Sarah is a personal data focused governance, risk and compliance specialist. After a start in IT she has spent the last two decades refining down to what matters most for cybersecurity, data protection and (most recently) AI. Her core mission is to help organisations make better data handling decisions. Doing so with sustainable risk triage and effective communication about next steps and priorities – what all GRC should seek to do. A guest lecturer for Manchester University in supplier security governance, Fellow of For Humanity non-profit, designing audit solutions for whatever we are calling AI these days, Wardley mapper, frequent writer, and regular speaker about related things.
GDPR requires communications to data subjects to be “concise, transparent, intelligible and easily accessible”. Despite this many privacy policies are still complex and text-heavy. This panel will discuss the benefits of keeping policies short and simple and ways to ensure brevity while still meeting all the compliance requirements.