An expert in Privacy and Data Protection who uniquely combines this with knowledge and experience in business strategy, policy and press management.
At the Privacy Practice James provides consultancy services in Data Protection and Privacy. A leading thinker in the policy debates in this vital arena, he is regularly invited to address conferences in the UK and internationally. He specialises in making compliance part of business operations, not a legal tick box exercise. He writes the Privacy Practice Blog shining light onto current issues in Privacy.
For over 10 years James lead the BBC’s Information Policy and Compliance Department, in the BBC’s Legal section. There he oversaw the operation of the Corporation’s systems for compliance with the Data Protection and Freedom of Information Acts. Before he left the BBC he led the development of privacy and data governance for myBBC as it developed its big data capability. Additionally he provided expert advice on media and privacy and lobbying on the proposed EU GDPR.
Before that he had a wide variety of management roles including overseeing projects to ensure the BBC’s impartiality during elections and the introduction of staff multi-skilling in areas of BBC News. Before joining the legal section he was a programme maker and spent much of his time in political journalism. He edited many of the BBC’s Political and Parliamentary programmes including Today/Yesterday in Parliament, The Week in Westminster, Westminster Live, and the documentary series Scrutiny.
He was one of the first staff members to be invited to take part in the BBC’s MBA programme. He is a former Chairman of the Strategic Planning Society, and is a member of BAFTA and the Royal Television Society. He is on the editorial board of Data Protection Law & Policy.
November 4th, 2019 | 44 mins 2 secs
What are the building blocks of good data protection governance? In this broad-ranging discussion, we talk to James Leaton Gray about his assessment of current data protection in the UK, what it takes to run a good data protection regime, different target operating models, how different parts of the business need to work together, the evolving role of the DPO, privacy and privsec, common mistakes and – critically – how move the data protection regime up the value chain. Plus the opportunities open to organisations that manage to establish a relationship of trust with their data subjects.