GRC Consultant at IT Governance USA
CORE COMPETENCIES Data privacy and GDPR compliance principles Data mapping and associated project management Data protection impact assessments, legitimate interest analysis and data processing agreements International compliance and regulatory frameworks (Privacy Shield, ePrivacy Regulation, HIPAA, CASL, CCPA, ISO 27001, 22301) KEY ACHIEVEMENTS Key lead for global GDPR project of international software company; managed team of 45+ “privacy champions” spanning 250 unique business areas and product lines in 144 countries. Product owner for internal GRC software and project platform, managing more than 3,000 data mapping audits of privacy risk. Drafted data processing agreements and data privacy statements for various technology businesses operating in B2B/B2C, including SaaS platforms, project management software, telematics and fleet tracking apps, construction logistics tools and architectural modelling. QUALIFICATIONS Juris Doctorate (JD), University of Kansas School of Law License to practice law, Colorado and Missouri Bar Member, International Association of Privacy Professionals (IAPP) ISO 27001 Lead Auditor (IBITGQ) ISO 27001 Certified ISMS Lead Implementer (IBITGQ) General Data Protection Regulation Foundation (EU GDPR F) General Data Protection Regulation Practitioner (EU GDPR P) Encryption Controls Training Certificate, US Department of Commerce, Bureau of Industry and Security Bachelors in History & Political Science (with distinction) SPECIALISM | DATA PROTECTION Preston’s legal experience and passion for technology make him uniquely suited to understanding the business impact of compliance regulations such as the GDPR. Through hands-on engagement with data mapping, DPIAs, and data protection agreements, Preston understands the challenges that come with far-reaching regulatory frameworks. At the same time, he values the policy rationale of data privacy legislation, and the need for any organization to properly manage personal data. As a result, Preston works to provide practical guidance on operationalizing business risk and demonstrating an effective compliance program. PREVIOUS EXPERIENCE Before joining IT Governance in 2018, Preston worked in the Legal & Compliance group at Trimble Inc., an international GPS software company. There, he was responsible for analysing, adjusting, and implementing compliance regimes for corporate-wide mergers and acquisitions activities representing $50 million per financial quarter. Preston also led the company’s GDPR compliance project. In that capacity he served as both lawyer and consultant, advising business areas of their risk position relative to GDPR issues and guiding them through implementation of remediation actions. This involved managing data flow mapping for more than 250 distinct units engaged in businesses as varied as SaaS platforms, mobile geolocation apps, GPS/GNSS/telematics tools, fleet management software, construction hardware, and architectural/engineering design systems. As part of this effort, Preston created company guidelines and policies related to data privacy and protection for the company’s HR, IT, and Marketing departments while assisting business areas with their own GDPR compliance activities (e.g. data retention policies, data subject access request procedures, public privacy statements, etc.). Preston also reviewed data protection agreements for existing service contracts and assisted in drafting new data transfer agreements between inter-company legal entities. Before Trimble Inc., Preston studied law at the University of Kansas School of Law.