Gartner Expert

Bernard Woo

VP Analyst

Bernard Woo is a Vice President Analyst with a primary focus on data protection/privacy programs. Additional coverage areas include data classification and 5G security considerations.

Mr. Woo holds three privacy-related certifications: Fellow of Information Privacy [FIP], Certified Information Privacy Professional/Canada [CIPP] and Certified Information Privacy Manager [CIPM]. In addition, Mr. Woo holds the Lean/Six Sigma Yellow Belt designation and is a licensed Professional Engineer [P.Eng.] in the province of Ontario (Canada).

Throughout his career in privacy-related roles, Mr. Woo has excelled at working with stakeholders from various functions (e.g., IT, legal, marketing, security, HR) to devise innovative, efficient solutions that enable organizations to grow and achieve its objectives, while ensuring the protection of individual privacy rights.

Previous experience

Mr. Woo has over 14 years of privacy-related experience across multiple industries in both the private and public sectors. Experienced at embedding "Privacy by Design (PbD)" principles into daily operations, Mr. Woo has expert knowledge in conducting privacy impact assessments, as well as leading privacy risk management and compliance programs in organizations operating in multiple jurisdictions.

Professional background

ADP Canada

Director, Privacy Programs Lead

Wells Fargo Bank (Canada / Latin America Regions)

AVP, Regional Privacy Lead / Canada Branch Privacy Officer

Ontario Lottery and Gaming Corporation

Senior Manager, Information Access and Privacy Services

Areas of coverage

Cyber Risk

Privacy Program Management


Masters of Business Administration, Schulich School of Business, York University

Bachelor of Applied Science, Electrical Engineering, University of Waterloo

Read More Read Less

Top Issues That I Help Clients Address

1Build and mature privacy management / compliance programs.

2Embed privacy and data protection into operations / products (Privacy by Design / Privacy Engineering).

3Review privacy policies, procedures and guidelines.

4Multi-jurisdictional privacy considerations (e.g. GDPR, CCPA, CPRA, PIPEDA, LGPD, PIPL etc.)

5Privacy-related technologies.