Stewart Haynes brings over two decades of high-level experience in data privacy, compliance and risk management. As the former Information Commissioner for the Isle of Man, Stewart led regulatory oversight and intervention efforts to protect data privacy at the national level, setting a foundation of trust and transparency across public and private sectors.
He has also served in senior roles (including Group Global DPO) that span privacy law, Anti-Money Laundering (AML), and sanctions compliance, providing him with a broad yet specialised skill set in navigating complex regulatory environments. Known for his strategic thinking and hands-on leadership, Stewart has designed and implemented multiple privacy programmes, managed regulatory reporting and re-mediation scenarios and advised organisations on how to successfully align compliance with business growth.
Stewart also serves as lead on TechGDPR’s DORA related Compliance Services.
Professional Experience
Information Commissioner
Isle of Man (ICO) | 2023 – 2024
- Served as autonomous leader of a statutory data protection authority
- Promoted public awareness and understanding of the risks, rules and safeguards and rights in relation to processing of personal data
- Maintained responsiblity for the strategic direction of the body and operational regulatory decisions including penalties and sanctions under the Applied GDPR and Freedom of Information Act 2015 (FoI)
- Issued guidance and promoting awareness to controllers and processors on their obligations under the legislation
- Advised DPOs and entities (public and private sector) on DPIAs and high risk processing activities
- Provided information and guidance to data subjects and responded to requests and complaints
- Cooperated internationally and conducted investigations
Independent Senior Data Protection Consultant
Various clients | 2022 – 2023
- Advised on every aspect of privacy program management UK/EU/international
Group Global Compliance & Data Protection Officer
Vista Global Holding / VistaJet International | 2019 – 2022
- Fulfilled Data Protection Officer related requirements under the EU GDPR and other applicable global privacy laws
- Developed and built an effective international privacy governance organisation structure for a leading multi-billion dollar private aviation company
- Compliance, sanctions, AML and code of conduct risk oversight
GDPR Consultant – Third Party IT Security & Vendor Risk Management
The Body Shop International Limited | 2018 – 2019
- Implemented and managed the global issuance of 3rd party IT security & data assessments for suppliers to a blue chip multinational retailer
- Assessed and graded responses, provided guidance direction on likely to be high risk personal data processing activities
- Helped further the development of its global privacy function and implementing privacy management software
Head of Risk & Compliance
Avantis | 2017 – 2018
- Oversaw and built a data protection framework for an investment broker in preparation and readiness for GDPR becoming law
Compliance Technical Specialist
The Pensions Regulator (TPR) | 2004 – 2015
- Held multiple regulatory roles including as Senior Risk & Intelligence Analyst for a UK Financial Regulator
- Responsibilities included dealing with corporate Risk, the UK Data Protection Act 1998 and FoI legislation
Qualifications & Education
Education
- Post Graduate Diploma – Anti-Money Laundering (AML) | CASS Business School, London
Certificates and awards
- CIPM Certified International Privacy Program Manager (IAPP)
- FICA Fellow of the International Compliance Association
- EU – GDPR Data Protection Practitioner
Skills and expertise
- Data privacy and regulatory compliance
- Regulatory reporting and remediation
- Strategic privacy program development
- Regulatory engagement, interventions and high risk processing (DPIAs)
- Risk management and operational resilience: DORA gap analysis and business impact assessments
- Embedding privacy into cross-functional teams & leadership structures