Fatima Khan is Chief Privacy Officer at Demandbase.

About three months into the enforcement of GDPR, the life of a privacy officer is an exciting and busy one. Here’s what Fatima Khan gets up to…

(N.B. Econsultancy has a range of GDPR resources, from a comprehensive guide for marketers to online and face-to-face training courses.)

Econsultancy: Please describe your job: What do you do?

Fatima Khan: My job at Demandbase (Forrester leader in account-based marketing) is to maintain and evolve our global privacy program, and drive strategies to ensure compliance with data privacy and cybersecurity requirements. I help ensure Demandbase’s community understands what the GDPR era means for account-based marketing (ABM) and how ABM strategies can fit in with data privacy responsibilities in general.

A big part of my role is also ensuring that we provide the best customer experience through continuously evaluating our practices and leading or upholding industry standards for privacy with regards to our services for our global customers.

E: Whereabouts do you sit within the organization? Who do you report to?

FK: I am part of the Demandbase legal team, based in our San Francisco headquarters, reporting into our CFO, Tony Russo.

E: What kind of skills do you need to be effective in your role?

FK: I am a lawyer with extensive privacy, data and technology law experience, particularly in the marketing and advertising technology industry. It is important for me to stay immersed in these industries to understand relevant privacy laws and regulations and their impact on us and our partners across the industry.

Part of my job is to interpret this dynamic area of the law and provide guidance on its impact and how to solve for any new challenges that may arise in relation to our service and industry.

fatima khan

E: Tell us about a typical working day…

FK: My typical working day starts with early morning calls with the EMEA team to make sure that we’re able to resolve any privacy concerns from our EMEA team or customers. I usually take these calls from my home in San Francisco and then take a pleasant walk to our office.

Since I joined Demandbase in January, GDPR has been an incredibly important priority for the company and has taken up much of my time. No one day is the same. One day, I may find myself evaluating Demandbase’s privacy efforts for a specific internal process to address the regulations, while another day, I may be providing guidance around how the new legal regime applies to teams developing new products and services. Demandbase also has a cross-functional team that regularly meets to address privacy compliance across the company.

Although we are now about three months into the GDPR, the data privacy legal landscape is constantly evolving. For example, California just passed the California Consumer Privacy Act of 2018 and it’s my responsibility to keep pace with the changes and make sure Demandbase is up-to-speed.

I also regularly take part in industry standard-setting organizations events or meetings, such as the Digital Advertising Alliance (DAA) or Interactive Advertising Bureau (IAB) to weigh in on how companies and the industry can work together to solve for privacy issues arising in marketing and advertising.

E: What do you love about your job?

FK: My work is really interesting. I have fascinating issues to deal with, not least because data privacy regulations at this point are not black and white across many areas of adtech and martech.

In addition, Demandbase utilizes emerging technologies such as AI within our product offerings. The law is evolving in these areas too, so there’s a lot of change that keeps me alert and busy!

E: What kind of goals do you have? What are the most useful metrics and KPIs for measuring success?

FK: We conducted some research with Demand Metric into marketers’ approach to data privacy about one month after the GDPR deadline. At Demandbase, we feel strongly about transparency around our data processing and privacy tools and policies. As a goal, we want our customer base to be comfortable with us as a trusted martech vendor. We want to open up opportunities for marketing departments to be more engaging and clear while doing right by their customers.

E: What are your favorite tools to help you to get the job done?

FK: I find Confluence Wiki pages useful to help with communications around data handling and privacy enablement across the organization. I regularly update and use the Wikis to provide the teams with educational materials and resources about data privacy and our practices.

E: How did you land in this role, and where might you go from here?

FK: I joined Demandbase from a prior position as the VP, Legal at the mobile ad network AirPush, where I headed the legal function for a few years. I was attracted to the opportunity at Demandbase because the company brought a fresh approach to the industry through ABM and used emerging technology, such as AI to help power its solutions. Demandbase’s approach and evolving technology keep my role interesting in terms of privacy issues.

E: Is there a particular company you admire for their approach to GDPR so far?

FK: I admire the industry as a whole. This is an industry that’s very adaptive and its approach to GDPR has been no exception. It’s important to understand that GDPR isn’t a single compliance action, but instead is the start of a continuous process of evaluating privacy compliance as technologies and data processes evolve.

I also admire the way that companies across the advertising and marketing ecosystem have come together through organizations such as the Digital Advertising Alliance (DAA) and the Interactive Advertising Bureau (IAB) to create and adhere to principles for responsibly using consumer information for marketing.

E: Do you have advice for anybody who wants to work in your field?

FK: This is an exciting time to join the privacy and technology field and it’s only going to be more interesting going forward. Privacy and data laws as well as technology are dynamic and evolving quickly, so there are always novel issues and it’s an area of practice where you’re always learning. It’s an exciting career path for anybody that likes to learn and solve for new legal issues related to technology on an ongoing basis and there are plenty of opportunities that will continue to arise.

Econsultancy has a range of GDPR resources, from a comprehensive guide for marketers to online and face-to-face training courses.