Related Posts
Most important bec topics??
Additional Posts in Privacy Law
Anyone else dying this week 😅
Can you incorporate SCCs by reference in a DPA?
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.




Coach
First - get familiar with your company’s products, services, etc. what data is collected from consumers, what data comes in from partners, and if you have employees in california, what data you collect from employees. If your engineering team has a data map, read it and get familiar with it. Build relationships with your it, it engineering, product, and marketing teams.
Law/Regulation Wise -
If global - get familiar with GDPR, check regulator fines for companies similar to yours and what they were fined for, if there’s AI involved get familiar with EU AI act.
Just US - get familiar with CCPA/VCDPA. IMO every state law on the books falls into a CCPA style or VCDPA style law. Upcoming laws (like Maryland) stray away slightly.
Overall - If you’re doing cyber/data breach - get familiar with those laws and thresholds, get familiar with common contractual terms you’ll be reviewing/negotiating - items I look for in DPAs (in no particular order):
1) audit rights
2) breach notification
3) Limitation of Liability
4) Data transfer terms (if there are any)
5) With the new DOJ rule, if any vendors you do business with fall into those categories
6) other commercial terms (insurance, etc.)
7) any downstream data sharing
8) check if any sub processors downstream are using AI
AI likely will fall within your remit too so… how its used, if there are any vendors the biz is looking to do a PoC on - input/output ownership rights, data ownership, any training on your data, how the biz intends to use it.
Also get comfortable with privacy impact assessments/data protection impact assessments.
Nothing besides I hope to follow in your footsteps soon as a rising midlevel
Hmmm I mean brush up on things you might not expect, like marketing or kids stuff, but I think you’ve got all the bones there to be great!
when do you think they’ll transition you to Privacy Counsel? is there a set number of years you need under your belt?
Basically immediately. My boss isn’t concerned and felt that going for the CIPP/US was unnecessary at this stage.