Are privacy professionals truly equipped to handle the coming AI revolution? 

Jamal Ahmed interviews renowned Privacy Professional and Attorney Christopher Schmidt on the opportunities and threats posed by emerging technologies like generative AI. 

They discuss:

• Pragmatic ways to apply core privacy principles to AI systems
• Why you shouldn't overreact to AI hype
• The complex state of International Data Transfers

And a bonus segment where Christopher addresses listener queries about IAPP exams and how to set yourself up for success as a World Class privacy professional.

This episode is a must-listen for any privacy pro looking to stay ahead of the curve!

Christopher Schmidt, FIP; CIPP/E; CIPM; CIPT, CDPO/FR; is a German Magister of Law and Attorney-at-Law (Rechtsanwalt) experienced in European Data Protection and IT law.

He previously served as an Advisory Board Member and Chair of the IAPP's CIPP/E Exam Development Board and has been selected as an expert on data protection matters by the Council of Europe.

Christopher has worked at the International and European Affairs Department of the Hessian Data Protection Commissioner and with renowned global law firms, focusing on cybersecurity and data protection matters across all sectors. Among the clients he has advised are leading technology and software providers, financial institutions and blockchain businesses, global pharmaceutical and tourism companies.

As a freelancer, Christopher runs advanced courses and workshops for law students as well as for lawyers and data protection officers on current European data protection matters in German, English, French, and Italian. In 2020, he launched the European Essential Guarantees Guide [www.essentialguarantees.com] to help data exporters with conducting global transfer impact assessments in a post-Schrems II world.

If you're ready to transform your career and become the go-to GDPR expert, get your copy of 'The Easy Peasy Guide to GDPR' here: https://www.bestgdprbook.com/

Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/

Follow Christopher on LinkedIn: https://www.linkedin.com/in/piracybydesign/

Subscribe to the Privacy Pros Academy YouTube Channel

► https://www.youtube.com/c/PrivacyPros

Knowing who you are and how you can be resilient about certain things is one of the most important lessons in privacy and, outside of the privacy world in general, so adapt yourself. Improve yourself on a continuous basis. And sometimes also just, close emails, close your phone, go out with friends, have a good time. It sounds like one of these, standard phrases, like you say, yeah, okay, enjoy your life. But it is really important because especially I think in our sector there's so many great people in the privacy sector posting lots of things and it's very dynamic, but I think our minds sometimes need some good rest.

Are you ready to know what you don't know about Privacy Pros? then you are in the right place. Welcome to the Privacy Pros Academy podcast by Kazient Privacy experts, the podcast to launch progress and excel your career as a Privacy Pro. Hear about the latest news and development in the world of Privacy. Discover fascinating insights from leading global privacy professionals.

And hear real stories and top tips from the people who've been where you want to get to. We've trained people in over 137 countries and countries. So, whether you're thinking about starting a career in data privacy, or you're an experienced professional, This is a podcast for you.

Hello and welcome to another episode of the Privacy Pros podcast. I'm your host Jamal Ahmed, award winning Global Privacy Expert and Founder of the Privacy Pros Academy, where we're building a community of world class privacy professionals who empower businesses to adopt honest privacy practices. I'm thrilled to have you joining us today.

This episode is brought to you by Kazient Privacy Experts. We provide pragmatic and easy to implement solutions for government, SMEs and multinational corporations. We're creating a future where every woman, every man, and every child enjoys freedom over their personal information. And to learn more about my bestselling book, check out bestgdprbook. com.

Now today on our episode, we've got an amazing guest. Somebody I've been actually trying to get on the podcast for some time, but he's always so busy, but he's managed to free up some time to come here today.

And we have Christopher Schmidt. Fellow of Information Privacy, Certified Information Privacy Professional, Certified information Privacy Manager, Certified Information Privacy Technologist, Certified DPO, Data Protection Officer for France, and he is a German magister of law and Attorney at law experienced in European data protection and IT law and building on his profound IT and pen testing knowledge. He served as an advisory board member and the chair of the IAPP's CIPPE exam development board, and has been selected as an expert on data protection matters by the council of Europe.

Christopher has worked at the International and European Affairs Department of the Hessian Data Protection Commissioner, and with renowned global law firms focusing on cybersecurity and data protection matters across all sectors. Among the clients he has advised are leading technology and software providers, financial institutions, and blockchain businesses, global pharmaceutical and tourism companies. As a freelancer, Christopher runs advanced courses and workshops for law students as well as lawyers and data protection officers on European data protection matters in German, English, French, and Italian.

Christopher 03:48

I like the introduction. The most fun thing I've been doing was playing inside 3D mini golf. It was like, in outer space and trying to get those balls into the holes and that was fun, actually.

Was the gravity the same or did they manage to adjust that?

I find at least I could feel some difference there, but I think it's mostly like the 3d effect and the 3d glasses they have you put you on.

Oh, with 3D glasses, that sounds really cool.

Pretty nice. Yeah.

All right, so getting into privacy. This year has been dominated by all things artificial intelligence. Everyone's getting excited about these leaked AI regulations. Who leaks a law? Like, how does that happen?

That's a good question, actually. Look at the legislative process, actually. Of course the pressures and the stakes are high, but it should be transparent. So I was like, why are we leaking legislative proposals? Why does it happen now? I get that there's internal decision making processes, but it should be transparent in any case, and we'll see the final AI act anytime soon.

All right. The future of work is likely to be heavily influenced by AI with all of these companies getting excited about AI and all of these exciting developments that we've seen. But from your point of view, what are some of the privacy implications of this shift and how can privacy professionals start preparing for them?

That's a great question. I've been thinking about that for some time as well. The first question for us Privacy Pros is does it have to be on us to respond to these challenges? And that begs the next question, who else, if it's not us, right? So I think that's one of the most crucial points, but of course there are privacy implications that are at stake.

If you look for it from a European perspective, there's not just GDPR, there's lots of laws and practices come into play.

So I think that the best preparation for Privacy Pros would be focus on what you know already and try to translate that to the future. So data processing, transparency, how these AI algorithms work, ensure transparency, transparency is a key principle. Don't, throw the dust on the carpet, but keep things out there. Understand the way it works. Data minimization comes to play, all the article five GDPR principles, I think need to be applied upon these technologies. So that is something I would say is one of the most important things. The frameworks that we have seen so far there's many of them already. There's the NIST AI, RMF, there's the EU AI Act, on the way it's been leaked now this week. So we're going to see how things are going to turn up there. There's the Council of European Human Rights, there's ISO guides, there's IE guides. So there's lots of material out there that you have to study and to understand if you want to assess them on a systematic base already.

I think that's the technical and legal part of it. In terms of internal awareness, raising awareness with employees, giving training opportunities to employees as well. Monitoring this field, collaborating, making policies about how to use these tools in house for example, is crucial. So I think you've got to take this holistic approach to make it manageable and in a certain case, and monitor this space in a very detailed way because things are changing quite quickly.

And I admit at least for the UI and the related frameworks that I just mentioned here, it's difficult to keep up with that, if I'm not just doing AI, but I'm doing other privacy projects, I have nothing to do with AI. There are so many things nowadays and being an expert on all these matters is becoming quite difficult.

Yeah, I resonate with a lot of things you've said there and essentially what baffles me is why suddenly Privacy Pros are losing their heads over this AI. We've been dealing with AI for years and years now. It's nothing new, right? I remember doing one of my first data protection impact assessments on AI and the reason I was uncomfortable with that is because I knew by the time this comes into play, 18 people will be made redundant.

So there is amazing benefits of it, but I think it's only since chat GPT came onto the scene with this generative AI, it's really sparked the interest of everyone because it's quite fascinating. Nobody really understands it. And the fact that it can do all of this creation stuff, I think it's captured people's imagination, which is why it's at the forefront.

But before Chat GPT came on the scene and it really blew AI up, we've been talking about the basics, which you've just mentioned. We need to make sure we do the data protection impact assessment. We need to make sure that we're following the guidelines and the principles. And as long as we're making sure we're following the spirit of what we're supposed to do, which is protect people, have the security, have the privacy, ask questions to your vendors, to your suppliers of where the data is coming from.

Make sure you've done your due diligence. Then there isn't that much to be alarmed about. And I remember last year when I delivered my keynote speech at the International Data Conference on balancing AI and privacy, a lot of those frameworks that you've mentioned, they're the exact same framework. I said, we have all of the tools already.

Yes, there'll be new tools coming, but we shouldn't lose our heads over it because we have everything that we would possibly need. All of these things are an enhancement, but if you understand the basic fundamentals of what you're trying to do, the right to privacy, That's all you have to do. How you do one thing is how you do anything.

You just have to adapt, alter, and pick up new skills. And the other thing you mentioned there was you can't be an expert on everything. There's so much happening and so much moving. And that's why it really helps to be in a community of world class professionals because somebody will be an expert in something else.

You'd be an expert in something. You have that knowledge exchange, you support each other. And oftentimes you can save each other a lot of time by sending them and pointing them in the right direction, rather than having to spend hours and hours of research often into your non working hours to try and figure those things out.

So I really resonate with a lot of what you said there. So thanks for that.

That's why these principles are that important. Article 5 GDPR, but other principles and other laws, other frameworks, even if they apply or they seem very general, the ideas behind that, fairness, transparency, equity, in a certain way, no discrimination, that is something that is from a culture and value basis, something we all resonate with, I hope.

So translating that into practice, it will help. And even if you don't know the details of every regulation of every standard, just following your, gut feeling in a certain case and just applying these principles, at least that helps clear up a lot of issues, I would say.

That was really valuable. So thank you. So what are the biggest challenges and opportunities for privacy professionals in the age of artificial intelligence and other emerging technologies?

I think the role of Privacy Pros is becoming even more vital in safeguarding our rights, individual's privacy rights simply. So I think challenges that we'll all face, massive aspect is data proliferation. This adoption of AI and emerging technologies, it leads to generation of a vast amount of data just in terms of numbers and all mass data collection is by itself something we need to be very careful about. I think that's something that history has shown very often me as a German international, we all know that from a very historical context. I think that is something that is very crucial here. Anything that goes into the bias, the discrimination direction is very important, and that will be something that we will need to be able to explain and to assess properly, ensure equitable treatment of everybody in that case anti discrimination, even in these principles, in these applications where there's a lack of regulatory frameworks, and we all go to soft law.

So we have like policies or we have standards, industry standards, but not a hard legal requirement, even there, we might want to opine and be very clear on what we like or what we don't want to happen because, once you open Pandora's box, it's difficult to close again.

Yes.

So that's something I think is important too. Everything else around, of course Article 32 GDPR, anything about crossbar data flows, that's, I think the standard in that case, not too new. Getting back to principles, I think that's something I'm doing. I'm zooming out a lot in the recent days and weeks. Privacy by design is still a very important thing. Advocate for privacy regulation and implementation in companies, and even across industries and sectors. Ethics, data ethics has been one of these catchwords.

Maybe it's a very broad term and piece of what. Doesn't mean the other ethics. Come on, look at what we're doing in this world. Ethics is no longer a thing, but I think it is. We just need to give it meaning. We need to give it purpose. We need to fill out these definitions and live and breathe them.

And if we do that it can work of course. On a data subject rights, it's always a very important thing. So I think that's normal. And it's getting even more complex.

Think about a DSAR, you have a very large dataset may be trained on your data for any large language model or some other generative AI context.

And you need a DSAR that good luck to you. So of course that needs to be ensured in any case. And I think trust again it's all about trust in a certain way. And that is something we can build, I think, mostly through, again, transparency, transparent practices, explainable AI, if that's a word that helps. So bringing these AI and emerging technologies together to face challenges and opportunities, I think is one of the most important pieces that we can contribute here to a privacy respecting, to an innovative digital future at the end. So that's where I see our roles. It's very much in between very different areas, legal, technology and ethical standards and business objectives is core as well.

But I think if we are able to explain that and to communicate well, I'm thinking a lot about communication even so I can write long email, explaining lots of issues, but I can get back to, again, my principle and say look. This is just not fair. If we deprive individuals in that case of not having control over that specific process, for example, is it still some sort of fair application we're going to make here, or are we getting into the weeds of, hiding something from the public? So that's something where I think you need to have your own standards in a certain way as well. And then translate them and live and breathe by them.

Thank you. It sounds like from what you're saying there, reading between the lines, you're saying, look, we have everything we need, but as individuals and as professionals and as businesses, we need to take responsibility, not just of saying these buzzwords, but actually looking at what they mean and living and breathing them and acting with integrity.

And if we did that, we have all the tools that we need there. And all we need to avoid is all of this craziness of trying to catch buzzwords, but actually doing nothing with them, creating empty policies, creating large legalese jargony things. Just go back to the principles and just apply them and live them and breathe them and everything will take care of itself.

That sums it up very well.

Thank you. Now one of the things that you are really focused on and a subject matter expert on is all of the challenges that we've been having with international data transfers. What are the most significant challenges organizations are facing right now when it comes to dealing with sharing data outside of the European Union?

I think there's a lot of them actually right now. Although there's been a rise maybe on that issue for, around 2020, 21, 22, maybe we're now looking at different issues from a regular perspective, but it's still there. It's still the law and it's still applying. So we can't change our focus or shift it completely on other subjects.

So it's still a thing, of course, and it's still something we need to look at. Looking at it from the historical perspective, Privacy Shield invalidated, then Schrems II, then the new SECs, there's been a lot of focus on this issue. However, reading TIAs, digesting them, looking at them case by case, that's where most people stopped, at least mentally. They were saying we have something in place, but then look at like how different TIAs can look. There's been some TIAs public, some companies providing them, some providing summaries. Was it the Court of Justice of the European Union providing some TIA on their use of some video conferencing system as well.

So you have some examples, but they're looking all very different. We have guidelines from the European Direction Board as well, that were very difficult to read at certain cases and not too, I think, easy to digest in a certain way. Just showing the complexity not putting the blame on anyone here, just showing how complex this issue has become. And then not to forget the data privacy framework, of course, at the end, how could I forget, that and everyone waiting for, Schrems III is it a thing? Will we have that discussion again and again. I think if you go, separate ways or you look for some backup solutions, so even if you're DPF certified, look for other transfer tools. Of course, look for the ways you can implement SECs in certain contexts or standard contextual clauses, look at whether in house it makes sense to apply and have your BCRs approved, so binding corporate rules as well, all, the myriad of transfer tools under the GDPR and other applicable privacy frameworks.

Keeping an eye on how these things are developing is important too, because simply we know that things are going to change and will change. No one knows how long we're going to still have the DPF. There are indications that it's getting legally very complex at that type of questions as well. Look, if you listen to law professors, for example, or law experts from certain universities, whether the new safeguards are sufficient to meet, the new criteria. And there's lots of debate on that one. So you can listen to one expert saying, yes, it will stand the pressure, whereas saying, no it's just not working. And all the protections and safeguards and the new court in the U S and everything else they put in place is not sufficient. So monitoring here again is a very important thing. Doing your due diligence in that case, develop your documentation, make sure what type of, trail of action you have, and then document it somewhere where you can show it. Train everyone that's involved in the issue and raise awareness again, because there's a post Schrems II world. Maybe we're in a pre Schrems III world and be a post Schrems III world too. So we're going to see how things are looking like in, in that moment. But I think that's where we are right now.

Yeah, I think there are definitely going to be some exciting and interesting developments, which will be quite fascinating. They're going to get very technical. But it's interesting you use the word the new court. I'm not a big fan of it because as far as I'm concerned, it's just a table next to the president's desk and someone just rubber stamps it.

There is no proper oversight over it. And I don't believe in the DPF. It's great there's something there that businesses can continue, but I don't think it offers European residents the protection that they are entitled to and the protection that they deserve based on just the whole farce and the way it's running around.

Sometimes it makes me angry when I'm talking to people in my own family, like not professionally, because it's hey, there's all of these rights that have been given to people and we have to protect them and we've gone to extreme lengths to make sure we get them right. We've made businesses spend so much money ripping things up, putting them all over again, only to end up with a joke of a system that kind of appears to tick the box.

But when you look beneath the surface, it doesn't actually appear to do anything. And it doesn't give and guarantee those rights that we were promised and the ones that everyone's been fighting so hard for. So it makes you question what's actually going on? And more recently, I was surprised and you can give me your opinions on this.

Just earlier this month, the European commission said, we finally reviewed all of the adequacy decisions, even though we're meant to do that every four years and nothing's changed. And when you look at some of the countries, some of the practices, and you look at some of the requirements for adequacy and you look at some of the applications that have been made that have been approved, you wonder, was you sober when you did this assessment, because what you've said in one place and what you've just endorsed here, it doesn't actually make any sense.

That's my personal view. How do you feel about the adequacy decision?

I fully share the sentiment, like the level of frustration, looking at the amount of time and money and effort that went into crafting TIAs. Into looking at what can we do? What shouldn't we be doing? What's the risk here? Can we still do this? Should we stop doing that? I stopped counting actually.

I feel that there is a particular focus on the U S, legal landscape and practices and everything that is partly due to, relations Snowden and others in that field, of course.

So it's okay to have the public look at that in a more detailed manner, however, it's not the only, economic partner in this world that has some sort of weight and that we're looking at.

So it's nothing, fundamentally new or it's GDPR mandating that's all language to shift the focus on different issues.

So broaden the debate on other countries. That's my first point. We're just looking at the US. That is maybe, limiting it a bit too much. And isn't that a general frustration that we may have in our legal systems in general that we have a chart of fundamental rights. We have certain civil rights. We have access to courts. We have lots of other, legal protections in place not just the privacy sector and We feel they are working more as well, but they're not always working very well looking at courts in Germany or looking at courts in Italy or looking at courts, very, basic systems. Do people have the chance to have their rights, protected in a form of procedure with certain guarantees and certain standards.

Is it working very well? So I think there is always room for improvement and it's some sort of glass, half full, half empty kind of situation.

I tend to be the, half full kind of guy saying at least we have something in place. At least there's a certain shift and then that begs the question in the international context, if we can require other autonomous states in public law, these are nations that can make their own laws. And we are nobody to tell somebody to, adopt a different standard.

Of course, we come from more democratic and more value based approach, but I don't feel entitled to tell other people how to do and craft their laws and apply their legal standards when it comes to national security, that's a very thorny field that's a very difficult debate to do actually. So I think that every inch that you can win is already a win, even if it's not maybe the ultimate win over privacy or for privacy in that field.

So as long as the debates continue and we're looking how to improve that and bring standards or align them, at least we're getting closer to where we want to be, but it's always some getting close to something and ideal that we will maybe never really achieve.

And that applies to the U S as to the at least adequate countries as per the EU Commission's definition. Simply because it is difficult to get to these standards. I fully agree that I sometimes have the feeling there is at least two different standards being applied depending on what country you're looking at. I think that is something that is not fair. So we want to broaden that, exercise to other countries as well.

And I agree this overdue re decision or reassessment of adequacy status I've been reading that as well. And I was surprised at looking with what type of death they've been doing that in some cases, looking at some concessions that had to be made by certain adequate countries to maintain adequacy. There's other interests that come into play here as well. We've been talking about bias in AI and there's also biased decisions and decision making processes out of the AI world.

Definitely. So we all face challenges in our careers and your career from your LinkedIn activity clearly has gone from strength to strength. What I'm particularly interested in though is there a particularly challenging moment that you can recall and how have you tackled it and what lessons did you learn from it?

That's a good question, actually. You got to have the right mindset. That's very important. So what doesn't kill you makes you stronger, I'd call it one of my mantras. There have been, of course, cases, data breaches, critical deadlines, pressure from different teams, from clients. And there will be, of course, that's part of my work. The more legal aspect, a lawyer's work, but IT experts have the same pressure. Sales marketing folks are facing same, or different difficulties. So we have all that. For me personally, the two state exams in Germany, they are supposed to or being taught as being very tough and very decisive moments in your life and preparing at least for the first exam takes around five years and for the second exam, another two years, and you've got to have your whole knowledge in one point readily available, public law, criminal law, civil law, all that wasn't even about privacy things at that time. That's been challenging, of course. And I think with any, challenge in life.

Having support of your beloved ones, relying on friends, your family, knowing what you're doing it for, focusing on what's important, focusing on your strengths, believing in yourself. So a good deal of, knowing who you are and how you can be resilient about certain things is one of the most important lessons in privacy and, outside of the privacy world in general, so adapt yourself. Improve yourself on a continuous basis. I'm happy I went through these experience, made me stronger definitely. And sometimes also just, close emails, close your phone, go out with friends, have a good time. It sounds like one of these, standard phrases, like you say, yeah, okay, enjoy your life. But it is really important because especially I think in our sector there's so many great people in the privacy sector posting lots of things and it's very dynamic, but our minds sometimes need some good rest.

So try to find your right balance and that will make you strong enough for the very important decisions for these decisive moments when you feel, oh, that's a challenge. And you've got to be prepared for it when you have your energy and your forces together, who you are being, centered, that's important.

Wow. That's some amazing tips there. Thank you. I think what really stood out for me from based on what you said is it all starts off with having the right mindset, having a growth mindset, having a resilient mindset and always looking for opportunities rather than always looking back and shaming, blaming and justifying and disempowering yourself.

And then what you said is really important. Coupled with the mindset is all of the things that you mentioned all come back essentially to grounding yourself. Grounding yourself within yourself, grounding yourself within your support network, and really being in touch with your purpose. Why are you doing what you're doing?

And ultimately focusing. So you know, which way you're going, when the obstacles come, when challenges come, that will give you the resilience that you need to navigate around those obstacles, learn from them and grow stronger. Thank you for those super tips, Christopher. I really appreciate it. I'm going to take a lot of them on.

We're all in for learning, right? It's a constant process.

And, that's the most interesting part of it, apart from, learning professionally and being more in certain privacy issues and being even deeper in technological stuff and like all that.

I think the whole blockchain thing, when I first put my fingers into that, industry was like, what's that? And then it's interesting to learn that, but don't look at it only from the professional point. Look at yourself as a person and don't neglect that, personal aspects, because you need to be resilient, you need to communicate well, and you can be one of the most brilliant minds in the privacy sector, if you can't communicate that, if you can't bring that to other folks that you're talking to. 50 50, your own professional development should not be more important than your personal development. Both should go, on the same I think that's very important.

I couldn't agree with that anymore. In fact, I'm not sure how much you know about our programs, but our signature program is a 16 week accelerator program. There's basically five pillars we focus on. The first is mindset. So you've covered that. The second is subject matter expertise.

You need to know your stuff. The third is practical know how, right? You need to know how to operationalize all of that legalese, all of those theories, all of those standards into actual pragmatic solutions. The fourth pillar is all about personal branding. And that's where we work on communication skills.

That's when we work on presentation skills. That's when we work on really developing your leadership skills. And the fifth one is all about having a strong supportive community of like minded people around you, because that is your safety net. That is where you go for support. That is where you go for advice.

And those are the people that you help. And in return, you will get that back. So those are the five pillars that we focus on. And in everything that you've shared there, it sounds like we're on the right track with those pillars and the success of the people that have been through that actually speaks for themselves.

Christopher 25:50

Oh, seen it all. I don't know. That sounds very bold. So thanks for the compliments. I think there's still lots of levels to unlock.

Three tips? Okay. Continuous learning, privacy laws changing every day of the week. But it means when you add, for example, workshops, conferences, blogs, Books, webinars, anything else. You see that there's maybe value in some of these and less value in others. So also deselect certain blocks. Don't just add things up and say, I need to read that as well. I need to get an expert in my own AI stuff.

And there's this happening and now and a Facebook or Meta now, and now a new one. So I need to read that as well. You need to know what to do, like filter stuff and maybe use AI to do that. So continuous learning, I think is something that is important. Skills across disciplines, in a certain way, communication, technology. If you always want to learn a new language, it can be, a human language, it can be a programming language, anything in that regard. It can be how to prompt, I don't know, but develop these skills and don't just stay in your silo, learn how, folks in other departments of your company are working.

And then your network. I think a network and community involvement, it can be within associations, it can be roundtables. You can do that, for yourself. Open a chat group somewhere, or even join industry events. It doesn't have to be something that is, done on a high frequency, systematic basis.

You don't have to become the new influencer in that whole sector here, but at least not just knowing the rules and regulations, but adapting to change, understanding the broader context, cultivating a network of peers and friends and mentors. I think that is most helpful.

Just to summarize, because there was so much value there, what I'm taking away is look, bucket number one of your tips is all about continuous improvement, continuous growth. You need to be continuously learning and growing and evolving.

And I think the thing that really stood out for me from what you said there is what I find a lot of people struggle with sometimes is they're not selective with their sources of information. They're not selective with their books, they're not selective with their podcasts, they're not selective with their webinars and they just think more of it is great.

But actually, when you go and consume poor quality things, it leaves you overwhelmed, leaves you confused and sometimes it even leaves you questioning what you know because it was just delivered so badly. So be selective about what you consume. Bucket number two was all about stacking your skills.

So yes, it's great. You've got your technical skills, your Privacy skills, but that's not enough. Keep stacking those skills and look outside and across and stack different skills and be a rounded professional that adds more value. So you bring more value to the table. And number three was all about making sure that you have a powerful community of high Performance professionals around you so you can learn from each other, you can contribute and together you can overcome any kind of challenge that is going to come across your way.

So investing in being part of a community, making the effort, giving value and receiving value. So three great tips there.

Now we spoke to my community. And if you're listening and you want to join my community, just drop me a message on LinkedIn saying community, and I'll let you guys in for free because Chris has given some amazing value.

So I feel like I need to make up for it and give some more stuff too. So if you want to join our community, drop me a message on LinkedIn and I'll bring you into our global community of Privacy Pros. But we went to our community and we said, Hey guys, guess what? We've got an amazing guest coming. Chris is going to be on the podcast.

They got really excited and they come up with a bunch of questions. So here's the first one. And this is in relation to your position at the IAPP. And I know anything that you say is purely your opinion and it's not endorsed or representative of the IAPP. So please remember that guys. The question here is, are mock or beta exams by IAPP any good?

What's the thought process that goes into putting them together and how helpful are they to aspiring test takers? How accurately reflective are they of actual exams?

Good one. So as you said, I can't comment on the IAPP and their papers. That's the disclaimer here. And my term, I think we presented that at the beginning as chair ended last year. So my function as the chair of the CIPPE Exam development Board ended last year, so 2023.

But anyhow, I remember at least sitting myself for these exams, I think these mock and beta exams can be a valuable resource at least, get some idea to simulate the actual exam experience and assess your level of preparedness, even if they might be different from the actual exam and the actual situation, but if you use it in a realistic scenario. So for example, you don't give yourself, 10 minutes or 20 minutes for a question and think about it very long and think about everything, and then you do some research and you Google something. That's not realistic. You have then two or three minutes mathematically maximum to respond to that question.

That's it. Make a good guess. The question can be difficult. It can be a bit ambiguous, that's just the way the exam is written as well, not by providing ambiguity per se, but simply because certain things are not too clear either.

So you've got to make a good call and say I think there's, two options here, but I think this one is the one that's like really striking. And that is, in every exam the case. No university in the world will make an exam say there's three easy to spot wrong answers. And then there's one easy to spot, right answer.

That's just too simple. So of course there needs to be some complexity in that one. I think for your self assessment for being familiar with the exam format and the content, multiple choice, not something for everyone time management and your own confidence.

Your own, I know what I'm doing here. For the exam pass threshold, I think I can do it because I did most of these questions rather well and I know, why I picked these answers. I read the explanation and everything. I think for that, they are a good go to resource. That's the least I can say from my point of view. So I would recommend doing that. You do these kind of mock exams in many cases. So they are helpful and I did not get impression when I sat for the exam that they were fundamentally different from the real exam, I think some of them are easy. Some of them are more difficult. But that's life, right?

That, that is life. Mock exams for me, the value is in just getting familiar with what the questions are going to be like, what the format is going to be like. I don't think it adds much more value in my opinion than that. The thing is, if you know your stuff, you know your stuff, and what I find a lot of people that actually flock to illegal exam dumps, unofficial exam dumps are people that just want to look smart. They just want a couple of letters after the name and they have no real understanding. And I think the people that focus on that is actually bringing the industry to disrepute, bringing people with certifications into disrepute because there are people who actually put time, effort, energy, who've been doing this for years and years, and they have the same letters after their name as other people do.

And when people outside of the industry or hiring managers speak to people who are certified because they believe this certification adds some weight and clout, then it gives them a bad image of everyone. And so what I would say is, look, if you're interested in just passing an exam because you want to look smart, or just because you want to clear an exam, then you can take that path. But if you're interested in becoming a world class professional that's going to secure top tier roles, get exciting projects and really support your clients, then you want to be able to understand and apply that knowledge. And this is what the CIPPE is known for doing is A, assessing your ability to apply that so when you hit the ground running or in your day role, you can actually take the legal requirements and translate them into operational solutions.

And that's what this is really about. And the other thing you need to question, based on Christopher's advice, he said, what is the purpose? What are you focusing? Why are you doing this? Some people get so fixated on just passing the exam that they forget that the exam isn't the be all and the end all.

In fact, it's probably just the beginning, especially for aspiring people. Just having this exam doesn't mean anything. You need to be able to go and do the role. And just because you've got an exam doesn't mean that someone's going to knock on your door and offer you a job. You have to prove yourself and you're going to be competing against people who are serious and people who have actually done the right thing and people who have actually invested in going and training with mentors.

And so you need to figure out what is your goal and what do you want to be? And if you want to be an average person and just get by, then all the best. We're probably not going to get along, but if you want to be world class, you want to be a part of a community that is giving back and making changes and actually having meaningful differences, then we're going to get along really well.

And so is the rest of the community with you. And we would welcome you into our world.

Now question number two, we got is in the real world, you can always refer back to modules books and resources So why are the exams made to confuse students and why are they so difficult?

Like you see in the real world, anyone else, like your boss, your client, the opposing party in a trial won't hesitate to Google your mistakes. There's no control F in a boardroom meeting. Exams are like sneak peeks into, that thrilling adventure where your knowledge needs to stand on its very own two feet.

So you don't have reference materials allowed either. Practice is difficult too, like being asked something in a zoom call in that conference, you have to give answers right away. You can't, prepare or look certain things up. You've got to make a good call at certain things.

Sometimes you're very sure. Sometimes you just have a certain feeling, but you're not too sure, but that's normal. I understand the frustration. I think there is a layer of frustration in that question. I fully get that. And I appreciate that frustration, for example, there may be questions that are not too clear, but again, not every question you might get in practice in a job is clear as well.

Someone from a business, from a client might come to you and ask something and you've got to reposition, reframe the question first to understand what's the real issue and then provide an answer to it. So that's something that in practice can happen too. And if you're still feeling, frustrated for sitting that exam, try to, change that energy into something, into a more positive energy, and say I'm going to make it.

I'm trying to find some motivation here. And there will be at least three or four difficult kind of questions, but I'm focusing on the other, questions that I'm going to be doing or answering. And I know that I'm going to succeed. So don't look at it from a negative experience.

I think no one at IAPP, at the exam as far as I can tell, and I would make that statement here, being fully conscious of my obligations is trying to confuse students on purpose. That's nothing they want to do, but if it was too easy, it wouldn't reflect practice, so it should have that level of ambiguity in certain questions and that is just normal. Welcome to practice, clients sometimes are getting confused as well, and you are the one, trying to solve that confusion and provide clarity. So that's just part of the job.

All right that's a great answer thank you. So folks, that's all we've got time for on today's episode. Make sure you tune in next week for another episode. Today, we had an amazing conversation with Christopher Schmidt. We covered all things AI, we covered generative AI, we talked about the future of emerging technologies, international data transfers, Chris gave you some of his top tips on what's really helped him to accelerate his career and do as well as he's doing.

And we've even covered some of the questions from the community there as well. Until next time, peace be with you. Chris, thank you so much for coming on the show.

Thanks Jamal for the invitation. Really appreciate it.

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released. Remember to join the Privacy Pros Academy Facebook group where we answer your questions. Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class Privacy Pro.

Please leave us a comment. a four or five star review. And if you'd like to appear on a future episode of our podcast, or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.Uk. Until next time, peace be with you.