Skip to toolbar
Principal Job Title
Co-founder at GDPR360
1 Line Summary
Alan is an experienced professional specialising in governance, privacy (GDPR) and enterprise architecture.
Availability & Rates

You must be registered and logged in to see this information.

Log in or Join
Ratings

HiveRank: Associate (587)
Country
United Kingdom
Closest Town / City
Cambridge, UK
Member since: 27-03-2014
My Background Details
Initially in the clinical world now commercial focussing on privacy, architecture, governance and regulation - basically anything to do with GRC and with GDPR as a specialty area.

GDPR and privacy is the focus of much of what I do now - some great challenges in helping organisations on their GDPR Readiness and Remediation.


Over the last 3 years I've been retained by an offshore stock exchange providing workshops on technology governance to all mid-cap company (350 companies) directors, CAEs and RMC members.


I’m an annual international conference speaker and Certification Board Member for Enterprise Risk Management Academy (ERMA, Indonesia, and recently spoke about Privacy Architecture [with reference to the GDPR]). I’ve been lucky to be an invited speaker to the Institute of Internal Auditors (Singapore and Kuala Lumpur) on Auditing IT Governance and Managing Technology Risk and also for the International Association of Airline Internal Auditors (IAAIA, Borneo 2014) on Framework Convergence.


I'm involved as a contributor with ISACA’s COBIT 5 and am currently working on the next version of the Open Group’s TOGAF (including having trained some 3500 architects globally in TOGAF) and also the latest standard from the Open Group - IT4IT.
Current Role Details
Established the Data Protection and GDPR framework to manage all exposure for the transition service period for the Coca Cola purchase of Costa Coffee (£3.9b transaction value)
CASE STUDIES
HIVEMIND DELIVERS GDPR CAPABILITIES AND TOOLS TO GLOBAL FTSE SPECIALIST SAFETY, HEALTH AND ENVIRONME - Case Study: 1 of 2.

Situation
The client initially engaged Hivemind to review policy documentation, however it quickly became clear that our GDPR expertise and delivery capability would be valuable, not only to head office but to their 35 global subsidiaries.

The client HQ perspective required a consolidated approach to reduce overhead, provide continuity and create an extensible approach that was immediately usable and that would also support their legal obligations under GDPR, whether onshore in the UK or elsewhere across non-EU countries.


Task
Hivemind was tasked to provide GDPR awareness sessions, policy reviews, GDPR-engagement tests, processes and more importantly the tools necessary to help the client meet their GDPR obligations.

We were also asked to review HQ and the subsidiary material submitted for GDPR and to provide ongoing assistance for GDPR challenges, queries and options for consideration.


Action
Our initial engagement delivered well-received policy material.

This initial engagement was extended almost immediately into a formal GDPR engagement that included ongoing GDPR knowledge transfer, awareness briefings, reviews, approaches and tools to assist in their compliance activities.

The approach and artefacts were used by HQ and their subsidiaries

Hivemind's team on the engagement incuded the expertise of a data protection lawyer for oversight of the more challenging areas.


Results
Our initial delivery was well received by the client who engaged HM further for our GDPR expertise and delivery.

Hivemind provided GDPR guidance and tools forming the basis of the GDPR disclosable artefacts (for supervisors and courts).

The Hivemind delivery allowed the client to adopt an incremental approach to GDPR, providing consistency across the organisation and its subsidiaries while at the same time allowing it addresses high-priority areas without disruption to its operations.

HIVEMIND PROVIDES GLOBAL (FTSE, NYSE) FAST FOOD CHAIN (SECOND-LARGEST FAST FOOD RESTAURANT CHAIN BY - Case Study: 2 of 2.

Show / Hide Full Details


Situation
The client had started their GDPR journey but had some challenges with a consistent approach, no clear direction and multiple stakeholders.

HM was engaged to deliver a GDPR plan that considered all aspects of the GDPR for a large-scale organisation.


Task
Hivemind was tasked to work with the existing programme and other stakeholders to deliver an achievable plan that addressed multiple areas necessary to guide the client from breaching the GDPR.

Action
We worked with the existing GDPR programme and other stakeholders including members of the legal team and assistant General Counsel and developed a comprehensive GDPR plan.

Hivemind also provided feedback on information gathered by the team and provided a method for prioritising particular challenges that client had regarding existing systems.

To ensure that our GDPR approach addressed the relevant challenges – organisational, technology and legal, Hivemind called on the expertise of a data protection lawyer and litigator for oversight and also for presentation to the client regarding specific areas of disclosable artefact creation.


Results
Hivemind provided a comprehensive enterprise-level GDPR plan to help the client address their GDPR challenges and legal obligations.

This plan was also vetted by members of the client’s legal team who provided positive feedback.






Alan Simmonds

Profile picture of Alan Simmonds

@alansimmonds

active 4 days, 13 hours ago