Katarina Vetrakova on being the 2024 Privacy Innovator

Head of Privacy & Security


"We want everyone to perceive that adhering to privacy guidelines not only benefits our customers but also enhances their own work efficiency."


Katarina Vetrakova serves as the Head of Privacy & Security at GoCardless, where she holds the primary responsibility of overseeing and leading the company's privacy and security programs. In this pivotal role, Katarina manages multiple teams dedicated to actively contributing to these initiatives. Her key objective is to ensure that her teams provide comprehensive support and guidance across the entire organization.

Katarina fosters collaboration with various departments, offering expert advice to ensure that privacy and security considerations are seamlessly integrated into their respective initiatives. With a wealth of experience and expertise, she plays a crucial role in upholding and enhancing the privacy and security standards at GoCardless.



Can you briefly describe your role in ensuring data privacy and its impact on your organization or community?

As the Head of Privacy & Security at GoCardless, my primary responsibility is to oversee and lead our privacy and security programs. I manage multiple teams that actively contribute to these efforts. One of our key objectives is to ensure that our teams provide support and guidance across the entire organisation. We collaborate with various departments and offer advice to ensure privacy and security considerations are integrated into their initiatives.

For instance, earlier this year, we provided consultation to one of our engineering teams during the launch of a new product called GoCardless Embed. This product enables Payment Service Providers to utilize the GoCardless network for their payments. We worked closely with the team to ensure that privacy and security were appropriately addressed throughout the development and implementation process.

Additionally, we have assisted the business in safely implementing LLMs and provided comprehensive guidelines on how to use them securely. Our aim is to proactively support different areas of the business, ensuring that privacy and security are prioritized in all aspects of our operations.

Share a key aspect of your approach when building privacy programs and how it aligns with organizational objectives.

Our organization's strategy revolves around enabling our teams to work quickly and independently. Therefore, our privacy compliance strategy must align with this approach. We aim to ensure that compliance with privacy regulations is transparent and straightforward for all members of our business. It is crucial for every team member to take ownership of privacy and consider it their responsibility. We want everyone to perceive that adhering to privacy guidelines not only benefits our customers but also enhances their own work efficiency.

To achieve this, we invest significant efforts in automating and simplifying processes. We strive to make information easily accessible and prominently displayed throughout our organization. Additionally, we organize events that prioritize privacy and security practices, creating opportunities for team members to gain a deeper understanding of how their actions impact customer privacy.

Our strategy focuses on fostering a culture where privacy compliance is clear, intuitive, and embraced by all. We prioritize automation, user-friendly processes, and knowledge-sharing events to ensure that privacy remains at the forefront of our operations and positively influences our team members' work.

How do you measure and prioritize data privacy risks, and what strategies have you found effective?

At GoCardless, we have a comprehensive approach to assessing the state and maturity of our program. We stay updated with the latest developments in privacy and identify the most significant risks we encounter. To prioritize our efforts, we conduct a standard risk assessment, which is similar to how any organization would assess risks.

To enhance our risk prioritization, we rely on the completeness and accuracy of our internal perspective. We strive to thoroughly understand the inner workings of our organisation, including our operations and how we handle privacy-related processes. By doing so, we can effectively apply this knowledge to future risks and determine where we should invest our resources and where we are already doing really well.

Reflect on a notable challenge in your data privacy work and the specific steps you took to overcome it.

One of the significant challenges faced by privacy professionals, especially in the past year, has been the task of convincing businesses to continue investing in compliance programs. Privacy and security measures do not always have an immediate and visible impact on profit-making abilities. In an environment where we are expected to achieve more with fewer resources, while keeping up with the demands of the business and adapting to new challenges for sustainable growth, finding effective solutions becomes crucial.

To tackle this challenge, we have made a deliberate decision to focus on education and cultivating a privacy-conscious culture within our organization. As mentioned previously, our privacy program succeeds because we strive to make everyone care about privacy. We firmly believe that when individuals understand their responsibility and possess a deep understanding of why privacy is a priority, they are empowered to make informed decisions in their day-to-day activities. By achieving this, privacy professionals effectively expand their team by hundreds of individuals without incurring any additional costs.

Looking back at 2023, share any predictions you had for Data Privacy. How did they unfold, and did they influence your approach?

At the beginning of 2023 I would have said that international transfers will get even more complicated. And then the whole year became about AI.

If you could time travel to any era, past or future, for a day, where and when would you go, and what would you do?

1705 to check out the construction of St. Paul’s cathedral in London, look around 16th century London and get back to 2024 before anything bad happens to me.