ABOUT WILMAR

Ryan Wilson is a certified Privacy Professional and attorney with over 10 years of legal experience.  In 2020, Ryan shifted his attention to building a comprehensive data protection practice to bridge the gap between the legal and technical components of data privacy.  For example, HIPAA’s requirement to assess whether data protection measures are reasonable and appropriate safeguards implicitly requires a legal-technical understanding of “reasonableness,” in the context of  “appropriate safeguards.”

Ryan has completed the International Association of Privacy Professionals, ANSI-accredited, Certified Information Privacy Professional certification program, which covers United States privacy laws, regulations, policies, and best practices for privacy program development, privacy auditing, records management, and agency reporting obligations. Ryan bolstered his privacy knowledge by obtaining the CompTIA Security+ certification, which prepared him to advise on the appropriateness of safeguards in the context of strategies employed by cyber-criminals.

Recently, Ryan has strategically partnered with PricewaterhouseCoopers LLP (PwC), a global consulting firm. This alliance has enabled him to provide support and guidance to an international cellular service provider on global data protection frameworks, as well as the implementation of corporate processes, controls, and systems that affect personal data. Ryan's involvement has given him extensive knowledge of implementing data protection processes and cultivating a culture of privacy across business functions. 

A few representative experiences include:

• Supporting domestic and international transactions involving transfers of sensitive data and providing privacy guidance to US and international business teams, based on the appropriate balance of risk mitigation and business interests 
• Drafting, reviewing, red-lining, and negotiating data processing agreements, including business associate agreements (BAA) and standard contractual clauses (SCC), as well as updating related contract templates
• Conducting and reviewing Inherent Risk Questionnaires (IRQ), Due Diligence Questionnaires (DDQ), Data Privacy Impact Assessments (DPIA), and Transfer Impact Assessments (TIA) to evaluate and mitigate potential privacy risks associated with domestic and international vendor transfers
• Tracking new privacy legislation to help analyze and communicate the implications of changing privacy laws for US-based entities
• Developing privacy governance documentation, privacy compliance strategies, guidelines, infographics, and templates for US-based entities