European Data Protection Program - CIPP/E

James is a Director for the firm’s Governance, Risk & Compliance (GRC) practice. Well-versed in data privacy, litigation readiness, and information life cycle management disciplines, he ensures that clients maximize the value of their information assets by understanding and implementing the appropriate compliance controls relevant to their data ecosystem. He has more than 25 years of professional experience focused on information lifecycle management, data protection, and information governance, helping clients meet regulatory and compliance mandates such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). In addition to leading privacy and client engagements, James is also a recognized leader and speaker within the Privacy and Information Governance disciplines themselves, having spoken on a variety of topics related to privacy, information governance, data discovery, information lifecycle management, and Infonomics at conferences and industry events.

Karen has a broad background in managing businesses that provide governance, risk management and compliance (GRC) services. With nearly 30 years of experience, she builds and manages organizations that provide data protection (privacy and cybersecurity compliance), digital forensics, cyber investigations, and data breach notifications, as well as having focused those teams and her career on providing subject matter expertise across the GRC spectrum.

As founder of one of the first digital forensics consulting firms in the 90’s, she quickly became a thought leader in the areas of e-discovery and digital forensics and focused on intellectual property, securities and insider trading investigations. Over the years she has authored wide-ranging information governance, data protection and e-discovery books and articles and has provided expert testimony for several high stake’s litigations, among being named an expert in more than 100 cases.

  Prior to BDO, she held senior level positions in the above specialties and worked as a Senior Forensic Examiner for the United States Securities & Exchange Commission. She has also held board positions with industry associations and information governance companies in the past.   Karen currently serves as the Data Protection Officer (DPO) for Fortune 50 and Fortune 1000 companies across several industries. In her capacity she has worked with Data Protection Authorities, Supervisory Authorities and Data Subjects on EU Global Data Protection Regulation (GDPR) obligations. As well she regularly reviews and evaluates privacy operations, individual rights management capabilities, and data governance requirements. And, finally, she works with her privacy clients to ensure global compliance and to assist them with establishing privacy and governance operations.

Jibran is a data privacy and cybersecurity professional with multiple years of experience supporting and leading cybersecurity and data privacy engagements. Previously, he worked in privacy roles for the Department of Veterans Affairs, the Centers for Medicare and Medicaid Services (CMS), and the Department of Homeland Security, Federal Emergency Management Agency. Jibran has also worked in data privacy & cybersecurity roles for private sector clients across several industries including higher education and technology.

Jibran has experience conducting data privacy risk assessments in the federal government and commercial space to ensure compliance with NIST, E-Government Act, Privacy Act, HIPAA, GDPR, and the CCPA. Specifically, he has experience in developing and delivering data privacy training, creating data privacy programs, conducting data management assessments, GDPR & CCPA readiness assessments.

In addition, Jibran also has experience with conducting HITRUST readiness assessments, PCI-DSS assessments, IT risk assessments, and developing cyber table-top exercises. Jibran is currently a Senior Associate with the firm’s Governance, Risk & Compliance services team.