HiveRank (1365)

Alan Simmonds

Principal Member


(a) what goes around comes around and (b) many think about, fewer think through

In a nutshell

Experienced privacy professional and DPO specialising in governance, GDPR, DPA, CCPA, PDPx, POPIA etc. and enterprise/business architecture.


Partly Available Immediately


Cambridge, UK, United Kingdom






Corporate Governance

DPA (2018)

Enterprise and Business Architecture

Enterprise IT Governance




HM Expert since

Thursday March 27, 2014


DPO, privacy and data protection professional focussing on GDPR, DPA 2018 and related legislation and governance in the UK, Europe and the ASEAN, assisting organisations manage their legal privacy challenges effectively and lawfully.

Basically a privacy enthusiast.

I work cross-industry with proven delivery to the board, to management and to operations ensuring they address, to at least the legal minimum, their privacy and data protection challenges.

To support my work as a DPO and privacy professional I’m finishing up my LLM (Data Protection Law and Intellectual Property Law).

I have a pretty good grasp of business architecture and enterprise architecture.

Current role details

Established the Data Protection and GDPR framework to manage all privacy risk exposure for the transition service period for the Coca Cola purchase of Costa Coffee (£3.9b transaction value)

Alan's STAR Stories

Hivemind delivers GDPR capabilities and tools to global FTSE company (Reveal More OR View Full Page)

The client initially engaged Hivemind to review policy documentation, however it quickly became clear that our GDPR expertise and delivery capability would be valuable, not only to head office but to their 35 global subsidiaries.

The client HQ perspective required a consolidated approach to reduce overhead, provide continuity and create an extensible approach that was immediately usable and that would also support their legal obligations under GDPR, whether onshore in the UK or elsewhere across non-EU countries.


Hivemind was tasked to provide GDPR awareness sessions, policy reviews, GDPR-engagement tests, processes and more importantly the tools necessary to help the client meet their GDPR obligations.

We were also asked to review HQ and the subsidiary material submitted for GDPR and to provide ongoing assistance for GDPR challenges, queries and options for consideration.


Our initial engagement delivered well-received policy material.

This initial engagement was extended almost immediately into a formal GDPR engagement that included ongoing GDPR knowledge transfer, awareness briefings, reviews, approaches and tools to assist in their compliance activities.

The approach and artefacts were used by HQ and their subsidiaries

Hivemind’s team on the engagement incuded the expertise of a data protection lawyer for oversight of the more challenging areas.


Our initial delivery was well received by the client who engaged HM further for our GDPR expertise and delivery.

Hivemind provided GDPR guidance and tools forming the basis of the GDPR disclosable artefacts (for supervisors and courts).

The Hivemind delivery allowed the client to adopt an incremental approach to GDPR, providing consistency across the organisation and its subsidiaries while at the same time allowing it addresses high-priority areas without disruption to its operations.

Create GDPR plan for global fast food chain (Reveal More OR View Full Page)

The client had started their GDPR journey but faced some challenges:

  • no consistent approach
  • lack of clear direction
  • multiple stakeholders (what was the actual issue, not communicating well to multiple stakeholders, or something else?)
  • Deliver a GDPR plan.
    • Work with the existing programme and stakeholders to deliver an achievable plan that considered all aspects of the GDPR for a large-scale organisation.
  • Guide client so they would avoid breaching the GDPR.

Developed a comprehensive GDPR plan by working with the legal team, assistant General Counsel, and other stakeholders. We also engaged an external data protection lawyer and litigator for oversight.

Provided feedback on information gathered by the team (such as–perhaps by category??. I think we want to demonstrate that we understand GDPR in this section)

Delivered a method for prioritising challenges in existing systems.

disclosable artefact creation (I pulled this out as being something not mentioned before. Can you elaborate or can we delete).


Provided a comprehensive enterprise-level GDPR plan to help the client address their GDPR challenges and legal obligations. (Did it actually help them address their challenges, if so, what was the result of that?)

This plan was also vetted by members of the client’s legal team who provided positive feedback.


Industry Experience

Banking and Capital Markets


Financial Services

Government and Public Services


Hospitality and Leisure


Mining and Metals

Oil and Gas

Pharmaceutical and Life Sciences

Power and Utilities



Retail and Consumer

Regional Experience



Central America


Middle East

North America


South America