Home  > Privacy in Practice Podcast

Home  > Privacy in Practice Podcast

Privacy in Practice Podcast

Privacy in Practice, brought to you by VeraSafe, is the podcast for actionable insights and real-world strategies for privacy and compliance teams.

FEBRUARY 17, 2026

Episode 14: The Arc of a Cyber Incident and Strategies for Enterprise Response, with Lisa Sotto

Lisa Sotto (Hunton Andrews Kurth)

Privacy-in-Practice-ep14
Play

In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Lisa Sotto, Chair of the Global Privacy and Cybersecurity Practice at Hunton Andrews Kurth, for a practitioner-level conversation on the full arc of a cyber incident, from first detection through board notification and the regulatory long tail that follows. You’ll learn:

  • The current nation-state and criminal threat landscape, including SALT Typhoon, the $1.5B Bybit theft, and DPRK imposter IT workers
  • How social engineering and agentic AI have rendered traditional phishing detection obsolete
  • The “become aware” notification threshold and the strategic case for early regulatory disclosure
  • Why one incident response plan with severity levels outperforms multiple plans
  • Ransomware payment decisions: sanctions risk, decryptor reliability, and the limits of criminal promises
  • NIS2 executive accountability and the CCPA cybersecurity audit requirements
  • How law enforcement agencies operate as strategic partners rather than adversaries during active incidents 
Listen on Apple Podcasts
Listen on Spotify

All Episodes

Privacy-in-Practice-ep13
Play
January 20, 2026

Episode 13: How CBPR Certification Builds Trust and Enables Global Scale, with Charmian Aw

Charmian Aw (Hogan Lovells)

Learn why organizations such as Cisco, Mastercard, and Alibaba have obtained certification, why the framework is gaining renewed attention among multinational organizations, and how it complements existing transfer mechanisms such as Standard Contractual Clauses (SCCs). The conversation also explores how CBPR certification plays a role in procurement, regulatory cooperation, and the evolution of responsible data processing.

  • Why the CBPR System is gaining momentum globally beyond APEC
  • The commercial case for pursuing both PRP and CBPR certification
  • Why engaging with data subjects during access requests can prevent escalation
  • How certification actually works
    The competitive advantage hiding in your procurement checklist
  • Why AI and healthcare use cases are accelerating CBPR adoption
  • How the Global Cross-Border Privacy Enforcement Arrangement (Global CAPE) enables regulators to share information and coordinate cross-border investigations
Listen on Apple Podcasts
Listen on Spotify
Privacy in Practice ep 12
Play
DECEMBER 10, 2025

Episode 12: Privacy Challenges in the Gaming Industry, with Alex Roberts

Alex Roberts (Linklaters)

The gaming industry has surpassed Hollywood as one of the world’s largest entertainment sectors, projected to reach $500 billion by 2030. But with this explosive growth comes increasing regulatory scrutiny across every major market. In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Alex Roberts, Partner and Head of TMT in China at Linklaters, for an in-depth conversation about privacy and data protection compliance in the global gaming industry.

  • The most common mistakes organizations make that trigger regulatory complaints
  • Where to focus your compliance efforts with a limited budget or limited time
  • Why engaging with data subjects during access requests can prevent escalation
  • What regulators really think about risk registers and documented compliance gaps
  • How cooperative behavior influences regulatory outcomes
  • Why fairness and common sense matter more than perfect documentation
  • What to keep an eye on next, such as evolving ePrivacy rules and cookie enforcement
Listen on Apple Podcasts
Listen on Spotify
Helen-Dixon-Privacy-in-Practice
Play
NOVEMBER 11, 2025

Episode 11: Lessons from Ireland’s Former Data Protection Commissioner, Helen Dixon

Helen Dixon

What really happens when a regulator investigates your organization? And more importantly, what can you do to stay off their radar while building a sustainable privacy program? In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Helen Dixon, Ireland’s former Data Protection Commissioner, for a candid conversation about privacy compliance from the regulator’s perspective. With over ten years leading one of Europe’s most influential data protection authorities—overseeing landmark cases including Schrems litigation and levying over €3 billion in GDPR fines against tech giants—Helen brings unparalleled insights into what regulators actually look for in privacy programs. What You’ll Learn:

  • The most common mistakes organizations make that trigger regulatory complaints
  • The difference between privacy by design philosophy and PETs as implementation tools
  • Where to focus your compliance efforts with a limited budget or limited time
  • Why engaging with data subjects during access requests can prevent escalation
  • What regulators really think about risk registers and documented compliance gaps
  • How cooperative behavior influences regulatory outcomes
  • Why fairness and common sense matter more than perfect documentation
  • What to keep an eye on next, such as evolving ePrivacy rules and cookie enforcement
Listen on Apple Podcasts
Listen on Spotify
privacy-in-practice-ep10
Play
OCTOBER 21, 2025

Episode 10: Understanding PETs with Monisha Varadan

Monisha Varadan (Google)

In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Monisha Varadan, EMEA Privacy Lead at Google, for an in-depth exploration of how PETs work in practice and why they matter more than ever in the age of AI. What You’ll Learn:

  • Why PETs are business enablers, not just compliance tools
  • The difference between privacy by design philosophy and PETs as implementation tools
  • How Google uses differential privacy in real-world products like Maps and spam detection
  • Why synthetic data matters for AI model training and its privacy limitations
  • The gap between conceptual and practical PETs and how to bridge it
  • How the PETs landscape is becoming more accessible through startups and open-source libraries
Listen on Apple Podcasts
Listen on Spotify
privacy-in-practice-episode-9
Play
SEPTEMBER 09, 2025

Episode 9: Adaptive Privacy in Clinical Research with Aarthi Iyer

Aarthi Iyer (Cogent Biosciences and Microsoft Fellow)

In our latest episode of Privacy in Practice, Aarthi joins Kellie du Preez and Danie Strachan to discuss what it takes to run privacy-smart, globally dispersed clinical research without slowing innovation. You’ll discover:

  • Why adaptability is critical in privacy programs for clinical research
  • How decentralized trials expand patient access while maintaining privacy
  • How AI is already being used for patient recruitment, imaging, and documentation
  • The privacy and compliance risks that come with deploying AI in clinical research
  • What gold-standard vendor management looks like in highly regulated research
  • Why engaging privacy partners early is key to keeping trials compliant and efficient
Listen on Apple Podcasts
Listen on Spotify
privacy-in-practice-episode-9
Play
August 12, 2025

Episode 8: International Data Transfers with Kellie du Preez and Danie Strachan

In our latest episode of Privacy in Practice, Kellie du Preez and Danie Strachan dive deep into the complex world of international data transfers.

  • What actually counts as an international data transfer
  • When and how to use various transfer mechanisms
  • Lessons from recent enforcement actions 
  • How to identify and implement necessary technical, contractual, and legal safeguards
  • How cloud services, APIs, SDKs, and plugins can quietly trigger cross-border data transfers
  • Practical strategies for building scalable vendor management programs
  • Common myths and misconceptions
Listen on Apple Podcasts
Listen on Spotify
Play
July 09, 2025

Episode 7: Privacy in Clinical Trials with Jim Schneider

Jim Schneider (Immunome)

In this episode of Privacy in Practice, we speak with Jim Schneider, Senior Director of Compliance and Data Privacy at Immunome, about navigating the complex privacy challenges of clinical trials.

  • How to balance GDPR and Good Clinical Practices in trial consent
  • The complexities of HIPAA in clinical trials, and why it often doesn’t apply to sponsors
  • How to handle data deletion requests without compromising trial integrity
  • Practical strategies for managing cross-border data transfers in global research
  • Key insights on biobanking and future use of clinical trial data
Listen on Apple Podcasts
Listen on Spotify
Play
June 11, 2025

Episode 6: The Critical Friend: How to Build Privacy Programs That Actually Work with Sean Milford

Sean Milford (Syndigo)

In this episode of Privacy in Practice, Sean Milford, Global Head of Data Privacy at Syndigo, shares a playbook for turning privacy theory into operational results. If you’re managing privacy across teams, tools, and time zones, this episode is a masterclass in making it work.

  • Why privacy is a team sport and how to lead across law, marketing, and tech
  • What privacy engineering looks like beyond theory
    How to build vendor programs that scale and stick
  • Why privacy ops succeed (or fail) at the department level
  • How to use maturity models to prioritize risk
  • When to use DPF, SCCs, or BCRs and why backups matter
  • How to run privacy programs in remote or global teams
  • What it means to be a “critical friend” to the business
Listen on Apple Podcasts
Listen on Spotify
Play
May 20, 2025

Episode 5: AI Governance Without the Hype with Shane Witnov

Shane Witnov (Meta)

 In this episode of Privacy in Practice, Shane Witnov, AI Policy Director at Meta, provides a behind-the-scenes look at how the company navigates the complex intersection of AI innovation and privacy.

  • Why AI governance doesn’t have to mean starting from scratch. 
  • Why AI governance can (and should) build on your existing privacy, security, and data use frameworks
  • How to use proven privacy frameworks to govern AI safely.
    Why open-source AI models offer a better privacy solution
  • How to set clear, actionable guidelines for safe AI use without banning existing tools

  • Why staying ahead of state-level AI bills is crucial for protecting your business
  • How to identify AI risks early with red-teaming and practical testing.
    Why transparency isn’t just about labels
  • How to build trust through real-world impact
Listen on Apple Podcasts
Listen on Spotify
Play
August 12, 2025

Episode 4: Privacy vs. Marketing? It Doesn’t Have to Be a Fight, with Sachiko Scheuing

Sachiko Scheuing (Acxiom)

 In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Dr. Sachiko Scheuing, European Privacy and AI Governance Officer at Acxiom. Sachiko reveals how smart businesses are turning privacy compliance into a growth strategy.

  • How digital advertising empowers small and medium sized businesses
  • The three essential categories of AdTech: SEO, Walled Gardens, and Open Internet
  • Why PETs and data minimization are key to responsible data use
  • How to build a privacy-first culture that drives business success
  • Why DPOs are perfectly positioned to lead AI governance
  • Practical strategies for data minimization using pseudonymization and anonymization
  • Sachiko’s “Inform, Involve, Initiate” framework to improve privacy practices
Listen on Apple Podcasts
Listen on Spotify
Play
MARCH 11, 2025

Episode 3: The Future of Mental Privacy with Kristen Mathews

Kristen Mathews (Cooley LLP)

In the latest episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Kristen Mathews, Partner at Cooley’s Cyber Data Privacy Practice Group to explore the evolving landscape of mental privacy—its challenges, opportunities, and the critical questions shaping its future. Together we:

  • Examine how businesses collect and use personal information beyond their core services
  • Explore how emerging technologies can collect and interpret brain activity
  • Investigate the unique challenges of protecting neural data and whether traditional privacy laws are enough
  • Reflect on the role of AI in processing neural data and the intersection with emerging regulations like the EU AI Act
  • Consider the potential for industry self-regulation in the neurotech space
  • Highlight the positive applications of neurotech, from medical uses like seizure prediction to mental wellness applications
  • Emphasize the importance of privacy-conscious implementation
Listen on Apple Podcasts
Listen on Spotify
Play
February 25, 2025

Episode 2: Integrating IT Know-How into Privacy Law with Peter Jaffe

Peter Jaffe (National Geographic Society)

In this episode of Privacy in Practice, we sit down with Peter Jaffe, VP & Sr. Associate General Counsel for Privacy, Technology, Facilities & Operations at National Geographic Society, to explore the critical intersection of privacy law and technology. Peter shares invaluable insights on building privacy programs that work, from finding internal allies and managing stakeholder relationships to navigating the technical aspects of privacy compliance. Together we:

  • Explore Peter’s unique journey into privacy law
    Examine the critical intersection of technical knowledge and privacy law
  • Discuss essential technical concepts for privacy professionals
  • Delve into effective strategies for building privacy programs
  • Consider the role of privacy professionals as translators between stakeholders
  • Explore practical approaches to privacy training
  • Share valuable insights on managing global privacy compliance
Listen on Apple Podcasts
Listen on Spotify
privacy-in-practice-episode-9
Play
February 11, 2025

Episode 1: Beyond the Checkbox: Practical Privacy Strategies for Real-World Compliance

In this inaugural episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan introduce VeraSafe’s new podcast focused on making privacy compliance practical and accessible. Together, they:

  • Share their personal journeys into privacy law
    Explore why privacy compliance is both challenging and rewarding
  • Discuss the importance of balancing theoretical compliance requirements with real-world business constraints
  • Examine recent EDPB guidance on controller obligations 
  • Address the growing regulatory emphasis on understanding technical implementations and data flows
  • Examine the latest challenges with the EU AI Act
  • Emphasize the need for a holistic approach to privacy compliance
Listen on Apple Podcasts
Listen on Spotify

Our Hosts

Danie Strachan, CIPP/E, CIPP/US, CIPM, AIGP
Senior Privacy Counsel

Danie Strachan is a privacy professional who began his career in South African legal practice, where he developed deep experience in data protection law during the implementation of South Africa’s Protection of Personal Information Act (POPIA). As a senior privacy counsel at VeraSafe, he specializes in helping organizations understand and implement privacy requirements across multiple jurisdictions, including the EU. Danie brings valuable insight into the evolution of privacy regulations and practical approaches to compliance.

Kellie-du-Preez

Kellie du Preez, CIPP/E
Partner

Kellie du Preez is a privacy compliance leader and former litigation attorney who transitioned from defending banks in Boston to focusing on global privacy compliance. With experience as both an IP litigator and privacy professional, she brings a unique perspective on balancing practical business needs with regulatory requirements. As a Data Protection Officer and privacy consultant at VeraSafe, Kellie helps organizations navigate complex privacy challenges with a focus on creating workable, cost-effective solutions.

Contact us: podcast@verasafe.com

apple podcast
YouTube
spotify

News from the VeraSafe Blog

Read the latest news about privacy and cybersecurity
More News

VeraSafe’s Privacy and Security Programs are
Recognized by the United States Postal Service