Principal: Ralph T O'Brien


Fellow of Information Privacy, CIPP/E, CIPM, CiISMP

Ralph has spent nearly two decades working at the intersection of privacy, security and risk management. Ralph is an experienced consultant, speaker, trainer, auditor, negotiator and manager.  His key passion is in using his knowledge of privacy laws and information governance standards to help businesses develop and grow, engaging stakeholders, and delivering complex projects within the information governance sphere.    

Key Achievements

  •  Advised on the creation of GDPR compliance roadmaps covering global organisations with resourcing and budgets in the millions
  • Assisted organisations to improve their privacy governance as part of sustainable management systems across global enterprises 
  • Completed customer projects such as Data Inventory, Data Mapping, GDPR Strategic Priorities Assessments, detailed GDPR assessments, and advisories around specific products and services privacy implications 
  • Experienced speaker and thought leader, speaking at IAPP, NADPO, IRMS, BCS, Data Protection Forum and other conferences 
  • Advised and assisted global businesses in compliance with global privacy laws, international transfer frameworks  
  • Strong Information Security training and consultancy background, specialising in ISO/IEC 27001, assisting over 30 organisations to successfully certify to the standard, and previously acting as a BSi assessor to gauge if organisations can attain accredited certification  
  • Developed bespoke training materials for privacy and security, and is a former BCS ISEB course director for Certificate in Information Security Management Principles 
  • Worked with several vendors to develop tools and products in the privacy industry and introduce them to market 
  • Utilises and creates governance frameworks including work on the ACPO Data Protection Audit Manual, British and international standards such as work on the BSi committees to create BS 10012 (the standard for Personal Information Management Systems)  
  • Management Committee of the UK Data Protection Forum (

Career to date

  • Principal Consultant, REINBO Consulting  
  • Principal Consultant, TRUSTe 
  • Senior Manager and Principal Advisor Privacy, KPMG  
  • Senior Compliance Solution Specialist, AvePoint  
  • Senior Consultant, IT Governance  
  • Senior Consultant, Control Risks  
  • Senior Security Consultant, Ultima Risk Management  
  • Information Security Consultant, QinetiQ  
  • Client Manager/Lead Auditor, British Standards Institute  
  • Group Information Compliance Manager, Metropolitan Housing Group  
  • Force Data Protection Auditor, Her Majesty’s Norfolk Constabulary 
  • Data Protection Officer, North Norfolk District Council   


  • (2016) Fellow of Information Privacy, International Association of Privacy Professionals 
  • (2014) CIPM, Certificate in Privacy Management, International Association of Privacy Professionals 
  • (2013) AvePoint Compliance Product Specialist and AvePoint Compliance Technical Specialist, AvePoint 
  • (2013) CIPP F and CIPP Europe, Certified Privacy Professional, Int Association of Privacy Professionals 
  • (2011) ISO 27002 Implementation Exin course 
  • (2011) ISO 27001 Lead Implementer IT Governance 
  • (2010) BS 25999-2 Implementer, IT Governance 
  • (2010) ISO 27001 Lead Audit, IT Governance (then lead Tutor for course) 
  • (2006) Information Security Management Principles, British Computer Society, ISEB (Distinction level) 
  • (2006) Lead Tutor for ISEB CISMP course, British Computer Society
  • (2006) Planning and Documenting DBsy Risk Assessments, QinetiQ 
  • (2006) Member British Computer Society (to current) 
  • (2005) BSi Registered Auditor BS7799-2:2005 (now ISO 27001) 
  • (2005) BSi Quality Management ISO 9001:2000 
  • (2005) BSi Registered Lead Auditor ISO 9001 and ISO/IEC 27001, British Standards Institution 
  • (2004) Diversity Training, Advisory Conciliation and Arbitration Service (ACAS) 
  • (2003) CRAMM IS Risk Management, Mentis Consultancy 
  • (2003) Data Protection Audit Manual Techniques & Methodology, Privacy laws international  
  • (2002) Project Management skills, Design Basics, Human Rights Act for supervisors  

Detailed biography

Ralph is a trusted advisor on Global Privacy and Security compliance, practices and management. He believes good information governance adds business value to achieve business objectives and return on investment. His role includes acting as a senior level "translator" between IT, business and compliance professionals, thought leadership, business development, partnerships and product development.  His experience includes strategic GDPR adoption programmes, advisory services and assurance delivery in global multinational environments.   

Prior to that, he has been an experienced Product and Services business development lead, Principal Consultant and Manager, delivering training, consultancy and audit of data protection, business continuity and information security - Management of consultancy and audit teams across multiple topics, responding to tenders and delivering solutions proposals. He is a BSi lead assessor and BCS/ISEB lead tutor in information security management.  

He has worked in a wide variety of industry sectors including the with a focus on Defense, Public Sector, Pharma and Financial Services, representing both multinational corporations and boutique specialist consultancies.   

He continues to be a hands-on practitioner, combining business level consultancy with training and technical experience. He has implemented the ISO 27002 code of practice and has repeatedly both assessed and implemented ISO/IEC 27001, BS 10012-2, ISO 9001 and BS25999-2 standards through to certification. He was responsible for the first global joint 27001/25999 management system to be certified.  

With a focus upon business processes and the protection of information, and an ethos of management assurance, risk management and knowledge transfer he continues to ensure effective protection of assets appropriate to the business needs of the client.