Q&A: Talking compliance with Aurelie Stutz, Head of Data Protection at Royal Mencap Society
Mon 10 Feb 2020 | Aurelie Stutz

What does a positive security culture mean to you?
That the rules have been made so clear to your staff, and so easy to follow, integrated with their operations, that it’s not daunting to actually comply with them. That staff are not scared to come forward to say ‘this isn’t clear’ or ‘I’ve made a mistake’ because that’s how we can improve processes, communications and training materials. That everybody comes together to help each other understand how things work.
What is one security myth that frustrates you?
That data protection is hard, complicated and boring. It all depends on how you explain it, it doesn’t have to be dry. Mostly, if you stick to the principles, integrate them to your organisation and keep communicating about them and be accountable for respecting them, it becomes business as usual quite quickly. At Mencap we even had staff coming to the Data Protection team asking for reading material to learn further, and asking to volunteer — that’s how easy you can make it accessible and fun.
What was your earliest ambition?
As a child, I wanted to be a snail farmer. I’ve also always had a strong sense of right and wrong and so I’ve also always wanted to make sure others follow the rules. I was a weird child.
What is your current ambition?
Ensuring people understand that the rules they have to follow at work also have to be followed by other organisations, and so people develop their own sense of advocacy regarding the use of their own data, to not be scared of complaining, because that’s how organisation learn and change their mindsets.
What is one the biggest challenge facing cloud & cyber security professionals today?
Of course threats are evolving faster and faster and so you’ll always have to find solutions quickly to keep the data secure. I think in the future, data and regulations around data could be used politically as it represents an increasingly important part of economies and becomes an asset like any other. Furthermore, people are increasingly aware of the value attached to their data and they are themselves technology literate, it will not be daunting to advocate for themselves and make themselves heard.
What excites you most about the future of the industry?
More and more countries are developing their own privacy regulations, I’m excited to see how it all works together, or not, at the end, and how it evolves, and what I’ll have to learn to remain proficient. As mentioned before, data citizenship and self advocacy, and realizing that one’s data has value, I can’t wait to see how it plays out.