Steve Wright

Partner, Privacy Culture

Steve Wright is an authority on data privacy and cyber security, having worked in the industry for over 25 years. In that time, he has held the principal information, privacy and data security roles for companies such as John Lewis Partnerships, Unilever, Deloitte, PwC, Siemens and Capita. Before he decided to set up his own business, Steve held the interim position of DPO at the Bank of England.

Steve set up Privacy Culture with business Partner Victoria Guilloit to help organisations operationalise and embed their day to day privacy and security requirements. Last year saw him release his internationally recognised privacy maturity benchmarking services that is now being used by leading global organisations to benchmark themselves on privacy.

A technology enthusiast, he remains fascinated by the incredible things that can be done with data. Yet he understands only too well the risks to reputation and privacy in a world where social media, cyber security, legislation, fraud and regulatory complexities are rife.

As well as advising his clients in all things related to the safeguarding of personal data, protecting brand image and–above all–building consumer trust.  Steve along with Victoria produces the “Data Matters” series that can be found on or the Privacy Culture YouTube page PCL on YouTube.

My Sessions
September 22, 2021 11:00 AM
Privacy Culture Panel: Embedding a Culture of Privacy (Sponsored by Privacy Culture)

The world’s first academia and industry-led research that has been conducted to map employee privacy culture attitudes and behaviours across the spectrum of privacy domains and controls. An authoritative 24-page, 2021 Report highlights some of the key challenges facing DPOs/CPOs when it comes to embedding a culture of privacy across their organisation, some of these unique insights include:
- Nearly a third of employees are not confident that Data is deleted or anonymised once it has been used for its original purpose.
- One fifth of employees do not believe their organisation is open and transparent about how it uses the personal data of its stakeholders.
- 1 in 4 employees do not know the difference between Personal Data and Sensitive Personal Data.

For those of you familiar with our Global Privacy Maturity Framework, our survey tool, Culture Horizon, utilises the same 12 domains–or global privacy principles (i.e. NIST, CCPA, GDPR, OECD) – to measure the cultures of privacy. With over 3,000 anonymous participants from over 52 countries and across the whole gamut of sectors, roles, and functions, this truly is the first and the most thorough snapshot of privacy culture to date.

Today, we have invited the survey respondents to answer some questions about the survey results and obtain their unique and unparalleled experience on the topic of embedding a culture of privacy.

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Vickie Guilloit, Partner, Privacy Culture

Emma Martins, Data Protection Commissioner, Bailiwick of Guernsey

Vivienne Artz OBE, Chief Privacy Officer, LSEG

Antonis Patrikios, Partner, Dentons

September 22, 2021 9:00 AM
Navigating Complex Employee DSARs (Sponsored by Exterro)

Responding effectively to data subject access requests (DSARs) can be challenging. Complex requests, especially from current or former employees, often require handling a wide range of data (often sensitive) across the enterprise.

Whether it’s wading through the review process of thousands of emails, baring the cost of external counsel, or working with IT to ensure you have all the personal data you need from various (tricky to collect / legacy / remote) data sources, employee DSARs can soon become an extremely challenging exercise to fulfil.

Join our expert panel to discuss key considerations when responding to employee DSARs and how technology can help fulfil complex requests.

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Noemi Alonso Calvo, Senior Director, Privacy Counsel, bluebirdBio, GmbH

Bradley Tosso, Assistant Information Commissioner, Gibraltar Regulatory Authority

Filipe Lousa, ECPC-B, Director of Privacy and Compliance, Globalization Partners                       

September 22, 2021 5:00 PM
International Data Flows: The Future Under the New SCCs

In June, the European Commission finalised the modern SCCs in a bid to restore normal EU-US data transfer agreements. This panel will discuss the first few months since the adoption and what the initial viewpoints are.

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Dr. Nathalie Moreno, Partner, Addleshaw Goddard

Antonis Patrikios, Partner, Privacy & Cybersecurity, Dentons  

Emma Erskine-Fox, Associate, TLT LLP

September 22, 2021 2:00 PM
Data Retention: To Protect Data, Don’t Do Everything in the Cloud (Sponsored by Exterro)

As data increases for the majority of companies, there are a great deal more challenges. Question marks remain around cloud storage and data retention. This panel will discuss cloud strategy to determine whether this should be the majority part when it comes to retention and protection or whether there should be other actions taken?

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Alexis Perdereaux-Weekes, CISA, CISM, CRISC, Msc, Associate Research Fellow, Americas Institute for Cybersecurity Leadership

Randolph A. Kahn, Esq., Founder and President, Kahn Consulting, Inc.