Health Library
Health Library

Get to know Susanne Schumacher, DPO of Flo Health

"I don’t view data privacy as a check-box exercise. I view data protection as a two-way dialogue to make sure users have the best experience while also instilling high levels of trust and confidence."

Susanne Schumacher
DPO of Flo Health

Tell us a bit about yourself!


I grew up in Northern Ireland, though having lived in Scotland, England, and studying in Italy and France, I mostly identify as European. I’m a big proponent of a good work life balance and when I’m not working, I make the most of my time by gardening, home-making, and have also set some personal goals beyond work goals. This year, I’m teaching myself to play chess and learn how to play the piano. I have a husband and a son who’s still at home due to lockdown but will go to university when the lockdown ends. We have a dog and five chickens named after Friends characters. We rescued them from a farm and are happy to report that they’re now extremely happy and healthy!


What led you to becoming interested in Data Protection?


Law has always been a calling. I love being right, and being legally right is even better! Prior to Flo, I worked at private law firms which were a bit too formal for me. I then had the opportunity to work for a personal development company, and privacy was of course a large element as they collected personal data. As the DPO of Flo, I get paid to do what I love. The data that we use to empower women means we can provide access to information for women to better understand their bodies. In order to do this effectively, we need to collect data, and people will only share data with us if they’re confident that it’s being handled appropriately. 


What are the three key responsibilities of a Data Protection Officer?


As the DPO, my job is to first and foremost represent and protect our Users. I do this by keeping on top of legislation, monitoring top trends,  and listening and advising the business in terms of best practices. I address User privacy from the most conservative perspective with transparency, authenticity, and accountability as the cornerstones.


My three key responsibilities include:


  • Making sure Flo adopts and implements good practice around privacy and to ensure it’s embedded in the culture of the company through training and awareness. 
  • Making sure Flo can identify the data that we’re using, that we only collect what we need, and adhering to the data protection principles while supporting the needs of the business in an ethical manner. 
  • Making sure that Flo employees have the right tools and information to enable them to make the right decisions. 


How do you stay on top of updated legislation?


We have a range of tools. Flo implemented OneTrust which provides data guidance. Anything new, I receive alerts. I also receive five emails a day of daily updates of what’s changing throughout the world when it comes to data privacy through the IAPP. There are also great public forums for privacy professionals, including KnowledgeNet which is a network of professionals from across the globe talking about hot topics in privacy. These discussions can help to preempt the updates that are coming. 


What’s the most common request a DPO might receive related to business data protection?


Every day, I receive requests from Flo employees asking for clarification about what they can or can not share. At Flo, people want to do the right thing and are very open and receptive to guidance. While the questions are always quick, the answers tend to take a bit longer. For each case, we initiate our Privacy Impact Assessment or Data Protection Impact Assessment processes and highlight risks in terms of security or organizational and remove them where we can before proceeding with any new processing activities.


How is a DPO different from a CISO?


It can vary. If you think of a Venn diagram, we have data protection on one side which includes personal data protection, and then we have cyber security on the other side. In the middle you have privacy and security where we work together. Cyber security is also about protecting confidential company information, intellectual property, and so on and so forth. It’s a wider field, but the two do cross over. 


What would you tell users who are worried about data privacy?


If in doubt, check it out! Have the conversations, ask the questions. Organizations should be open and transparent. As a user, you should feel empowered to reach out and have that authentic conversation. 


Can you share a bit about an exciting project you may have worked on in the past?


A real highlight has been becoming DPO of Flo and having the opportunity to bring my knowledge to the company. Seeing the enthusiasm from the whole team at Flo is a breath of fresh air. Often privacy is seen as a blocker. It’s been refreshing to work for an organization that is committed to doing the right thing by its Users and is willing to invest the time and money to do so. We know the importance and value of our data for women’s health, and each day, I witness Flo walking the walk as opposed to merely talking. People come to me with questions no matter how small. The more people come to me, the more trust and confidence transcends into the User experience.


What would you say to someone who is concerned about data privacy?


Never be afraid to reach out to me whether as an employee or a User. I don’t view privacy as a check-box exercise. I view data protection as a two-way dialogue to make sure users have the best experience while also instilling high levels of trust and confidence.