical business problems. The Five-Stage Career Model: Professionals typically move through five levels: Novice, Practitioner, Expert, Authority, and Thought Leader. Shift from "No" to "How": Mediocre professionals default to "no" when faced with complexity. World-class leaders find pragmatic ways to achieve business goals while remaining compliant. Simplification is Power: If you can't explain a privacy concept to an 11-year-old, you don't understand it well enough. Value is found in making the complex "Easy Peasy." The AI Pivot: In 2026, privacy expertise alone isn't enough. Top-tier roles now demand a deep understanding of AI governance and the ability to bridge the gap between legal requirements and technical teams. BEST MOMENTS "Having the certification just gets you into the room. It’s the tax you pay to get to the table. Now you’re there, what makes you special?" "Too many professionals treat certification as the destination rather than the vehicle." "If you can't explain it simply enough, you haven't understood it well enough." "AI isn't going to take your job, but someone who knows how to govern AI definitely will." "Don't just be smart—be useful. The more useful you are, the more valuable you become to the business." TO CONNECT WITH JAMAL https://privacypros.academy/ https://www.linkedin.com/school/privacypros/ https://www.linkedin.com/in/kmjahmed/ TO CONNECT WITH YOUR HOST https://www.linkedin.com/in/aakashsuri-thoughtleader/ HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk/
    Afficher plus Afficher moins
    1 h et 9 min
  • Hidden Healthcare Privacy Risks: How Clinical Trials Really Protect and Expose Patient Data with Shaun Hastings

    Hidden Healthcare Privacy Risks: How Clinical Trials Really Protect and Expose Patient Data with Shaun Hastings
    Jan 30 2026
    In this insightful episode, Aakash Suri is joined by Shaun Hastings, a veteran Quality and Compliance leader in clinical research, to discuss the critical nuances of data protection in healthcare. Moving beyond compliance theater, they explore practical ways to embed privacy into organizational culture, the importance of auditing sub-processors, and why the current regulatory ambiguity is actually a competitive opportunity for forward-thinking organizations. KEY TAKEAWAYS Pseudonymization is a Shield, Not a Wall: Coded data lowers risk but does not eliminate it; external factors like social media can allow malicious actors to "triangulate" patient identities. The Danger of Secondary Use: A significant risk involves vendors using trial data to train their own AI models without proper authorization or oversight. Audit the Entire Chain: Privacy maturity must extend to sub-processors; if data is transferred across jurisdictions or to subcontractors, the "chain of custody" must be robustly documented. Visibility is Credibility: Privacy leads and DPOs should be active participants in project meetings and senior management updates rather than being siloed in the background. The "Pigeon" SAR: Organizations must be prepared to handle Subject Access Requests from any channel, social media, phone, or even a "pigeon" with clear internal workflows to meet legal deadlines. BEST MOMENTS "Pseudonymization is effectively data wearing a mask." "The riskiest data privacy problems often sit in the joints—between sponsors, labs, and cloud tools." "It’s about switching from compliance theater to cultural embedding." "Visibility is credibility... we have to share our knowledge and put it out there." "It's not enough to just say 'computer says no.' You have to understand why and explain it." TO CONNECT WITH SHAUN https://www.linkedin.com/in/shaunhastings TO CONNECT WITH YOUR HOST https://www.linkedin.com/in/aakashsuri-thoughtleader/ HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk/
    Afficher plus Afficher moins
    50 min