About the IAPP

ShanShan Pa, CIPP/E, CIPP/US, CIPM, CIPT, FIP

Alibaba Cloud

Head of Compliance, Privacy, U.S., EMEA

ShanShan manages global privacy and compliance at Alibaba Cloud. She deals with the security and privacy compliance aspects of the cloud business. Prior to that, she worked in both, at internal and external compliance and audit functions in the areas of finance, pharmaceutical and technology. She has been active board members and supporter of multiple industry organization chapters such as the Cloud Security Alliance (CSA), the International Association of Privacy Professionals (IAPP), the Information Systems Audit and Control Association (ISACA) and a longtime volunteer for the SANS institution's security awareness program. She is an advocate for bridging privacy and security, and raising overall awareness.

Before joining the Publishing Advisory Board, ShanShan started as a Young Privacy Professional Leader, engaging local organizations and hosting educational network events to promote privacy in the community. She is also a Certified Information Systems Auditor (CISA) and a Certified Information Security Manager(CISM).

Contributions by ShanShan Pa

• Code of Conduct Under GDPR: Alignment, Interoperability and Potentials
  Web Conference Speaker
• Member of Education Advisory Board 2021 - 2022
• Speaker at IAPP Europe Data Protection Congress 2020 - Cancelled
• Dual Literacy in Privacy and Security — A Guide for Infosec Professionals
  Speaker at IAPP Summit Sessions 2020 Online
• Privacy Awareness Redux: How to Promote Privacy from Governments to Employees
  Speaker at IAPP Summit Sessions 2020 Online
• Dual Literacy in Privacy and Security — A Guide for Infosec Professionals
  Web Conference Speaker
• Mitigating Third-Party Mayhem
  Speaker at IAPP Summit Sessions 2020 Online
• Mitigating Third-Party Mayhem
  Web Conference Speaker
• Member of Privacy Engineering Section Advisory Board 2020 - 2021
• Code of Conduct: A Practical, Cost-Effective Way to Demonstrate GDPR Compliance
  Speaker at IAPP Europe Data Protection Congress 2019
• Data Protection Impact Assessments: The Full Picture
  Speaker at IAPP Europe Data Protection Congress 2019
• Data Protection Impact Assessments: The Full Picture
  Speaker at Global Privacy Summit 2019
• Must-Have Privacy Training Features for Your Team
  Author
• Building and Managing an Effective Risk Assessment Program
  Speaker at Privacy. Security. Risk. 2018
• How Privacy Tech Is Bought and Deployed
  Speaker at Privacy. Security. Risk. 2018
• Acting and Reacting to Chinese Data Protection and Cybersecurity Reforms
  Speaker at IAPP Asia Privacy Forum 2018
• White Paper – Must-Have Privacy Training Features for Your Team
  
• What Keeps You Up at Night? CPOs Talk Business in China and China Going Global
  Speaker at Global Privacy Summit 2018
• On the European Commission's proposal for a regulation on the free flow of non-personal data
  The Privacy Advisor
• Researchers develop data portability recommendations for the cloud
  The Privacy Advisor
• Member of Women Leading Privacy Advisory Board 2018 - 2019
• Operationalising Privacy Tech—A Practitioner’s Perspective
  Speaker at IAPP Europe Data Protection Congress 2017
• Privacy by Design in the Selection and Management of Cloud Service Providers
  Web Conference Speaker
• GDPR Compliance and Codes of Conduct for Cloud Companies
  Speaker at San Francisco Bay Area KnowledgeNet: August 2, 2017
• GDPR matchup: Hong Kong’s Personal Data (Privacy) Ordinance
  Privacy Tracker
• Future of cloud-related opportunities discussed
  The Privacy Advisor
• Operationalizing Privacy Tech - A Privacy Pro's Perspective
  Web Conference Speaker
• Book Review: 'Privacy Law Fundamentals 2017'
  The Privacy Advisor
• Oversight body handed Code of Conduct for Cloud Service Providers
  The Privacy Advisor
• Member of Publications Advisory Board 2017 - 2018