Experienced Director of Privacy and Data Protection Officer

Chairman of the sector wide group writing the online gaming Code of Conduct for the GDPR. The code is progressing through the evaluation process with EU for acceptance as the formal and legally binding Code of Conduct for the entire sector regarding the interpretation and application of the GDPR to the online gaming industry.

Review draft legislation regarding data protection, suggest changes to that legislation, and provide commentary on its application to the online gaming sector. My recommendations and commentary are fed into the formal EU legislative process by EGBA for later drafts and eventual implementation into the law. We have been successful in championing several changes already and will continue to ensure any new laws are pragmatic and applicable to the sector.One current project that we are actively engaged with is the draft ePrivacy regulation which will support and enhance the GDPR. The most immediate impacts of the ePrivacy Regulation will be felt on direct marketing through all electronic means but extend to include the use of cookies on websites, profiling and tracking customers, and the possibility of needing to log all player communications.

Data Protection Officer for William Hill International globally, including affiliated and associated companies. Key position holder for data protection with all regulators.Work with marketing to ensure maximum reach across all countries.Write privacy policy for all languages and locations, including localized changes. Responsible for Records of Processing and the data map, ensure this is up to date and accurate.Accountable for data subject rights, including Subject Access Requests.Create and implement a business-positive, pragmatic data protection policy that people understand.Nurture a culture of awareness and enthusiasm for data protection. Champion that culture as a competitive advantage and customer winner. Energize every corner of the company and root it into our DNA. Create and deliver engaging multimedia data protection training to all levels. My most recent webinar had 145 attendees and a feedback satisfaction rating of 97%. Comments included "I love this man’s passion".Design and implement an internal data protection compliance audit for all of the business. This includes relevant elements of information / physical security, governance and departmental processes. Create a visual data protection maturity model to assess and improve the integration of GDPR. An overview of current and desired status that everyone can understand immediately.Primary contact for colleagues, Supervisory and Regulatory Authorities, public bodies and law enforcement regarding data protection.Record, report and manage known data protection risks while actively monitoring for future risks. Production of a monthly analytical report (SWOT & PESTLE) which condenses critical information to aid strategic decision making.Review and approve contracts with Data Processors to ensure compliance with data protection and privacy regulation and legislation.Embed Data Protection by Design and Default into all internal projects including customer UI and UX.

Data Protection Officer for the bet365 group globally. Key position holder for data protection with the Maltese Gaming Authority.Implemented GDPR compliance across the group. Also accountable for USA Privacy compliance including California (CPPA, CPRA), Virginia (CDPA), and Colorado (CPA).Represented the interests of the group with international organizations such as EGBA.Created all privacy policies, including localized changes. Responsible for Records of Processing and the data map, ensured this remained up to date and accurate.Accountable for data subject rights, including Subject Access Requests.Built a culture of awareness and enthusiasm for data protection. Championed data protection as a competitive advantage and customer winner.Created and delivered engaging multimedia data protection training to all levels and areas.Implemented an internal data protection compliance audit.Primary contact for colleagues, Supervisory and Regulatory Authorities, public bodies and law enforcement regarding data protection.Owned and managed all data protection risks.Advised legal team on all data protection and privacy matters. Reviewed contracts with Data Processors to ensure compliance with data protection regulation and legislation.Embedded Data Protection by Design and Default with the critical path in the project management life cycle.

Responsible for data protection compliance for the bet365 group, including GDPR. Created and implemented a business positive, pragmatic data protection policy.Built a culture of awareness and enthusiasm for data protection. Championed data protection as a competitive advantage and customer winner.Represented the interests of the group with political groups and international organizations such as EGBA.Created all privacy policies, including localized changes. Responsible for Records of Processing and the data map, ensured this remained up to date and accurate.Accountable for data subject rights, including Subject Access Requests.Created and delivered engaging multimedia data protection training to all levels and areas.Implemented an internal data protection compliance audit for all of the business.Primary contact for colleagues, Supervisory and Regulatory Authorities, public bodies and law enforcement regarding data protection.Recorded and managed data protection risks.Reviewed and approved contracts with Data Processors to ensure compliance with data protection regulation and legislation.Integrated Data Protection by Design and Default with the critical path in the project management life cycle.Advised legal team on all data protection and privacy matters.

Achieved ISO27001 certification for bet365 internationally.Created and Implemented a rolling internal audit to ensure continual improvement and to embed information security into the culture of the company.Aligned the information security policy to the business needs and strategy, this is critical to having an effective Information Security Management System that people actually follow.Created and delivered engaging multi-media training programs in Information Security throughout the group.Qualified PCI DSS Internal Security Assessor (bet365 is a level 1 merchant) to accept payment card payments.Responsible for application security and managed a team of penetration and vulnerability testers.Responsible and accountable for evidence as part of internal or police investigations.

Data Protection Officer for Stoke City Football Club (SCFC) and all affiliated and associated companies. Implemented GDPR compliance across areas including professional sports, stadium management, working with and safeguarding children, charity fundraising and children at risk.Created the privacy policy for SCFC and all associated and affiliated companies, across all areas mentioned above.Represented the interests SCFC at meetings with other professional football club DPOs.Responsible for Records of Processing and the data map, ensuring it remained up to date and accurate.Accountable for data subject rights, including Subject Access Requests.Created and implemented a business-positive, pragmatic data protection policy. Worked closely with marketing departments to ensure maximum reach.Built a culture of awareness and enthusiasm for data protection. Created and delivered engaging multimedia data protection training to all levels and areas.Implemented an internal data protection compliance audit for all of the business.Primary contact for colleagues, Supervisory and Regulatory Authorities, public bodies and law enforcement regarding data protection.Recorded and managed known data protection risks while actively monitoring for new risks.Reviewed and approved contracts with Data Processors to ensure compliance with data protection regulation and legislation.Advised legal team on all data protection and privacy matters.

Global role with responsibility for managing and conducting investigations into issues including breaches of ethics and integrity as well as online brand protection. Reporting directly into the Director Global Investigations in TNT Head Office in the Netherlands.* Conduct investigations into breaches of the TNT Code of * Conduct, Business Principles, or Integrity policies* Manage investigations in cooperation with internal and external resources (e.g. police or other law enforcement agencies)* Interview members of staff and external contacts during the course of active fraud investigation* Contact, liaise with and manage confidential informants* Interrogate and data mine TNT file systems for evidential data* Train team members in the basic elements of data mining and Computer Forensics* Register and record details on internal fraud investigations for board level reporting* Design and deliver fraud, integrity and Whistleblower awareness training through the global business* Manage the overall process of eCrime and online brand protection* Manage the application of Computer Forensics to internal investigations through controlling the use of both internal and external resource* Liaise with external law enforcement regarding computer forensics on occasions when this may be required* Present reports on technical matters including data mining, Computer Forensics, eDiscovery to non-technical senior management * Provide technical investigative capabilities in-house for the internal investigations team

As TNT's Forensic Investigator Daniel's role included capitalising on internal resources to eliminate unnecessary outsourcing without jeopardizing the outcome of investigations. He oversaw a dramatic reduction in the need for TNT to outsource forensic work, and when outsourcing was necessary the scope of the work and costs were significantly reduced.

Responsible for designing, marketing, implementing and providing training in a Global Information Security Policy. This policy achieved BS7799 / ISO17799 / ISO27001 accreditation and sustained very high levels of pass against audits. The last two audits before leaving the post received no actions or observations from the auditors.Responsible for communication directly with senior managment and directors. Part of the role was to market the need for Information Security internally and then to satisfy the need that was created. This required regular and sustained contact at all levels of the business. The communication required the ability to explain technical matters in terms accessible to people with few technical skills, and to explain Information Security in pragmatic business ways rather than 'text book' or IT terms.Involved in many IT investigations including IT Forensic support where necessary. Contact with and support of all branches of national and international law enforcement was also a part of the role.