Technically Compliant
Real CTOs. Real Privacy Challenges. Real Engineering Solutions. You've got third-party scripts you can't really identify, your data mapping spreadsheet was last updated in 2019 (and your schema doesn't match it), and someone from Legal just DM'd that "we need to talk about GDPR". Cue eye-roll. Technically Compliant is the podcast where CTOs talk about what privacy compliance really looks like when you're shipping code, managing legacy systems, and trying to convince the CEO (and yourself) that a consent management platform isn't optional. Each episode, I sit down with CTOs who've been in the trenches—the ones who've retrofitted privacy into monoliths held together with duct tape, discovered entire tables of unexpected PII, survived their first DSAR that returned 80,000 records, and lived to tell the tale of explaining to their CEO why they can't "just ignore the risk." No vendors. No legalese. Just real conversations about the messy reality of building privacy into software that's already moving at full speed (or higher). Because let's be honest: you're probably technically compliant. The question is what happens when someone checks.
Technically Compliant
Introduction to Technically Compliant with Ross Saunders
Technically Compliant is the podcast where CTOs drop the corporate speak and talk about what privacy compliance really looks like when you're building products, managing legacy systems, and trying to plow through mountains of vendor assessment forms.
Hosted by Ross Saunders, privacy engineering specialist, each episode features honest conversations with CTOs who've been in the trenches—the ones who've retrofitted privacy into monoliths held together with duct tape, survived their first DSAR that took a dev lead out for hours, or had the foresight to build products that brought Privacy by Design in early.
No vendor pitches. No legal lectures. Just real problems, real solutions, and real talk about the messy intersection of privacy law and production systems.
About Ross:
Ross, the "Nerd with Trust Issues", is a technology and privacy specialist with over 20 years of experience navigating the complex intersection of innovation, governance, and cybersecurity. He holds a Master’s degree in Management of Technology and Innovation, a CIPP/E designation in privacy, and certifications in paralegal and ethical hacking.
With a background in Software-as-a-Service and more than a decade dedicated to governance consulting in privacy and security, Ross has helped organizations translate regulatory requirements into actionable strategies. He is a passionate advocate for consumer cybersecurity and privacy rights, known for making even the most complex topics accessible and engaging.
Ross Saunders (00:00)
Picture this, it's 3 p.m. on a Friday, everyone's about to clock out, and then Sales sends an urgent Slack message needing you to fill in a 72-page assessment by the close of business. Your heart rate goes up, your blood pressure goes up, and you realize you don't have a lot of the requirements built in that you need. Well, technically you do, but none of it's on paper, and all of it's kind of a, well, it depends situation. Enter Technically Compliant, the podcast where CTOs lay it out as to what
privacy compliance actually looks like when you're shipping code, managing technical debt, trying to convince the CEO that just deleting the Quebec users isn't a viable privacy strategy, all of these kinds of things. My name's Ross Saunders and I've spent the last decade with some change, helping software companies figure out how to build privacy programs into systems that were definitely not designed with privacy in mind historically. Almost every CTO I've worked with
has at least had one story that starts with, well, we didn't even know the data was there. And these stories often end with, we had to rebuild the entire thing. The show isn't about theory or legalese. It's not necessarily about what the regulations say you have to do. This is about what actually happens when you are in the development trenches. In each episode, I'm gonna sit down with a CTO who's been through it.
someone who's fought the fight, who's made the hard calls, and they've lived to tell the tale at the end of the privacy side of things. We're talking real problems, real solutions, and the strategic compromises that we make between perfectly compliant and actually shipping products. You won't find vendor pitches here, you won't find legal lectures here, just conversations about the messy intersection of privacy law and production systems.
So whether you're staring down your first audit, you're doing one of the security assessments, or you're wondering how to implement GDPR without absolutely breaking everything, then you're in the right place. Technically compliant launches on the 15th of January, 2026 with new episodes coming out every month. Subscribe now on Apple podcasts, Spotify, or wherever you listen to your podcasts.
Don't miss our first episode with Brandin Chiu. He's the CTO of Spoonity and he'll be telling us about the challenges and opportunities that they had with regards to consumer privacy over several dispersed languages and jurisdictions. It's quite a goodie. Definitely tune in. Because let's be honest, you're all probably technically compliant. The question is what happens when someone checks?