David Manek

David Manek
Senior Managing Director

Data Privacy & Data Protection Officer; Forensic Investigations

David Manek is a Senior Managing Director at Ankura, based in Chicago. His global practice focuses on data analytics, cyber, data privacy, e-discovery, and digital forensics. He specializes in providing expert consulting services to organizations involved in large, complex, data-intensive regulatory change management projects.

  • Experience

    Dave is focused on Ankura’s solutions to assist organizations with compliance with emerging data privacy regulations. His team includes data management, data mapping, information security, and privacy experts from across Ankura. He is currently serving as a data protection officer for his clients.

    Representative Engagement:

    • Dave was retained by a large global manufacturer of industrial products to design and implement a modernized privacy program driven by the requirements of the GDPR. His team is currently executing a phased project plan to develop and maintain an inventory of critical data systems. His team is conducting gap analyses on current privacy policies and procedures and developing modernized programs to meet regulatory requirements and reduce risk through strengthened information governance. He is working with corporate legal, compliance, IT, and security teams along with outside counsel to operationalize the program across 30 operating companies and 100 sub-entities globally. Typical project plans include 50 to 90 data privacy activities.

    Additional Data Privacy Engagements:

    • GDPR readiness project for San Francisco based social media company: He was engaged by a technology company that developed a communications platform for managing and measuring employees’ efforts to promote a company on social networks. With limited employees, this company has few internal resources to devote to GDPR compliance. The entire legal department consists of one person and there are only two IT and information security professionals. The team modifies its approach so that we could provide more support to augment their efforts.
    • Dave adjusted the level of service for the various items in the workplan so that his team could take on the bulk of the development hours for each of the tasks. His team relied more heavily on the templates and sample policies in their toolkit to complete the various GDPR activities.
    • This company’s processing operations require regular and systematic monitoring of data subjects on a large scale and, as a result, it was determined that they would need to assign a data protection officer (DPO) under the GDPR. Due to a lack of resources and available funding, this company could not assign the DPO role internally nor could they hire for this role. Our client made the decision to assign Dave to act as an interim data protection officer (DPO) under the GDPR. This solution has allowed them to get the support they need, while better controlling their costs. They were also able to use our vast experience in data protection and GDPR via the DPO role on ongoing basis.
    • GDPR readiness project for $12 billion distributor of health care products and services: Dave was engaged by a global medical and healthcare products distributor to gain insight on our approach, flexibility, and expertise working with large organizations to operationalize requirements for GDPR.
    • He was engaged by a medical and healthcare products distributor and supplier to assess and implement their privacy program driven by the requirements of the European Union’s General Data Protection Regulation (GDPR) and the German Bavarian Data Protection Authority (DPA).
    • Dave provided overall project management with the client’s approximately 100 global business functions including corporate legal and information security to facilitate GDPR awareness, inventory assessment and training, impact risk assessments and training, and specific business function remediation plans.
    • Dave assessed and aligned the German Bavarian DPA requirements both with the client’s privacy program and the GDPR requirements.
    • Dave’s team executed a phased project approach to develop and maintain an inventory of critical data systems and the personal information they contained, conducted gap analyses on their current privacy and information security policies and procedures and developed a remediation plan for the client’s global functional business groups to utilize towards GDPR and Bavarian DPA compliance.

    GDPR Readiness Programs Engagements
    As of August 2018, his team has assisted 35 organizations with GDPR readiness programs, a sampling of which include:

    •  Information governance project centered around the legal hold process for a large natural gas utility
    • GDPR readiness program for large transportation company
    • Privacy Shield and GDPR program for biotech company
    • Data mapping project for a global technology solutions provider in the food processing and air transportation industries
    • GDPR readiness assessment for satellite communications organization
    • GDPR readiness program for private medical device manufacturer
    • GDPR readiness program for organization focused on product reviews of enterprise software products
    • GDPR readiness project for travel technology company
    • GDPR readiness assessment for large multinational automobile part manufacturer
    • GDPR readiness program for university system

  • News & events
    • GDPR: The Beginning of a New Era in Privacy?” PLUS 2018 Cyber Symposium, 05/2018
    • GDPR “How to Protect Client and Witness Personal Data in the Era of Cyber Crime,” American Bar Association, 04/2018
    • “GDPR CLE – What you need to know now,” Panel with Jones Day, 03/2018
    • “Data Privacy in the US and EU Practical Data Protection Considerations,” Transunion, 03/2018
    • “GDPR: What Litigators Should Know. Webinar for American Bar Association,” American Bar Association, 03/2018
    • “Global Breach Response – How to Select Your Key Partners,” Advisen, 01/2018
    • “Cyber Insights: General Data Protection Regulation & Cyber Insurance,” Willis Towers Watson. 10/2017
    • “Unlocking the GDPR – Overview Training,” Medispend, 06/2017
    • “Practical Solutions to Demonstrating GDPR Compliance,” Medispend, 06/2017
  • Insights & innovation
    • “Data Inventory: The Critical 1st Step in Data Security.” Law360.com, 05/2017
    • “Becoming GDPR Ready – Reaping Rewards Beyond Just Compliance,” Navigant.com, 02/2017
    • “Responding to Whistleblowers: A Structured Triage Program is Essential,” Navigant.com, 11/2016
    • “The Role of Information Governance in Incident Response Planning,” Navigant.com, 10/2016
    • “Ways to Protect Attorney Client Privilege When Producing Structured Databases,” Linkedin.com, 10/2015
    • “How to Deliver a Deployable Technology Solution in an Investigation Setting,” Linkedin.com, 09/2015
    • “Use a Probe Sampling Technique to Justify the Need for a Larger Investigation,” Linkedin.com, 08/2015