The 13 Top Data Privacy Consultants | Enzuzo

Enzuzo's roundup of leading privacy consultants worldwide have years of experience building, implementing, and managing data privacy compliance programs both with in-house teams and as part of boutique consulting firms. From startups to scaleups, these consultants have worked with clients in fintech, healthcare, SaaS, ecommerce, and other highly-regulated environments. 

Here's our list, based in no particular order:

Nicole Lapierre

Nicole is a Principal at BDEmerson and a distinguished attorney specializing in Data Privacy and Cybersecurity.

With over two decades of dedicated service, Nicole is a Certified Information Privacy Professional (CIPP) for both the EU and US, and has the Artificial Intelligence Governance Professional (AIGP) credential. She has been an instrumental figure for the International Association of Privacy Professionals (IAPP), having been involved since its early days. 

With a rich foundation in privacy law, Nicole excels in delivering insightful and informed counsel across a broad spectrum of privacy and data breach notification statutes, including GDPR, GLBA, HIPAA, FACT Act red flags rule, FERPA, CCPA and CPRA, alongside adept management of data breach responses. Operating as a virtual Data Privacy Officer (vDPO), Nicole provides practical guidance on intricate matters, with a keen focus on fostering strategies that champion transparency, reporting, and vigilant oversight.

Cat Coode

Cat Coode founded Binary Tattoo, a cybersecurity and professional services consultancy that supports businesses with closing the gap between current digital operations and international privacy regulations. She attended the University of Waterloo and received a degree in Engineering in 2001. Coode is a committee member with the Standards Council of Canada (SCC), a regulatory body that oversees privacy concerns and creates compliance guidance to assist commercial entities with complying with CAC operating in or with Canadian citizens. 

She is also an advisory board chair with the Canadian Women in Cybersecurity Conference. Along with managing Binary Tattoo, Cat Coode is a senior manager privacy subject matter expert with KPMG Canada consulting with clients to perform privacy compliance audits. In particular, the role requires conducting cyber security gap assessments and overseeing global privacy regulation compliance to ensure companies adhere to international privacy laws and are current on the latest regulatory requirements. 

Sharon Bauer

Sharon Bauer founded Bamboo Data Consulting, a Toronto-headquartered data privacy and security consultancy. She is an alum of Huron University, where she received her BA in Philosophy before continuing at the University of Amsterdam and the University of Windsor to pursue a law degree. Sharon Bauer’s career began as a litigation attorney representing insurance clients. This was a natural segue for privacy since insurance firms handle sensitive information that is regulated by strict privacy and security government regulations.

Previous positions such as serving as the Senior Manager in Digital Privacy and Information Management at KPMG Canada, helped to hone her expertise in the field. Through Bamboo Data Consulting, Bauer helps startups and multinational corporations identify privacy risks and assists with international privacy regulatory compliance. Often, this includes crafting customized privacy solutions that meet regulatory demands. 

Vanessa Henri

Vanessa Henry is a cybersecurity and data governance lawyer and co-founder of Henri & Wolf. The firm is a consultancy that supports businesses with assessing potential data compliance and privacy legal risks and developing strategies to boost compliance. In particular, Henri’s role includes negotiating business relationship contracts that center around the sharing of technical information as well as ensuring that data governance such as data acquisition, management, analytics, and anonymization are managed while adhering to government regulations. 

Vanessa Henri is a member of the Quebec Bar Association, a Certified Data Protection Officer (CDPO), and a Senior Lead Implementor for ISO 27701 for privacy information management systems. Because of this, she is often tapped to assist organizations with drafting policies and procedures for data management and information systems and supporting clients with establishing risk management methodologies. Henri is a frequent speaker both at conferences and in podcasts, and also contributes expert insight for media outlets regarding privacy and data risk assessment and compliance. In 2020, she was also named one of the Top 20 Cybersecurity Women in Canada. 

Imran Ahmed

Imran Ahmed is a partner at Norton Rose Fulbright (Canada) LLP, leading the technology practice. He also co-chairs the practice's Data Protection, Privacy, and Cybersecurity arm. His role requires Ahmed to work closely with clients to review their current privacy and data compliance activities and flag activities that increase the risk of noncompliance. 

Additionally, he works with clients to develop strategies to meet regulatory requirements, and create data breach incident preparedness plans to guard against crises. His specialties also include acting as “breach counsel” during a data privacy emergency response and often representing clients when an investigation or litigation is triggered due to a data emergency event. 

In 2017, Imran Ahmed authored Canada’s first legal incident preparation and response handbook, titled "Cybersecurity in Canada: A Guide to Best Practices, Planning and Management". Along with data regulation compliance, Ahmed splits his time at Norton Rose Fulbright LLP assisting clients with licensing, outsourcing and service provider coordination. The firm’s focus is consistently targeted on commercial regulatory concerns centred around conducting business over the internet, specifically in cloud and digital environments. 

Siobhan Solberg

Siobhan Solberg is a data privacy consultant based in Europe with a background in data and marketing. Her consultancy assists companies with learning how to maximize business goals while maintaining compliance with government regulations. She boasts over a decade of experience in the industry and formerly held the position of CMO, helping an e-commerce firm boost customer acquisitions while maintaining compliance. 

Because of her experiences, she works now as a consultant to help businesses navigate complex regulatory guidelines without sacrificing revenue and customer acquisition goals. Additionally, she is often tapped to speak at conferences, workshops or on podcasts to highlight how measurement, marketing, data, and privacy intersect. While she champions the business to meet goals and deliver results, Solberg is also known for her honesty regarding how businesses can drop the ball and unnecessarily increase their data risk exposure. 

Odia Kagan

Odia Kagan is a partner at Fox Rothschild, LLP in Philadelphia where she also serves as the chair of GDPR compliance and international privacy. She advises clients on compliance protocols specifically with privacy and data security regulations. In particular, Kagan has a deep background in EU privacy law and has an extensive history with supporting US-based companies with navigating complex privacy laws such as GDPR. 

Her focus also includes closely monitoring changes in privacy laws so that she can assist clients with maintaining compliance. Odia Kagan is certified to practice law in not just Pennsylvania, but also in the State of New York and Israel. She also holds an inactive status as a Foreign Legal Consultant in Delaware, a solicitor in England and Wales, and a legal practitioner in New South Wales, Australia. Kagan’s certifications include: 

• Certified Data Protection Officer by the PEBC
• Certified Information Privacy Manager (CIPM)
• Certified Information Privacy Professional in the laws of the US Private Sector (CIPP/US) as well as in the European Union (CIPP/E)
• Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP)

Jodi Daniels

Jodi Daniels is a practical privacy advisor and the founder and CEO of Red Clover Advisors. She holds a CIPP/US certification and has more than 25 years of experience assisting businesses of varying sizes with navigating privacy compliance in a manner that still supports marketing, strategy, and financial goals. Before launching her practice, Daniels held several prestigious positions starting with Cox Enterprises before continuing with firms such as Deloitte, The Home Depot, and Bank of America where she most recently held a position as the privacy partner for digital banking and digital marketing. 

Jodi received a Bachelor of Business Administration with a concentration in Accounting from the Goizueta Business School at Emory University in Atlanta. She then continued at the institution to earn her Masters of Business Administration. She launched Red Clover Advisors in 2017 and has assisted hundreds of companies in creating privacy strategies to support business ventures. She specifically focuses on GDPR, CCPA, and other US privacy law compliance. Daniels is also frequently tapped to discuss privacy law compliance at industry events.

Jodi is also the co-author of WSJ-bestseller 'Building Trust One Byte at a Time', which explains how an organization's commitment to privacy and security best practices can foster lasting relationships with its audience.  

Debbie Reynolds

Referred to as “the Data Diva”, Debbie Reynolds is a global data privacy and protection expert and strategist. She is the founder of Debbie Reynolds Consulting LLC and is considered one of the leading voices in the industry for prioritizing data privacy and emerging technology. In particular, she focuses on the intersection of these topics with industries most likely to be impacted by them — AI, IoT, AdTech, FinTech, BioMetrics, Smart Manufacturing, and mobile app development to name a few. 

Reynolds’ extensive expertise is further underscored by notable achievements such as being appointed to the IoT Advisory Board in 2022 by the U.S. Department of Commerce. After graduating from Loyola University with a Bachelor of Arts in Philosophy, she had an extensive career in data and compliance, holding roles such as a data privacy officer at Eimer Stahl LLP, Litigation Support Technology Manager at WilmerHale, and even global manager for special projects groups at Orrick, Herrington & Sutcliffe LLP. 

Other relevant affiliations and certifications include: 

• IEEE Committee Chair for Cyber Security for Next Generation Connectivity Systems at IEEE for Human Control & Flow in 2022
• Top Ten Global Data Privacy Experts by Martechvibe in 2022
• Top 30 CyberRisk Communicators by The European Risk Policy Institute in 2023
• Expert Evaluator - AR VR XR Spatial Computing Privacy Framework Evaluation Committee for XRSI
• Technology & Cybersecurity Committee Member of the New York State Bar Association
• Top 20 Women in Legal Tech by the American Bar Association in 2023
• Top 30 Security Experts to Follow in 2023
• Top 40 Data Privacy Pioneers in 2023

Thorsten Wälde

Thorsten Wälde is the founder of Digimojo and a cyber security consultant who assists primarily small to medium enterprises (SMEs) with data risk assessments and creating customized data privacy solutions that maintain regulatory compliance while integrating seamlessly into a client’s overarching business goals. 

In particular, Wälde serves as an external data protection officer who conducts thorough cybersecurity checks and provides software-as-a-service (SaaS) solutions to support data privacy management and secure whistleblower systems that support full transparency for corporations. This is underscored by Walde’s companion consultancy, Cyrrus Cloud, which focuses exclusively on cloud solutions for SMEs. 

Stephane Hamel 

Stephane Hamel is a data privacy expert with a background in the industry that spans over three decades. During that time, he’s worked with a wide array of clients across North America and Europe, assisting them with overhauling digital analytics and marketing practices. Stephane Hamel is a Google Product Strategy Expert named one of the Most Influential Industry Contributors by the Digital Analytics Association. During his career, Hamel has spoken at over 150 industry events, further underscoring his reputation as an expert in the field. 

Previous roles included serving as the director of innovation at Cardinal Path, an influential digital analytics agency. Stephane Hamel also worked in coding and real-time database management during a stint at the Montreal Stock Exchange. These days, he also provides workshops and guest lectures at several organizations including the University of British Columbia, SimpliLearn, ULaval, Harvard, York University, and more. He also works as an advisor and investor for several private tech startups. 

Jeff Jockish

Jeff Jockish is a CIPP/US certified expert and data privacy researcher who also co-hosts YBYR — a weekly event that delves deeper into topics such as data ownership, privacy, and blockchain. He is a partner in Avantis Privacy, a PrivTech startup, and also founded PrivacyPlan, a data privacy SaaS solution provider and consultancy. The firm researches and creates data sets focused on data privacy to help businesses further understand privacy and data compliance challenges. 

In particular, his company works to create privacy breach assessments to accurately pinpoint which laws a client is breaching and areas that need to be improved—along with a road map to achieve those goals. Jockish previously served as the director of marketing at CSR Privacy Solutions. He holds a Bachelor of Science in Organizational Behavior Studies from Cornell University. 

Heidi Saas

Heidi Saas is a data privacy and technology attorney at H.T. Saas, LLC. She works as an advisor for businesses across industries to guide them on data privacy compliance and building an ethical approach to AI-integrated strategies. Saas is licensed to practice law in Connecticut, Maryland and New York state. 

Along with practicing law and serving as a compliance consultant, Heidi Saas also volunteers with several groups to champion the ethical usage of AI when crafting public policy. Since 2021 she has contributed to ForHumanity which included drafting algorithmic bias audit criteria for rules such as the New York City regulation Rule 144. Her work in this field has since expanded to include the CA Children’s Code, the EU Children’s Code for AI, the EU’s AI Act, the EU’s Digital Services Act (DSA) and the Digital Markets Act (DMA)