An Interview with a TrustArc Privacy Expert

TrustArc privacy expert K Royal is an attorney and compliance professional with 25 years of experience in the legal and health-related fields.

She is skilled in privacy laws, breach management, compliance, training, and program development. K has a particular interest in technology, along with its challenges and opportunities.

This gives her a thorough perspective when implementing or overseeing global privacy programs.

As an attorney, she has been recognized as a Pheonix Forty-under-40 honoree and as one of the top pro bono attorneys in Arizona. Her areas of work mainly center around regulatory and privacy compliance, while her personal loves are civic education, youth outreach, diversity initiatives, and leadership training.

K is also an adjunct professor at the Sandra Day O’Connor College of Law and is currently in the dissertation phase of her Ph.D. in Public Affairs.

Professionally, she is active in many areas, mainly IAPP, ACC, and the State Bar of Arizona, and serves on the boards of several non-profits.

What drew you to privacy, and how many years have you been in the data privacy space?

trustarc privacy expert k royalI fell into privacy by accident, but quickly realized that I am a square peg in a square hole.

However, in thinking back over my career, I identified and designed a patient admissions process to an inpatient mental hospital that would provide privacy, even for callers.

There was an assigned code number on order to reach the patient. Only those with the code had permission. It became implemented in mental health hospitals across the nation.

I officially became a privacy professional back in 2008 in the US health care space as a nurse turned attorney working with HIPAA compliance. And then quickly progressed to the global realm and other sectors – medical devices, startups, tech, government, etc.

What’s your favorite GDPR Article and why?

My favorite GDPR Articles are 37-39 on the appointment of a qualified Data Protection Officer (DPO).
I have often seen instances where privacy officers have accountability but essentially zero authority to impact processes or make changes – no insight into their budget, and no travel to countries under their privacy realm.
So, the requirements to have a qualified DPO with authority and independence is a welcome sight to see.

One thing you’ve noticed that has changed about privacy since you’ve started

I’ve noticed a shift to a global focus, the prevalence of breaches, and the connection to government oversight and involvement.

TrustArc privacy expert K Royal’s advice for new privacy practitioners

data privacy data protectionI would tell them that not everyone is suited for privacy.

And privacy is especially not suitable for a binary mindset.

There are few clear definitive answers in privacy, much depends on specific cases, uses, elements, environment, etc.

Be prepared to be flexible, creative, and fast-paced.

Lacking privacy expertise, bandwidth or magic? 

If a lack of resources is slowing you down and getting in the way of you reaching the organization’s goals, it’s time to meet TrustArc’s Professional Service team.

Do you need to comply with a specific regulation? Need to understand what is your risk? Need advice on how to design your privacy program most effectively?

We’re here for you. Accelerate your road to compliance in three steps. Connect with a TrustArc privacy expert today.