TrustArc privacy expert, Paul Iagnocco, serves as the Customer Enablement Leader and a Privacy Solutions Engineer.

Before joining our team, Paul served as Senior Director of Global Digital Operations for 10 years before becoming Kellogg’s first Chief Privacy Officer in 2015.

At Kellogg, Paul implemented a global privacy program covering consumer and employee privacy, including policies, procedures, contracts, assessments, training, and education.

Paul’s career with Kellogg started by launching its initial e-commerce initiatives in 2005, including the vision and leadership to build a global digital marketing team.

Before Paul’s experience at Kellogg, he developed digital strategies and user experiences for Fortune 500 clients, including Brunswick Marine, Pfizer, DuPont, and Zimmer Inc.

This experience has provided him with a personal perspective on the lives of privacy and digital commerce team leaders. Today he will share some of that perspective as he answers the following questions.

What drew you to data privacy, and how many years have you been in the privacy space?

Two things drew me to privacy.

First, the Internet of protection

Second, I have watched my children grow up with a lack of attentiveness to privacy in their personal lives – they’re so willing to share private details on social media.

I realized that data is at the center of all of it, and I knew it was going to be a fascinating new future. Unchecked data can have ramifications on personal privacy.

I went to an IAPP conference where I realized there is a distinct body of knowledge in this area, and I have been hooked since then.

2017 is my fourth year working exclusively in privacy and data protection.

Favorite GDPR Article and Why?

Article 12 – Transparent information, communication and modalities for the exercise of the rights of the data subject.

Without openness and transparency, the rest is null and void, so to me, the most important aspect is telling individuals what you are doing to minimize the surprise factor.

Being truthful and transparent lets people make informed decisions as to the value of what your company is doing with their data.

The entire GDPR hinges on what a company is doing with the data and why.

What has changed about privacy and data protection since you’ve started?

data privacyThe volume and scale has increased significantly since when I first started. Initially, when I used to mention privacy, people would think about data breaches.

Now, people are starting to see that the depth and breadth of the privacy space is very complex, beyond just a breach. I have worked in several different areas.

When I was introduced to privacy I was in higher education, so I worked with FERPA. Then, when I started working in the technology space I focused more on data security and integrity matters.

Next, I worked in marketing and looked at privacy from a B2B and B2C perspective.

Finally, now I am looking at privacy from the operations perspective and implementing privacy by design.

What advice does TrustArc privacy expert Paul Iagnocco have for new privacy practitioners?

There is no right journey. Choose a couple areas to become an expert and then focus on those areas – you cannot tackle it all because the volume is too great.

Change is happening very quickly and we are just beginning to see the tip of the privacy iceberg.

For me, GDPR is going to become the tipping point that will ignite a behavior and awareness where privacy and data protections may not today.

So jump in now.

Once you have chosen the area to focus in on, gather as much experience as possible, and become a voracious reader. Learn through experience, networking with seasoned veterans, and read.