Brad Lin
Director Data & Privacy, Deloitte Hong Kong
Brad is a Director in Deloitte Hong Kong’s Risk Advisory practice and Member of the IAPP ASIA Advisory Board. He has more than 13 years of experience in Data Protection and IT Assurance. He worked internationally on various engagements for multinational clients in the commercial sector on personal data privacy / protection, data confidentiality and information security and access. He has experience in organizational assessments relating data privacy from governance to implementation and execution. He is familiar with various data privacy regulation and standards amongst others GDPR, HK PDPO and AICPA’s General Privacy Principles, and various information security standards amongst others ISO 27001/27002, COBIT and Risk IT. Brad has a Master of Business Administration degree from the Erasmus University of Rotterdam, Executive Master in IT Audit degree from the University of Amsterdam, the Dutch Registered EDP Auditor Certification (RE, Dutch equivalent of CISA) designations.
Selected Experience:
Led the Asia Pacific Data Risk Health Check for a luxury brand beverage company focusing on customer personal data handling for Marketing & Sales team covering 9 in-scope countries.
As part of a data privacy compliance program roll-out within APAC region for largest door opening solutions company in the world, drafted data protection (related) Policies and Procedures.
As part of the setup and implementation of a Technology Risk Management framework, including the performance of the all RCSAs, at a large regional bank drafted all related Policies and Procedures to support the harmonization of Technology Risk Management within the bank.
As part of the support in improvement and harmonization of the ITIL and regarding outsourcing of parts of their IT activities processes for a global leader in animal nutrition, drafted underlying processes.
Drafted Cloud Control Framework for a global leader in animal nutrition.
Review and commented on policies and procedures from an internal audit and operational perspective.
Led and management multi-location data privacy & protection gap assessment for one of the largest gaming, leisure and hospitality group in APAC covering all there (operating) locations.
Led and managed various international multi location / country data privacy (gap) assessments for various jurisdictions including GDPR and PDPO.
Implementation lead for a data privacy compliance program roll-out within APAC.
Set-up the Information Security Maturity Control Framework, based on the ISO 27K standards, and defined the first risks and controls.