TDN: In our series with phenomenal experts in their fields, we talk today with Shernaz Jaehnel. Shernaz is an award-winning attorney, bestselling author, and a leading expert in data protection, compliance, and cybersecurity. With over 18 years of experience, she has worked with multinational companies and startups across various industries across the US and Europe, advising on complex legal and regulatory challenges. Shernaz is also the cofounder of DELTA Data Protection & Compliance Academy, an internationally recognized academy that trains and certifies Data Protection Officers (DPO/CIPP/CPM). Her bestselling book, Data Protection Professional’s Handbook, has established itself as a cornerstone for data protection professionals worldwide, providing them with the tools and knowledge to excel in their field. Today, we discuss Shernaz’s much-needed and valuable insights on privacy, AI, and compliance, as well as the exciting updates privacy experts can expect in the highly anticipated second edition of her handbook, that will include a new, large section on AI, set to release in March 2025.
TDN: Shernaz, as an award-winning attorney and a renowned expert in data protection, compliance, and cybersecurity, your second edition of the Data Protection Professional’s Handbook is currently in the making and expected to be published by mid to late March 2025. Could you share your thoughts on how privacy and AI are coming together these days and how they might evolve?
Shernaz Jaehnel: Thank you for having me. Privacy and AI are deeply interconnected, and this convergence has become increasingly critical. AI systems rely on vast datasets to function effectively, and many of these datasets include personal information. While AI holds immense potential to transform industries, it also introduces significant privacy risks. For example, machine learning models may unintentionally process sensitive data or lead to algorithmic biases. Professionals and companies in the field must ensure that the development and deployment of AI technologies adhere to robust data protection standards, such as the GDPR in the EU, or CCPA, CPRA in the US, or similar frameworks in other countries, such as Japan’s APPI in Asia or Türkiye’s KVKK.
TDN: In the upcoming second edition of your book, you have mentioned including an extensive section on AI and cybersecurity. Why was it important to emphasize these topics now?
Shernaz Jaehnel: The world is changing tremendously fast, and AI is at the heart of this transformation. AI-driven innovations bring with them unique compliance challenges, from securing algorithm transparency to mitigating data breaches in highly automated environments. Cybersecurity was already a significant part of the first edition, and now the second edition introduces AI to provide professionals and companies with practical guidance for understanding its benefits, mitigating risks, and tackling the new challenges AI brings to privacy. Cybersecurity, in particular, is the foundation of data protection. Without strong safeguards, the best privacy policies or AI regulations will fall short. The second edition of the Data Protection Professional’s Handbook aims to equip experts and professionals with actionable strategies to address these challenges effectively.
Every company needs a designated Privacy Manager! Learn more here: DELTA Academy & Consulting
TDN: What are some common misconceptions about AI compliance that you’d like to address in your upcoming book?
Shernaz Jaehnel: A major misconception is that compliance with AI regulations is purely a technical issue. While technical safeguards are essential, compliance also involves ethical considerations, governance structures, and cross-functional collaboration. Another misunderstanding is that AI systems can be completely unbiased. The reality is that bias mitigation is an ongoing process, requiring attentiveness, continuous testing, and diverse input during development. Lastly, some organizations think that compliance is only a legal obligation. In truth, it’s also a competitive advantage, as consumers and stakeholders are increasingly valuing companies that prioritize ethical AI and data protection.
TDN : For companies just beginning their AI journey, what are the first steps they should take to ensure compliance?
Shernaz Jaehnel: First, conduct a thorough data inventory to understand what data is being collected, processed, and stored. Next, establish a cross-functional team comprising legal, technical, and ethical experts to assess the potential risks of your AI projects. Developing a robust AI governance framework is also crucial and this should include policies for transparency, accountability, and regular audits. Finally, prioritize privacy by design and ensure cybersecurity measures are integrated from the outset. These steps are covered comprehensively in the second edition of my book.
TDN: Cybersecurity has been a growing concern across industries. How can organizations strengthen their defenses?
Shernaz Jaehnel: The first step is understanding that cybersecurity is not just an IT issue but an organizational priority. Implementing basic measures like encryption, multi-factor authentication, and employee training can make a big difference. Organizations should also adopt a proactive approach, conducting regular penetration testing and staying updated on emerging threats. Finally, fostering a culture of security awareness is key. These strategies are highlighted in the AI and cybersecurity section of my forthcoming second edition.
TDN: Your first edition has become a go-to resource for experts and professionals aiming to become Data Protection Officers. What advice would you give to someone aspiring to enter this field, especially in light of your second edition?
Shernaz Jaehnel: Anybody can enter this field. You don’t have to be a lawyer or an IT expert. It’s a so-called future job and definitely a great career choice. Start by building a strong foundation in privacy laws and regulations, such as GDPR, HIPAA, or CCPA. Certifications like DPO, CIPP, or CIPM are invaluable for gaining credibility and demonstrating expertise, as offered at the DELTA Academy. Beyond formal training, develop a mindset of continuous learning, as the field evolves continuously with advancements in technology and legislation globally. My upcoming second edition of the handbook explores these aspects and provides a roadmap for aspiring professionals. Lastly, remember that being a Data Protection Professional (DPO) or a Corporate Privacy Manager (CPM) is about more than compliance, it’s about being an advocate for privacy and trust within your organization.
TDN: Lastly, looking ahead, what trends in AI, privacy, and compliance do you foresee shaping the next decade?
Shernaz Jaehnel: I see a few key trends. First, there will be increased regulation of AI, including international frameworks to address cross-border data flows and ethical concerns. Second, privacy-enhancing technologies, like differential privacy, which protects personal data by adding small random changes so individual details remain hidden, and federated learning, a way to train AI systems on different devices without moving the actual data, will become mainstream. Finally, the integration of AI in compliance processes will streamline efforts, with tools designed to detect risks and enforce privacy policies automatically. As these trends unfold, the role of compliance professionals will expand, making it an exciting and impactful career path. The second edition of the Data Protection Professional’s Handbook discusses these trends and offers practical insights for them.
Every company needs a designated Privacy Manager! Learn more here: DELTA Academy & Consulting
TDN: Thank you, Shernaz, for sharing your valuable insights. Before we wrap up, could you tell us what readers can look forward to in the second edition of your book?
Shernaz Jaehnel: Absolutely. The second edition is not only an update but, as discussed with you, it includes a large section on AI in relation to privacy and compliance. This handbook also goes hand-in-hand with the certification courses at DELTA Academy, aimed at those pursuing careers as Data Protection Professionals or Corporate Privacy Managers. It offers practical tools, real-world case studies, and actionable strategies to help professionals excel in their roles. I’m confident it will be a valuable resource for anyone in this field.
TDN: Thank you, Shernaz. We look forward to the release of the 2nd edition of your book “Data Protection Professional’s Handbook” in March 2025. It’s been a pleasure speaking with you.
Shernaz Jaehnel: Thank you so much. It’s been a pleasure discussing these important topics with you, and I’m excited to share the second edition soon.
For more about Shernaz Jaehnel and her work, including the Academy and the currently available Data Protection Professional’s Handbook, visit academy.delta-datenschutz.de, LinkedIn, and Amazon.
DELTA Data Protection & Compliance, Inc. Academy & Consulting – The DELTA NEWS