Click for Full Transcript

Intro 0:01

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels 0:22

Hi, Jodi Daniels here I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional, providing practical privacy advice to overwhelmed companies.

Justin Daniels 0:36

Hello, Justin Daniels here I am a corporate M&A and tech transaction partner at the law firm Baker Donelson. I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

Jodi Daniels 1:00

And this episode is brought to you by seeing red clover advisors, we really should get a symbol to do the things. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, ecommerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers to learn more, and check out our book, Data Reimagined: Building Trust One Byte at a Time, visit

Justin Daniels 1:39

I see today you are really outfitted in the Red Clover gear.

Jodi Daniels 1:43

And you are orange like the sun. You match my post-it note actually, on my desk. I do. I think that’s kind of humorous.

Justin Daniels 1:51

You know, it’s funny last year at this time, I think was the whole time when we were going through trying to figure out the cover of the book.

Jodi Daniels 1:57

Oh, exciting. We have a beautiful cover of our book. So everyone listening, if you haven’t gotten our book, you you should you are missing out. And it’s often on Kindle for the bargain price of the dollar. I don’t know how Kindle decides that. But you should get it because it’s like 99 cents, or contact us and we’ll send you one beautiful hardcover. It’s lovely. But we aren’t going to tell you the cover of the book because you’re gonna have to go find it yourself.

Justin Daniels 2:23

Okay, let’s introduce today’s guest, which I guess I’m introducing.

Jodi Daniels 2:28

That’s your Yeah, everyone has a job here.

Justin Daniels 2:31

So today we have Julian Llorente who is leading product management privacy development and is co-head of Tealium’s compliance program and experience data scientist and expert in the realm of data privacy, Julian dives deeply into technical challenges while also constantly assessing privacy concerns. Prior to joining Tealium, he was a data scientist at zeroG and worked in digital analytics and online sales at Lufthansa.

Jodi Daniels 3:02

Well welcome, Julian. Hello, and thanks for having me. Absolutely. Well, we always start these conversations by people explaining their journey. So how did we go from airlines to the online data universe?

Julian Llorente Perdigones 3:19

That’s actually a really good question. So my whole journey actually started. Generally speaking, just within data, I was always curious to work with data, figuring out new tack and always had kind of like a hack for it. It was a bit something that I did early in the days and invested in data bachelor degrees in it. And fast forward when I got signed by companies to work for them. Slowly but surely, I started to be a bit scary around data, because I was asking myself, What are we able to do? And where does it stop? Where are limitations? What two rules regulations say? And that’s where I naturally just kind of came into the world of data privacy. And right before GDPR hit 2018 to a year before that. I started to read about it. And I started to feel that fear was not something that I was only sharing myself, but everybody else was starting to ask the same questions around Are we still able to do what we’re doing? Should we be doing it? Are we prepared for these laws? And that’s what I quickly realized. I just need to take what I know about data and combine that thinking with the data privacy world. And that’s what I did way back then, when lawyers were still trying to figure out contractual stuff and requirements and trying to translate it into technical requirements. I was perceived way back then, as the legal translator. That was not an official job title, but that’s what naturally happened, because that could speak for both worlds. And that just naturally happened. So everything around data, being a data scientist creating models, working with reports and all that that beautifully just merged into and morphed into what we know, know, as a data privacy expert, or whatever you want to name it. So that’s how it actually naturally happened along the years that I grew into that role that I’m in right now.

Jodi Daniels 5:14

We talk to a lot of people who need legal translators, that’s a very important role — that we need legal translators.

Justin Daniels 5:29

It’s funny you say that, because where I find the most relevant analogy is when I’ve been involved in a data breach, and you talk to the forensic team, and you have to translate what they say, into business speak. So that is probably, in my day to day the most relevant place. But I guess what she’s trying to tell our audiences from my largest pro bono clients perspective, she doesn’t always think I do the best job of translating things, the way that a business woman would best

Jodi Daniels 5:59

understand that’s not true at all, I was really highlighting the need. And actually just in your example, is true, where people who are specialists in their area get so knee deep, that when you try and explain it to someone else who is not in that role, that idea of a translator, or gaining the skills to be able to explain it to someone else who isn’t always familiar, is is good. One of the most popular webinars I ever did was explained it explained GDPR, like I’m five, it makes a lot of sense.

Julian Llorente Perdigones 6:33

That I still do it, honestly. And this is something that is a never ending story. You have so many different people with so many different backgrounds and expertise, that nowadays that you have to cross that bridge every single day between people too deep into technology, people too deep into data, too deep into the initiatives and projects that you need to actually get them out of, and just try to explain it in a simpler form, or try to break it down for people because that is one of the most important factors I think personally, because clarity really kind of speaks for itself makes it all makes complex topics really digestible by the end of the day. And that’s what we do, you can have it in data security and data privacy, legal, contractual stuff, there’s always a way to say to be easier. That’s just my personal belief in if

Jodi Daniels 7:24

that makes a lot of sense. So speaking of making things easy, a very popular buzzword is CDP. And what I want to do here is dive into what is a CDP. So I’m gonna let you define the Superfund buzzword. And a little bit about, you know, the capabilities and services and features that are going to define what a CDP is, because maybe some of those have just decided to take the cool buzzword and stamp it on there.

Julian Llorente Perdigones 7:54

Absolutely, I can actually tie it back a little bit, even to the my background story to because before a joint Tealium By the way, Tealium has also CDP, which is a customer data platform, we’ll get into that too. I was on the customer side. So I was taking care of implementing technology and the MAR tech stack. And in the early days, I didn’t even know myself with a customer data platform is we all started way back with tag managers. This is what mostly everybody’s familiar with. Tag managers help you to actually just implement some JavaScript snippets into your website and manage data streams, you could say, from your website, or your platform to a third party may be met a Google Analytics, whatever you want to actually implement. So this is the doors that you’re creating in your website. And way back, when we had that implemented, we quickly we realized that we need a different type of solution that allows us to manage, orchestrate, and handle the data ourselves. We didn’t want just to implement doors into our website and mobile applications. We want it to orchestrate and own the data ourselves. So that was the early beginning of first-party data, as we know nowadays, that you own as your company and as your business. And they can manage and orchestrate. And fast forward to where we are now customer data platforms. In simple terms, what they allow you to do, this is just software packages that you can buy that allow you to create a single customer profile that you can activate with whomever you want to. Easy as that. That’s the simple terms what a CDP does. You throw data at it, it allows you to stitch it together, create a profile and have seamless integrations with whatever third party you want to throw that data at may be your internal stack or third parties, such as Google Analytics or whatever you actually want to use. And that’s what it does and what it allows you to do. So in that journey that we went through from client side to server side and where we are now CDP’s are just the glue that allows you to Stitch all of that together and really activate your own data.

Jodi Daniels 10:04

As a good explanation, we’re gonna dive a little bit deeper. So

Justin Daniels 10:09

what should a company be looking for when evaluating a CDP?

Julian Llorente Perdigones 10:14

Right? Really good question. So it says a lot. Funny enough, if you take exactly the same question and just Google it, you will get 100 entries, with nearly all the same breakdown. The typical breakdown that you have for customer data platforms that I’m used to as well, is just to have the right stakeholders in place to have buy in from the C-suite most of the time, so your CMOs, or your COs, sometimes they have a buy in. But I take it a slightly different angle. From my experience, where it starts really, is you have to assess your own digital maturity. As a business, you have to be able to take a deeper look into, are we even ready to embark on that journey, I will ready to invest into a piece of tech that allows me to bring all of that together so that I can activate and orchestrate the data, that I have the right people, which is the challenge that I see most of the time as well, with the right experience and knowledge that can even manage and really own the implementation of a customer data platform. These two are the ones that really start with in connection with connecting with legal security and privacy teams early on, as there is a huge benefit in investing in CDP’s, that I’m sure we’ll get into a minute. But as well as challenges is how you are able to manage and orchestrate concerns and how to implement it that you need to get into early on as these challenges will catch you by surprise. So along the way.

Jodi Daniels 11:47

While there’s a lot of challenges that we could talk about, and we want to zero in on the privacy piece. So a company first is trying to figure out its tangle of data and how to make sense of it and how to maximize it. And at the same time it’s having to deal with, we’re kind of going into a patchwork quilt in the US of privacy laws. And then when you layer on globally, some of them overlap, some of them don’t. In our pre show we were discussing Germany and compared to other countries. So can you help us understand where does a CDP fit and help a company comply with these different privacy laws. And maybe not even just privacy laws. But just if I’m a company, and I’m thinking about I have all this data, I want to make sure that I can maximize it? Well, I also want to make sure I’m doing that really in a privacy compliant way. So if you can walk us through how a CDP might be able to help us do that, that would be really helpful.

Julian Llorente Perdigones 12:48

Absolutely. So first of all, is CDP provides tremendous benefit to any business. In the privacy world. It is specifically just around and out there many different names, I’ve given it over the years, but I still call it the golden profile, you could say, because nowadays, we interact with the brand, a business, a company in many different ways in many different channels. You might have a mobile phone, you might have multiple mobile phones, you might have multiple desktop devices, iPads, tablets, you name it. And all of these allow us to not only interact with the platform, but also interact with different privacy settings, maybe on my iPad, I can, for example, in the GDPR world opt out of specific processing activities on my desktop, I’m fine, then I have a login event. And all of that needs to be brought together. Because by the end of the day, as a user, I just want the brands and business to respect my preferences. I don’t care how it technically works. But there is a certain expectation with it. So from the regulatory side, as well as from the user expectation, there is a need to bring all of these preferences settings and all that beautiful data together into a single profile. As I said in the beginning, and CDP does exactly that. Way back, it was done for marketing purposes. But there is magically now the need as well for data privacy requirements to fulfill that. So the CDP, and it by itself allows you to bring all of that data magically together, stitch it into a profile and have it ready for activation so that you can respect the user preferences in regards of a marketing opt out of marketing opt in, you name it. So that’s first of all the big benefit that the CDP provides. And dutifully if you have the right CDP allow us to do that in real time as well. Now, with the patchwork approach that we have, not only within the US it’s a global topic now as well that you have too many regulations with too many different details in it, that it’s still impossible to really first of all keep up with but on top of that, just try to be compliant with it with all the changes in the nuance differences. So why I recommend and what we do at Tealium, as well as we take the blueprint approach, the blueprint approaches, we take GDPR as the blueprint and compare it to other regulations and see how it deviates from it. And that’s how we actually apply this data strategy to it. So there might be, for example, a region that it’s not protected by specific law or is not on the same level as GDPR. But we try to actually give the same benefits of the same users. This is something that we do as a strategy. That’s not the only one out there. Because you can also go even more granular, more detailed in it, and separate with the help of a CDP regions by profile, so you could say. So if you have different regions, such as us, you could take the USA as a whole and say, Okay, we have applied the same approach the same framework, or try to split and separate it into two restrictions, because that’s the approach that you want to take, the CDP allows you to actually manage data in that granular way, that you can orchestrate it in different profiles, you could say, in different accounts, depending on the jurisdiction that you want to comply with. Both of them work, it just depends on the size of your company, the manpower that you have in the background, that you can actually really facilitate these activities and strategies. But both of it work, my personal recommendation, being a user myself, is give everybody the same rights and try to uphold the same rights regardless if it’s required a lot, which is a good strategy to create trust by that another day.

Jodi Daniels 16:29

So that approach would give us in Georgia who have no rights, we would have special rights. And there’s a few companies who do that, for sure. Julian, one of the questions I want to ask is, do you see there’s a significant amount of data that companies collect, that they could purchase that they could infer, and given the changes and the fast pace of more privacy laws coming into effect and then existing ones being enforced, what kind of change or strategies have you seen or maybe best practices in terms of the kinds of data that people are putting into a CDP?

Julian Llorente Perdigones 17:15

Yes, That change quite a lot. It’s really good question, because we came from the tile where was it was not freely available, but we had to pay for it or track it in that regard. But the thought process of using data was just generally around using more and throw more data at my databases and profiles that I can actually orchestrate it more. And that changed tremendously now. So the data strategies that we see nowadays, and regarding just kind of hooking up data sources into CDP is that there needs to be a proper assessment and evaluation of do we have, first of all, and I’ll not deep dive too much into it. But how clean and how good is the quality of my data is huge impact of that? I’ll skip it from the edges that could talk about for hours about that. But once I’ve checked that it’s the legal capacities or the compliance piece of it. Do I have a record of content if it’s required in the data itself and the data source? Is it enough to be able to actually connect it to the profiles that exist? So am I enriching data with a history, such as a CRM, data of a customer relationship management data that I have that I can just hook up into? Are there any contractual details that I need to be evaluating in the data? So there’s a lot of evaluation steps need to be taken, and assessments that we see also, as part of our customer experiences that we have? Or maybe that I’ve done it myself? These reviews and assessments are unnecessary, unnecessary? Well, you could say that you have to deep dive really into before just blindly hooking it up to your platform, because technology will always allow you to do that. But the big question is, are you allowed to really go that path or not? So that’s definitely a change that we’ve seen in the strategies and the approach and experiences in hooking up new data sources into CDP’s.

Jodi Daniels 19:10

Appreciate you sharing that perspective, very helpful. Thank you.

Justin Daniels 19:15

So how can companies use CDP’s and also comply with privacy obligations? Like some CDP’s need to integrate with other privacy technology tools, while some might have them built in already?

Julian Llorente Perdigones 19:29

Absolutely. So in the privacy world we’ve seen now we have a variety of tech providers that have different benefits, but the big ones that we have, are to name a DSR so the data subject request or data subject deletion platforms that allow me to fulfill those data subject rights. These are mainly within GDPR as well. There’s other regulations as well that we have in California and CPRA. So just generally, as a user, I’m allowed to request my personal data or requested deletion of search, if I have the legal rights to. So there are platforms out there that allow you to do that similar tool to other platforms that allow you to manage contractual details that you have with your vendors and all that beautiful technology that is out there that help your program and the privacy program to mature. Now, the CDP. And it by itself, as I mentioned before, contains the single profile about you users with all the beautiful data in it. So if you think about this privacy technologies that are out there to facilitate data subject rights, you want to be able to hook these up together to create an integration. And CDP’s allow you to do that. So CDP is in general cannot speak for all of them. But most of them as well as Tealium. CDP allows you to integrate into either these data sources to obtain the data or to fulfill these rights by either deleting data or giving you a subset of the data to share it. So these integrations work both ways, either in the activation or in the data source is where you want to actually integrate more information that might be required for the use cases. So that’s tremendously important nowadays, as if you are not able to connect your technology stack together, you’re creating silos. And I have to say it, nobody wants silos anymore, because they just create problems for a whole lot of reasons. So CDP’s, good CDP’s should actually allow you to break the silos down and not create new ones. So yeah, absolutely. These integrations need to be established, these integrations exist. And a good CDP will always allow you to hook up into not necessary or not optional, but necessary technology that you have to invest to, to make your life a bit easier by the end of the day, not to create too much work effort.

Jodi Daniels 21:54

I’m curious what you see or what you hear from customers, because one of the areas you mentioned is consent. And so are you finding companies using consent management tools, and then connecting that to a CDP or CDP is now trying to build the consent tools directly into them?

Julian Llorente Perdigones 22:12

Yes. So early in the journey of GDPR, a whole lot of CDP providers started to invest into their own content management platforms or cookie management platforms, to Liam also has one and had invested in one. So we had the one still have the opportunity to actually create your own. And this is something that slowly went down. So we tell him truly believe that a CDP needs to be a neutral. So you should be able to integrate with whatever CMP technologies out there, whatever content management platform you prefer, you are able to really connect it integrate with it. And that’s what created a content management marketplace, as we call it. Um, so we until and truly believe neutrality wins. And we’re here to do what we’re best at. And if there are other technology, that it’s better to certain capability, then we’ll integrate and partner with them. But on top of that, there are also other CDP providers, so similar to it, and they also have their own. But the CMP business as soon was so focused on providing the right designs or the right language and language, inflation systems and all that, that it’s in it by itself, its own category. So we tend to believe you need to integrate. It’s definitely a piece of tech, that every business has some sort of color. And we also have for ourselves something that we call the editor. So if there are companies out there that have the capabilities and the team to build their own solution, we provide them an editor so that they can build their own CMP. base in our platform, so that they can integrate with. But yeah, absolutely. That’s definitely an important piece of it.

Jodi Daniels 23:56

I think one of the things you just also highlighted is imagine you have a variety of new data that you’re going to add to CDP that strategy needs to be to ensure that that also gets added as, as appropriate, or applicable to any of the other privacy technology tools. So it’s going to be really important to have the marketing data and privacy teams really working together from the technology, but then the inputs into the technology too.

Julian Llorente Perdigones 24:26

Oh, yes, absolutely. Thanks for bringing that up. That’s definitely a really valuable point. Absolutely. I mean, if you scale it, with businesses that are operating globally, they have multiple teams and multiple regions that are all working with some sort of their own tech stack. And then CDP most of the time brings all of that together, where they have their in their region, their own content management platform and their region, their own newsletter ingenia, whatever they might have. And the CDP pulls all of that together so that every region can actually use and leverage the same data So that’s definitely something that needs to happen is the communication between those teams and the orchestration of okay, what strategy I would take in not only the question of is it compliant, but should we do it is like there’s a lot to it that needs to happen on the communication level? Absolutely.

Justin Daniels 25:16

What is the biggest mistake you see companies make when working with a CDP?

Julian Llorente Perdigones 25:21

Really good question. The biggest mistake that I see is, this is an example that I use, quite frankly, is the by Ferrari, but they don’t know how to drive it. So they just keep it in their garage and just take a look at it, how beautiful it is. And then they ask themselves a couple of months later, what’s the ROI on it, and now they want to have use cases magically popping up out of nowhere. Um, so that’s something that I regularly see that? Well, a lot of companies out there, a lot of brands buy it just because they need or they think they need it and want it, but they don’t prepare to it is this app before thinking about your digital maturity, if you’re ready, and thinking about the stakeholders that you need to address, and really what teams you have, and what expertise you have in house, or if you have to buy expertise externally? These are the fundamental first steps. If you’re not able to answer those questions, you shouldn’t buy it, because you will just have it in your tech stack and not use it. So this is definitely a big one that I see that they’re simply not prepared for it, and thought otherwise. So a big mistake that I see. More business do than they should be.

Jodi Daniels 26:31

It’s easy to buy software. I’ve seen many, many, many companies buy software, and they never use it. And you know, whose fault it always is. It is always the software company’s fault. Never

Julian Llorente Perdigones 26:41

always back. I mean, we didn’t explain it right.

Jodi Daniels 26:45

Yeah, but it’s promised it was going to be easy, and it’s not.

Julian Llorente Perdigones 26:49

Yup. I see that happening all the time. So yeah, it’s definitely a big one. When you it’s a split approach to it, we probably could have done a better job explaining it. But at the same time, it’s like these questions every business should ask themselves, like not just blindly by tech.

Jodi Daniels 27:07

Given how much do you know about data privacy? We always like to ask every guest, what is your best privacy tip? And sometimes people answer this personally like that you would give to friends at a cocktail party, or sometimes people answer it company wide, you get to decide,

Julian Llorente Perdigones 27:25

Yeah, I’ve shared both sides that I will cover. So on the personal level is, stay and be curious. There’s so much happening all around us. So much technology being released. From so many new platforms that have the day to day user is not able to keep up with at least a little bit of it, you will not be able to keep up with your own privacy rights. Because privacy rights are giving you the opportunity to manage your own settings, your own preferences, your own interactions and content managers. So staying curious on your private life and open to what’s happening around you is definitely one that I tell my friends every single day. And in my professional life, and my expertise is focused on communication, never stopped communicating and connecting with every single team that is related to every single piece of data that you need to get to know each other you need to get to know the roles you need to get to do to know what they do in order to become really privacy driven. Because knowledge is key, if we don’t know if we’re compliant, we’re not. So communication is key to success in that space.

Justin Daniels 28:34

Excellent tips. So, when you are not talking all things, privacy, CDP and like and the like, what do you like to do for fun in your area of the world?

Julian Llorente Perdigones 28:47

Good question is spent a whole lot of time actually in the, in the privacy world and tech and all that, if not, my spent most of the time actually the reading, hanging out with friends. For those people that actually watching this recording can see a Han Solo over there. So I’m really deep into sci fi, fantasy, everything around it. And actually play games. I love to play PlayStation ever since I was, I don’t know, 11, 12 years old. So that’s how I spent most of my time, I would say something like traveling, but that’s too basic and standard nowadays. But I love to see new places. So that’s definitely what is well.

Jodi Daniels 29:24

Well, we’re so grateful that you came today to share more about the world of CDP’s and Tealium. Where can people connect with you and learn more?

Julian Llorente Perdigones 29:33

LinkedIn and LinkedIn only don’t have WhatsApp, anything else Instagram. I don’t exist on these platforms. But LinkedIn, I’m all in so connect with me pay me a message more than happy to discuss everything around privacy.

Jodi Daniels 29:47

Wonderful. Well, thank you again. We really appreciate it and we know our listeners will as well.

Julian Llorente Perdigones 29:52

Thanks for having me. Thank you.

Outro 29:59

Thanks for listening to the She Said Privacy/He Said SecurityPodcast if you haven’t already be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.

Privacy doesn’t have to be complicated.