What is international women’s day?
International Women’s Day, also known as IWD for short, grew out of the labour movement to become recognised as an annual event by the United Nations (UN). For more than a century people around the world have been marking and celebrating 8th March as a special day for women globally.
Although it was first celebrated in 1911, in Austria, Denmark, Germany and Switzerland, things were made “official” in 1975 when the United Nations started celebrating the day. So, this year we’re technically celebrating the 110th International Women’s Day. The first theme adopted by the UN (in 1996) was “Celebrating the past, Planning for the Future”. On that note…
We’re celebrating Influential Women in Privacy: Happy 110th International Women’s Day 2021!
International Women’s Day has become a date to celebrate how far women have come in society, in politics and in economics. Events and social campaigns are organised to celebrate these women and raise awareness of inequality.
As a woman in tech, I’m no stranger to the major gender gap in the industry. Perhaps the industry’s gender problem stems from young girls’ perception of tech jobs. For instance, IT association CompTIA found that only 23 percent of all girls have ever considered a career in tech.
While there’s clearly still plenty of work to be done, there’s at least one positive to focus on for women in technology: the data privacy and protection field. I’m proud to belong to a gender-balanced sector where women predominantly make up the privacy professional workforce, compared to their male counterparts who predominantly make up the security professional workforce.
From experience, I can confidently – and proudly – say that today’s privacy field offers a unique opportunity for women to break into tech. I discovered that the number of leading female professionals in privacy is exceptionally high (which makes me very happy btw!), especially compared to other research areas related to computer science and statistics.
Today, in honour of International Women’s Day, I spoke to some of the top female leaders in privacy as they share their experiences of growth and obstacles, top tips for success, and insights for other women looking to build their careers in the privacy industry. This blog is just a tiny glimpse into the contribution of women to privacy and security.
Ready? Let’s jump right into it.
The Privacy Industry: hope for Women, from Women
Although the Privacy industry existed long before the General Data Protection Regulation’s (GDPR) implementation in May 2018, the new regulation has increased the focus on the industry and its prevalence in the media leading to the “domino effect” on other global privacy laws to follow. Global Privacy concerns have become increasingly important for the business agenda with GDPR paving the way and many other countries adopting their own privacy legislation.
Within the changing industry landscape, the market has expanded, allowing more opportunities for women with a compliance or legal background, other than in Information Security or IT engineering, which have traditionally consisted of a mostly male demographic.Evin Menacer
I interviewed six well-respected experts within the Privacy industry to gain an insight into their experiences first-hand as women within the industry and find out what we can learn from an industry that has set the standard in equal gender representation.
Special thanks to these incredible, influential women in Privacy for being a part of this project:
You can read each of their insights in full by clicking on the article links above, otherwise read on to see the combined highlights from all these incredible women.
Women in Privacy & Tech explore:
- How the GDPR has influenced the privacy landscape
- Valued insights into equal gender representation within Privacy
- Why privacy is the place to be for women in tech
- What a typical day in the life of a privacy Professional looks like
- Advice from our privacy leaders on building a career in the Privacy industry Top tips for success
How has the GDPR influenced the Privacy landscape?
Petruta highlighted that “the GDPR is the expression of one of the highest values of the European Union, the right of privacy and protection of private data as a fundamental human right.” The GDPR has deep historical roots in the European Convention of Human Rights designed to afford equal protection to the right of privacy and freedom of expression.
Protection of privacy as a fundamental human right has been perpetually at the center of the EU legislator preoccupation.
Highlighting the economic perspective, Petruta said “GDPR facilitated businesses to take full advantage of the benefits of the internal market by maximizing the consistency of approaches among EU member states and by bringing about a coherent data protection framework.”
When it comes to the ethical perspective, she added “GDPR protections are afforded to all individuals in the Union, independent of their nationality or country of origins, and put individuals in control of their data by, for example, imposing stricter conditions for the validity of individual’s consent.”
She continued, “the GDPR promotes high standards of transparency and new rights (data portability, restriction of processing, the right to be forgotten and in relation to profiling) for individuals. The accountability regime of the GDPR educates businesses to take into account data protection mechanisms from the outset of a product or service and thought its entire lifecycle and introduces the concept of similarly responsivities for data processors.”
Since it came into effect in 2018, “the GDPR has reverberated far across the EU borders, being a game changer for the privacy landscape around the world. Countries in Africa, Asia and Latin America implemented, or are in the process of implementing, similar GDPR-like data protection legislation.”
“GDPR did not only influence the data privacy landscape, but it has changed the world perception and approach on privacy as a fundamental human right.”Petruta Pirvan
On that note, Sheila added that “it’s definitely had a very strong influence. It’s moved the conversation from one purely about data security, which in the past, people used to think about data protection laws as ‘security and locking down data and infrastructure’, they don’t think about ‘the foundation of privacy, which if you’ve heard me speak before [at events] my big pet peeve is people not understanding privacy and what it means’. It’s great that GDPR has finally – not to the level I’d like – but it’s finally getting people to think about the data: what they’re collecting, why they’re collecting it, what they’re doing with it, how long they’re maintaining it, who has access to it, and do they even need it?”
In terms of the global influence the GDPR has had, Sheila added “it’s influencing laws around the world that have looked at some of the shortcomings of GDPR and have built upon that. For example, if you look at the Japanese Act on The Protection of Personal Information, which was released last year, not only did they obtain an adequacy rating from the EU but they actually assessed the EU to see whether or not the EU is adequate for Japan!”
“We’re seeing a tremendous growth in privacy laws as a result, primarily in the Asia Pacific region, including Australia, New Zealand, and certainly in Canada, in Latin America, people talk about the U.S, but U.S privacy laws are kind of a joke.”Sheila FitzPatrick
Tash highlighted that it “has certainly brought data protection to the forefront of people’s minds. It has also become the gold standard of data protection for other countries to use as a template in shaping their regulations.”
Expanding on the scope of global laws that followed suit of the GDPR, Claudine mentioned, “GDPR is being used as a blueprint for other countries and states as they develop their own privacy laws. You will see this across continents with countries like Brazil, Argentina and Chile in south America to Asia with Japan and China and also in Africa with South Africa and Kenya. The US still doesn’t have a federal law but states like California and Virginia are leading and creating their own Legislations.”
She also highlighted that the GDPR has “awakened consumers to the value and use of their personal data and has forced organisations to become more aware of how they use personal data and ultimately, more accountable to consumers. This has forced business to take a more proactive approach with their management of personal data.”
Beyond Europe, the benefits of the GDPR’s implementation being felt across the globe. Claudine continued to say “the fact that companies, having been forced to be more accountable, not only benefits European data subjects but others outside of the jurisdiction. Global companies begin to adopt GDPR as their benchmark as it becomes laborious to implement and maintain policies and procedures per jurisdiction.”
Adding to this, Didem continued by saying “The EU General Data Protection Regulation (GDPR) is one of the most demanding and comprehensive privacy regulations of all time. One of its distinguishing features is that noncomplying entities can face bigger fines, the maximum of 20 million Euros or 4% of the total worldwide annual revenue.”
“In my view, the GDPR has changed the game for all businesses around the World and undoubtedly led to a greater public consciousness about the value and the usage area of the personal data.”Didem Kalaycıoğlu Birol
Linda concluded by saying, “what’s interesting about the GDPR and what has happened in the data privacy landscape is that many times data privacy has always been associated more from the technical perspective. And I think it’s put focus on personal information and has definitely made it apparent to everybody, from the single individual to corporations, that this is something that has to be done and dealt with – this is important.”
“For me, it’s revolutionary. The GDPR has really put focus on personal information and is really demanding that everybody take their responsibility.Linda Häss
Sure, the GDPR isn’t perfect, but if you look at the U.S. States such as California, where I’m originally from, I look at the CCPA and I think ‘this is great, people are being given their rights globally’ and it’s more about information processing and not just about ‘do you have a strong password?’ or ‘is there encryption in place?’ it’s emphasizing on the actual personal information and the rights of the individuals.”
Why is privacy the place to be for women in tech?
Petruta started by saying that actually tech companies, and all companies not only tech companies, should “already be on their path to understanding that perpetuating a stark gender gap and an over-representation of women in lower paying jobs is coming to its lapse. Diversity of approaches and opinions are the core of a creative environment which lives out of novelty and ever-changing business. The past few years have been marked by women at the realm of big IT corporations and international institutions.”
She continued with some great examples of women who “proved that, when entrusted with the highest leading position in the biggest organisations in the world, can drive a prosperous business and be the voice for gender equality in the workplace”. Data privacy is a realm of management, pro-active strategy and leadership.” as Ruth Bader Ginsburg once said:
“Women belong in all places where decisions are being made.”Ruth Bader Ginsburg
To add to this, Sheila said “it’s interesting because privacy is still a fairly new area. I mean, it wasn’t around 50 years ago. I’ve been in privacy law for 40 years – well before anyone even cared about it. And I was probably one of the few privacy professionals/privacy attorneys out there. There haven’t really been barriers that have had to be broken in a purely male dominated environment.”
“Privacy has opened up opportunities for women – and I don’t mean this in a demeaning way to men by any means – women inherently care more about that fundamental right to privacy, human rights issues: the protection of individuals, whether it’s protection of your family, protection of your employees, protection of your customers, that privacy is a great space for women to be in. It gives us a chance to raise concerns, to share expertise, to be technical, but also to balance that compassionate need for data with the abuses of privacy that have, you know, come as a result of expanding technology.”Sheila FitzPatrick
Although “It’s a wide-open field”, she highlighted that “there are more female CPOs out there than there are males. The males still tend to migrate towards the CISO role”. In some cases, this causes a problem “because you see many CISOs that think they are CPOs and that’s a direct conflict interest. You can’t be a privacy officer and a security officer because they are two diametrically different ways of looking at data”.
Expanding on this further, Claudine mentioned that “it is well known in the profession that there is pretty much an equal split between men and women both in junior and senior positions. This could be down to the fact that it is a relatively new profession and thus have not been historically dominated by men in comparison to other technical professions such as IT security. Women can be found in positions such as Chief Privacy officers, DPO’s and areas of regulatory bodies and even in academia.”
“While the profession appears to be level from the perspective of balance number of females in both senior and junior positions, this by no means equates to equal pay.Claudine Brown
Pay inequality is still a concern across all sectors and professions.”
Didem continued by saying, privacy is a discipline that’s “constantly evolving, making it an increasingly attractive option for women looking to enter a new, fast-paced profession. It’s a profession with tremendous growth opportunity.”
“A privacy professional must interpret and understand legal and regulatory language, possess strong communications skills, provides risk analysis and strategic direction as well as manage cross-function teams. In my opinion, the analytical and complex thinking capacity of women demonstrate the skills and strengths needed to be successful privacy professionals.”Didem Kalaycıoğlu Birol
Linda further added to this, giving her perspective from an IT background, “women have a holistic view, which makes them successful in the role. Women in tech who work closely with data privacy, for example, is a really good combination because you need to have that understanding of [using] tech in order to be able to assess privacy and ‘be compliant’.”
“In my team, we’re six women with IT backgrounds. In my experience in the privacy world, I realized that we are often talking about IT solutions, we are talking about Information Security, ultimately, we are talking about very technical areas, that’s why I actually chose women that came from IT backgrounds.Linda Häss
Sure, it was taking a chance [for me] and it was taking a chance on their part too when starting out, they were unsure of ‘what does compliance even mean’? and ‘do I really want to work with compliance?’ We know that compliance is knowing the law, but it’s also being able to apply your technical skills and your knowledge to comply with the law.“
She continued to highlight the advantage of women in privacy from IT backgrounds, “I often see, during networking and meeting other DPOs that have a legal background, whereas I have an IT background, that they are so dependent on IT and they don’t understand what’s happening [in IT]. This is the advantage for us [privacy] women in IT.”
Tash, on the other hand, said: “I wouldn’t actually say it is in tech. Many, many successful female privacy practitioners are not technical. Privacy is not always a technical role, it is about understanding the business, understanding the regulation and its application.”
“Understanding tech is useful, but I find it’s more important to have a network of people, who know more about the tech than you, that you can call on.”Tash Whitaker
What does a typical day in the life of a privacy Professional look like?
One thing was very clear while speaking to privacy professionals and that is that it’s fair to say there is no ‘typical day’ in the life of a privacy professional, it’s often very much unpredictable and has its fair share of challenges. Take it from Petruta who said, “A day in the life of a privacy professional [in my opinion] is very challenging. The biggest challenges I see, come from ‘very traditional businesses who are less flexible to change’. These organisations’ CEOs may not have a defined understanding of the data protection regulatory landscape and its benefits for their business.” This results in “reduced budget and low engagement for allocating proper resources on data protection programmes.”
She continued, “I’ve seen big, multinational companies, blended B2B/B2C businesses refusing to appoint a DPO or appointing only a Data Privacy Professional to uphold an entire Data Protection Program for the whole business with an estimated number of employees at over 80.000 employees globally. I’m also experiencing harmful mentalities such as ‘data protection is only a paper-based exercise’ or ‘if nothing has happened to us in the past 10 years why should we care for complying with the GDPR now?”
She made it clear that the “Regulators’ intense focus on tech companies and B2Cs are not helping the cause at all. The pressure is on our shoulders: mine and my peers’ in the data privacy community, together with the Associations we are part of, for advocating and signalling that data protection is as important for B2Bs, as it is for B2Cs. I wish I would no longer hear the argument that ‘we don’t allocate resources because we are a B2B and being a B2B is a risk mitigator against regulatory fines’. But this perception will only change once the Regulators start cracking down on B2Bs as much as they do with the tech companies or B2Cs.”
Sheila continued by sharing what her ‘typical day’ is like “my day can be completely different. The foundation of what we do is to ensure that first and foremost we know what personal data is being collected and why. Understanding the business challenges and understanding why business functions within an organisation believe that they need personal data.”
She continued to highlight that it’s “part education where you might think you need that data, but if you can’t articulate it, you probably don’t need that data. It’s also part building policies and procedures and documentation around the protection of personal data and the balance between needing data and wanting data.”
She also said that “it’s working with regulators to ensure that your organisation has the proper data, privacy notifications, policies, consents terms and conditions in place. It’s making sure you can address the rights of individuals. Having the right team in place to address things like right of access, right to erasure, right to object automated processing and it’s working very closely with every business function and IT, because it’s assessing new technology that’s being implemented in an environment, not to say, ‘no, you can’t implement that”.
It also involves “partnering with the CISO to make sure that once you are legally allowed to have [the] data, you have the right security infrastructure in place, which is critical”. Most importantly, it involves executive management, “educating executive management on the importance of privacy and how privacy compliance can be a competitive advantage within an organisation – rather than a negative”.
“Two to three years ago, I was butting heads continually with senior management because [for them] privacy is not a revenue generator, it’s overhead. They viewed it as an obstacle, but recently, I’ve been able to position it as this is a competitive advantage and the mindset is changing, I’m seeing more board of directors interested in privacy programs. When you’re in the CIO realm, there’s a pushback of: “Oh, privacy is an obstacle for us getting work done”, but the closer you work together, the more solid the relationship becomes. The mindset is changing a little bit, but it’s still an obstacle”.Sheila FitzPatrick
Tash added that there is no typical day. “You try and plan a typical day and you will get blindsided with queries that you weren’t expecting that mean you need to drop everything and any plans you may have had and do that instead.”
Following on from Tash’s point, Claudine added that a typical day in the life of a privacy professional can be “hectic and somewhat unpredictable. You can start the day thinking it’s planned, and then a data breach completely changes your plan or you can be about to shut down for the day and an incident is reported that requires your immediate attention.”
She also highlighted one of the challenges of being a DPO is that “the business often times will look to you for a decision. However, the role is an advisory one, regarding the privacy risk(s) associated with a particular processing or business activity. if you are looking for a role where you are the key decision maker, becoming a privacy officer is not for you.”
“The role however, is very important in influencing key decisions based on the facts presented, understanding privacy risks and the risk appetite of the business. Thus, a lot of your interactions will require you not only to make a strong case, but you also have to be able and willing to make compromises where applicable whilst ensuring your and the company’s objectives are met.”Claudine Brown
Didem continued from her perspective, “My typical working day starts early in the morning with a quick check of emails, then taking calls with my team.” She is focused on ensuring that her organisation comply with the regulations that apply to them, which are Turkey’s Law on Protection of Personal Data (LPPD) and the General Data Protection Regulation (GDPR), which she says is an “incredibly important priority for my company and takes much of my time.”
“My team and I are responsible for preparing/revising contracts on privacy issues, preparing privacy policies for our products, creating training programmes, working with IT and other related teams in order to ensure measures [are taken] against breaches, responding to data subject request processes, creating internal policies, overseeing consultancy processes. So, no one day is the same. One day, I may find myself working with IT evaluating on breach notification processes, while another day, I may be providing guidance to teams developing new products and services in compliance with the laws. There are lots of topics that keeps me alert and busy!”Didem Kalaycıoğlu Birol
Linda concluded by saying that a typical day “could be giving support to the business. It could be an external assessment by an external auditor. It could be communicating with the authorities. There is a lot of studying, on what is to come and being aware, surveying what’s happening [in the privacy world] and within the EU, when it comes to fines studying what companies are being fined for. That’s a typical day for us [in the privacy team] here at IF Insurance. Of course [dealing with] incidents are a big part too.”
What advice do you have for women interested in a career in Privacy?
Petruta’s advice is to “work hard and make sure that when they start this project, they continue it with dedication and involvement. This is one of the most emergent areas in law, therefore, we don’t rely on tones of academic and specialized literature like in other traditional legal disciplines, for example commercial law.”
Besides being emergent, she said “Data Privacy is also a realm of daily changes and daily nuances and new interpretations. As has been mentioned before, the tech industry is gender-clustered toward men. Therefore, women need to be prepared to be played down and having to work even harder to succeed.”
“Ultimately, my advice is to stay strong and behave and lead ethically. You have a mission: advancing and advocating for individuals’ rights to privacy and protection of their personal data.”Petruta Pirvan
Sheila continued to say, “as a woman, I always like to tell people never turn down any opportunities. If there’s an opportunity that sounds like it could be challenging and might make you think ‘I don’t know anything about this’, be willing to put yourself out there and to try.”
Speaking of her own background and experience, she said “I started out in international employment law and privacy was not even at the top of my mind, but you couldn’t work in HR in Europe 40 years ago and not deal with privacy – and I fell in love with the privacy side, even thought it was a stretch for me, there wasn’t any information out there. There wasn’t any websites you could go to find out about privacy. You had to read the constitution of different countries and find out what was going on.”
She also highlighted the importance of “asking a lot of the right questions, networking, find a mentor in the privacy space who is willing to answer questions, join certain privacy groups, but be careful not all of them are great out there. A lot of them are more into generating revenue than actually to privacy.”
A great place to start would be “within your organisation”, she recommends starting with HR because “HR is dealing with some of the most sensitive data of the employee data”. Another area in the organisation that could be insightful is sales, to “look at customer data”. She put emphasis on “get out of your box and push yourself to experience new things, ask a lot of questions. You’ll probably feel like you’re going to drive people crazy, but [do it] ask a question, it’s the only way you’re going to really learn”.
To add to this, Linda said “Dare to go outside of your comfort zone. Look into other departments, for example, if you are working with IT then you should look into see what it’s like working with data privacy. If you work in legal, you should look to see what it’s like working with IT.”
“This is a difficult area within our industry – insurance – but I encourage this within my team, especially since we all have IT backgrounds, we are involved in what we call ‘a shadowing program’, and that is where we spend a week with actuary observing how they work so that we have a better understanding of how they’re using information. Privacy reaches over such a broad spectrum, it covers areas across all departments. You need to have diverse competence; you can’t just stay within your own. Yes, you have to know your industry but it’s so important that you have knowledge within different areas, too.”Linda Häss
Claudine’s advice is to “get involved in affiliate programs organisations and training, to deepen knowledge and broaden your scope and understanding of the industry. Read articles, go online, there are numerous organisations out there that provide a lot of information, align yourself with these organisations to deepen your knowledge”.
She also highlighted the importance of “becoming their own advocates, especially in male dominated industries”. The best way to do this is to “acknowledge and promote other women’s successes.. make alliances and connections where possible. Reach out and make network connections with professional women’s groups. Find a woman in the industry that is heralded and make contact; she could be an author on the industry or public speaker. Be bold and introduce yourself in whatever format you can and ask for tips”.
“Find a mentor. I can’t stress this enough, but remember mentoring is a two-way street. Reach out to senior people in the profession, most women are supportive of anyone asking for advice, because we do understand going into any profession can be daunting, so women tend to be supportive of anyone reaching out and asking for advice. Make alliances and connections wherever possible. Use LinkedIn to see what’s happening, see who you can speak with and build those connections.”Claudine Brown
Didem’s key advice is “taking courses in information privacy law, learning about the field and the different laws and regulations.” Another valuable point is “keeping up-to-date about decisions, regulations and updates”. She also mentioned that going to conferences and meeting people is “a great way to learn about opportunities and you can deepen your knowledge of the issues as well”.
Tash summed it up, short and sweet, by saying “Just do it. Learn as much as you can about the theory and then throw yourself in”.
What are your top tips for success?
Petruta’s top tips for success:
- Look at your job as your mission and do it with passion and dedication
- Educate yourself, take as many training courses as you can, make use of any tools available out there, stay in touch with other professionals in the field and exchange ideas and information
- Every challenge, or even failure, is just a way to start all over again but from a smarter and wiser perspective.
Sheila’s top tips for success:
- Be passionate. Absolutely be passionate about what you do. So don’t, if you think you want to get into privacy and you get into it, and it’s just a job, you’re not in the right space. You have to actually live and breathe privacy. I am so passionate about privacy. I love speaking about it. I do keynote speeches all over the world. I’ve worked with all different types of clients. I am fully committed to privacy and will do anything in my power to make sure that we as individuals own our personal data and that we understand what organizations are doing. So find your passion and then it won’t be a job or a career it’ll actually be part of your life. And it’s something you love.
- Fully commit. Once you decide if you’re half in and half out, it’s probably not the right place for you. Also look at all aspects of privacy, don’t just focus on technology. Don’t just focus on security, but really focus on that full life cycle of personal data.
- Ask yourself. Start by asking yourself what data am I comfortable with sharing and what would be the impact on me? If someone were to get information about me that I don’t want them to have, so you start to get the wheels turning and then you find out whether or not it’s something you really love.
Tash’s top tips for success
- It’s ok to say “I don’t know” and then go and research it.
- Surround yourself with a network of supportive data protection professionals that you can use as a sounding board
- Be prepared to work long hours if you want to stay up to date with learning everything as it happens
- You have to love what you do. Once you lose that passion, you need to stop.
Linda’s top tips for success:
- Have a genuine interest. We talk about being the “Data privacy nerds”, I think if you have a genuine interest, that’s going to drive you. When you have a keen interest people will actually notice it: you are easily promoted, they trust your advice, you’re more recognized by executive management.
In my team’s case, considering we don’t have a privacy background we come from IT, we have been very successful and it’s because people see that we are genuinely interested, and I’m specifically talking within our group [IF group].
- Keep learning. This is extremely important so that you are constantly growing. This is an area right now where it is easy to progress but you have to stay on top of things. People, especially people from IT, often ask us how we became knowledgeable so quick and it’s because we stayed on top of things and kept learning.
- Networking. This will lead to you becoming more recognized and constantly learning from your peers. In my networking circles other DPOs call me and ask for advice.
Didem’s top tips for success:
- Work hard and improve oneself continuously.
- Follow the Privacy & Legislation developments around the world very closely.
Claudine’s top tips for success:
- Invest in yourself. Investing in yourself I think is probably one of the most important thing you can do. When you think about investing in yourself, it’s not just, “I’ve got to get a degree or any other academic qualification. While that is important, you also need to invest in your physical and mental health. Really investing in every aspect of yourself so that you can perform at your at your best.
- Believe in yourself. So often women doubt themselves time and time again you will come across research articles on how women would read a job description and say, “Oh no, that’s not for me, I’m not qualified to do this”. While men will read a job description and confidently state “I can do this!” So believing in oneself is very important. I usually overlook some things on a job description, for example, it might say you need 10 years’ experience, I will tell myself “I’ve got six, but I can do this!”
- Manage expectations. Under promise and over deliver. Managing expectations is a very, very key part of a successful working life. If you’re under promising and over delivering, for example you say “I’ll get this to you in two days” and you get it to them in a day, they’re going to be happy, right? But if you say “you’ll have it in two days” and you get it to them in three-four days, it’s a different reaction. So managing expectations is really, really important, not only in personal life, but especially in the working environment. Especially in an area such as Privacy where the queries are coming from so many different angles with everybody having an urgent deadline. I have a habit of, where if somebody sends me a request and I’m really busy and there’s no deadline on it, I go back to them and say: “I’ve received your email. What is your deadline?” Ask for a deadline if one’s not given to you, ask for it, because then you can start to prioritize. If they don’t give a deadline, you have to use your good judgment. What can you reasonably do now? And what can you prioritize?
The list can go on and on. But my two musts: are investing in oneself and believing in oneself.