Jun 21 / Punit Bhatia and Gokhan Polat

AI & Privacy in Crypto World

Drag to resize

In the ever-evolving intersection of technology and privacy, few areas captivate the imagination quite like the crypto world. As cryptocurrencies surge and blockchain technology reshapes industries, the role of artificial intelligence (AI) becomes increasingly pivotal. These innovations not only promise unprecedented efficiency but also bring forth new challenges in safeguarding personal data and ensuring regulatory compliance. The world of finance is being revolutionized by two powerful forces: cryptocurrency and artificial intelligence. While both hold immense potential, their intersection raises intriguing questions. Can AI be the key to unlocking the full potential of crypto, or will it introduce a whole new set of challenges? 

Transcript of the Conversation

Punit  00:00
Crypto is a word of its own. And I'm talking about cryptocurrencies and crypto in general cryptography. It's a world of its own. And it does create privacy challenges. And also AI can be used. So how about talking about AI and privacy in the crypto world with a person who has been in the army? Who has been in the risk assessments? Who has been in the data protection, and who is also in the crypto and business development and so on. Rather, I would let him explain what does he do and introduce himself and I'm talking about none other than Gokhan Polat whom I met at ISACA Dublin event, and we became good friends, and he's here to share his knowledge and wisdom.  

FIT4Privacy  01:00
Hello, and welcome to the Fit4Privacy podcast with Punit Bhatia. This is the podcast for those who care about their privacy. Here, your host Punit Bhatia has conversations with industry leaders about their perspectives, ideas and opinions relating to privacy, data protection and related matters. Be aware that the views and opinions expressed in this podcast are not legal advice. Let us get started.  

Punit  01:28
So here we are with Gokhan. Gokhan, welcome to the Fit4Privacy podcast.  

Gokhan  01:34
Thank you, Punit. It is very nice to see again.

Punit  01:36
Absolutely. It's always a pleasure to see you. And as you're an expert in many fields, let me ask you a question in the crypto world. What is happening in this crypto world because I see AI is happening robotics is happening. Privacy is happening digital disruption is happening. But also the crypto world is a lot happening, what's happening in this crypto world.  

Gokhan  01:58
Crypto world is interesting area because I find myself not a crypto expert or blockchain expert because it is a totally different area. But I defined myself to take risks experts, so for technologists, experts, we cannot stop learning. And like I read a survey about for example, health workers for doctors, for example, it says for a doctor, he can go on to earn money make money with without improving his skills for three years. But for the tech experts, it's just for four to eight days, maybe these numbers is decreasing, because we see every day different kinds of technology, technological improvement, and yes, we are affected business life is affected by technology very dramatically. And AI blockchain IoT different kinds of zero trust different kinds of approaches different kinds of methodologies are again, again reinvented and yes, in crypto sector, we see dramatical changes because now, the government and institutions pay too much attention about this topic, and they try to make legitimize it, they see there is a huge money going somewhere coming somewhere and some organization also using this transaction to save items to save themselves from restrictions of international community, like a organization terrorists, organized organizations or bands. But these organizations go on to earn money, make money or on sanctions month transactions using this kind of technology. So nowadays, we see a government and institutions pay too much attention about this topic. USA for example, every day we hear about new legislation last year in 2023 for example, European Union, a new legislation mica they aim to control crypto sector blockchain sector because now that the clients there are yes this sector this blockchain this technology has huge potential but some scam guys some issues, mind that person also used to manipulate innocent people's you know, assets so, or they can use this technology to manipulate other kinds of actions. So, this is very important. And again, AI is become very strongly and we see European Union immediately increasing its efforts to legitimize this AI area because now we see AI affects everybody. Let me give you an example. I like to write about nip things, and I use writing for learning a new area gaining new skills. I do not write just about the things I know well, I sometimes also prefer to write or prepare an article blog about the things I do not know. And in this process, I learned a lot. But nowadays, I become very lazy because right now I have Copilots. I have Google Bard, ChatGPT or other kinds of AI applications and its effects my creativeness. It is also has affected in other technologies like blockchain technology, AI, effects, blockchain technology, Blockchain effects, AI technology, or they totally affect communities behaviors. Now business processes changing, and business people try to understand what's going on because it is very fast, very fast. I tried to be very close to, for example, Blockchain community in Istanbul and see a lot of new faces I haven't known before and they are very smart. They know very deeply about these topics. I cannot imagine. At some point I ask, How long have you been in this sector, they say young people say, eight years. It's is very interesting, this people born in technology world, and they are very easy to get used to this stuff. But the guys like me, should sit one extra time. And it is a again, true for our classical business understanding, because maybe business world cannot follow this technology or legislation. Legislative organization cannot follow this technology properly. And discard this may cause some costs and governmental organization again, see this problem I'll try to stop or a little bit how can I explain slowdown, but it is very hard. It's very hard, because there is a community who needs and they are very eager to increase the capacity of these technologies. They use AI to increase blockchain technology effectiveness, or they create new kinds of tokenization. Now we see some agriculture, I didn't become a tokenized. Now villagers who has no understanding about maybe accounting may be a techie. Now, their items they think they produce become tokenization become the topic of blockchain technology. It's very interesting.  

Punit  07:53
So let me slice it into multiple parts what you said. One, you're saying that technology is changing very, very, very fast. Second years, a lot of legislation is coming. Third, you're saying that the young people are adopting it much faster and much quicker?  

Gokhan  08:09
Much. They expect that they have expectation? I mean, the legislation, government organization companies, they should support these new ideas.  

Punit  08:19
Yes, yeah. And the forth, you're saying that a lot of use cases of it. But while you say the young people are picking it up fast, I think you and me are also very young. And I'm very curious to ask you, how did you end up in this I mean, what has been your journey, your story that you have acquired, so much of knowledge and so many varying topics?  

Gokhan  08:42
As I mentioned in the beginning, I am myself as a technology expert, but for example, now I work for Averest, a company which is providing technology, consultants and training in especially in emerging technology and I started a position here as a strategy and business development needs. You know, it's very interesting, because I generally worked as for example, Enterprise Risk Management directors, cyber security consultant, Risk Services senior manager, I generally to have this kind of positions, but in this company, I started with this strategy and business development and this company, my first thing is guiding my company in emerging technology area because of my understanding, with attending this kind of community, technology, communities events, there is a big change that we will see we are seeing, but we will see very dramatic change in business life. So by myself, I try to first understand the technology from risk mindset because I'm an expert, and risk doesn't mean that it is just about the treads, it has also have can explain opportunities. And I see some opportunities to catch this opportunity, I should first understand how I can create new business cases from this area. So nowadays, I am dealing with creating new training sessions with experts, data analytics, data science experts, AI experts, data protection experts, and blockchain experts. I go attend a meeting, I meet with someone, I might to my office, we make talk with them understand their vision, and I try to figure out how can I put this vision in my you know, target objectives or vision. So, I am creating a community of technology experts all over the world. For example, as you remember, I also asked you about data presentation because we are at my company, also part of ISACA training partner of option training partner, ISACA people CERT is secured, we are on the way of Cloud Security Alliance and I guess, IPP. So, these organizations have very strong products, but to provide to meet with these products with the client who needs them is not easy, because sometimes clients cannot find the right address, right Punit? because there are lots of companies they are doing good marketing stuff, but they do not provide what clients this my now aim is to understand this technology transformation change and how it affects our understanding, then try to understand my clients expectation in different markets because we are operating in London, in Amsterdam, in Istanbul, Turkey, a Neve office in the whole Riyadh Barcelona, every each place has common problems concern pain points, but there are other kinds of pain points too, because demographic effects, economic effects, political effects, not just technology. So I am trying to increase by the way my touch points like now I am speaking with you with Punit. Who's Who is data protection experts who interest with emerging technologies, who is leadership in the ISACA, Brussels. And who's attending some organizations. So, connection with Punit. And the people like Punit also increased my understanding it is understanding I am creating my own contents. This is nowadays my first and challenging topic.  

Punit  13:01
Know that that's very true. It is other people's knowledge which allows us to acquire more knowledge and also bringing knowledge to other people sometimes teaching guiding coaching consulting, that allows us to solidify our own knowledge. And before we get to philosophy GL about how do we acquire knowledge? Let's go back to the main topic. We were talking about crypto, and we were saying it's emerging technology but the other emerging technologies AI, does crypto use AI in any way.  

Gokhan  13:36
Yes. Okay. Let me explain, widely using my choosing, okay. Vance, I have an experience as Enterprise Risk Management Director at a crypto exchange company, a well known company in Turkey. And this company I haven't experienced because I stayed for a while. And I was so built about, you know, cyber governance, internal audit, risk management, internal control, and fraud prevention, and KYC AML Compliance. All these functions are under my control. So from my side, I can explain. Crypto sector is very fast. They earn, they make money, the fast but they should be trustable. If client doesn't believe in you, your processes, your approaches, then it changes the vendor or crypto exchange very fast because it is just an application not downloading and you create your profile. You swipe you, you carry your assets very fast very quickly. And you go on and it is a problem because this community is client communities have strong communications through Telegram, Discord, Twitter, if you had a problem about trust it, it is easy to disseminate all over to you know, your community. So, we also use AI in our processes it I am sure all crypto exchanges use AI very efficiently because for KYC AML process for example, I need to onboard new clients to increase my profits, but I cannot onboard every client because legislation organization enforcement to first check if the guy is true guy, if this guy has any malicious activities in his in his history. So, first in generally conversation intervene on site understand if this guy's this guy, but this has some problems, because it takes too much time, I should train my colleague my personal in this process, I should trust him, because it is sometimes can create new kinds of problems, personal problems, and they should also record all personal data of that new client. So, nowadays KYC AML use efficient AI technologies. Now, we are minimizing human touch in this process AI first see the client check the evidences he or she provided match them if AI believes that this guy is true guy, then we can onboard him and it never stops, then then we also check transactions, there are millions of transactions happening all day. So, many of you cannot follow them and you cannot understand which transaction is true, which transaction is created by true and honest people and this time ml tools also using AI checks this transaction and if they see a productive activity, it provides alerts and be directly informed governmental organization otherwise governmental organizations or this kind of problem if I if I cannot inform government or organization in time, it may cause problems and others I collect last as you see I am collecting lots of private sort of personal data in this process KYC AML process and discuss another problem, this cost data minimization problem cause I should I should collect loss to personal data. So how I can categorize them, how can I record them? How can I sometimes choke maybe sustain its integrity and again, I cannot do it by mice human probabilities. Now again, we are using AI technology in this data retention data coding Rita juice, which processes and began use it use AI in for example, data analytics, because I collect a cluster of data about data protection problems, but I also another problem, because my computer's going past short. So I should catch them how I am calling I have lost a client data. If I use data analytic tools, which is supported by AI, I can see easily the changing trends expectations on my clients. If my client is happy with my products services, I can see only with using AI tools, but I can do else I also help to do about cybersecurity. There are tools about threat intelligence. If cyber attackers aim to a my company or not. These AI technologies algorithms check dark bet and see if there is attack coming or not. What else I can it helps me to predict about crypto changing crypto, crypto portfolio which coin which cryptocurrency will increase in some determined time periods. It also can help us to guess about it with the help of AI technologies. And it is in the use cases of AI and blockchain technology increasing  

Punit  20:00
But what you're saying will also lead to privacy challenges? Because you're saying use this crypto with AI on KYC then you analyze what data has been provided artifacts are provided ID card is provided an information is matched, now, does it not raise some privacy concerns? And how are those concerns being managed because it's getting a little bit tricky, if you really look at it from a privacy lens perspective  

Gokhan  20:31
Privacy, yes, you are very true. This is a challenging because for Kim KYC and AML AML we should collect last top personal data we should make in target with a client we should ask for their evidences, we record these evidences sometimes, we also should use third parties to make phone calls and phone calls are recorded, imagine you have a client a third party is making a phone call with this client, they ask some personal information and this they record this information. So, they give a this kind of data should be analyzed in in a periodically and should be put in retention period. So you will not able to make it manually. This is another case for AI side yes AI also if you do not for example, the rules algorithms of ai ai also can also cause some discrimination problems. In Turkey for example, we have lots of people coming out of Turkey, their names are different, their ethnic or religious traits are different, if we cannot for example, create strong rules for KYC AI supported KYC tools, then maybe this KYC will reject our proper client because of him will not understand about a ethnicity to naming you know, that maybe they have different kinds of names different kinds of facial site. So, this may also cause another data protection problem, what else okay, I am collecting lots of data as I also find a data classification, I also is you know, some application use data with a some technology use data and sometimes business owners do not understand how this technology collects and record this data. So, without AI again, again, we will not able to find where is my data and solve this kind of problems. First, we should understand what kind of use cases we are in there are lots of different solutions. So, people are business owners first a create a strong business case, what is their problem, what can they use, what kind of technology, they should use in my inner again, previous previous experiences, before I buy or implement a technology, I made two assessment first, first is about business case, which kind of business problem I have, and is to satisfy this expectations, my business will and if this tool pass this than second test is coming. It's about totally technological and data protection area. How this technology collects the data, where it's a keeps the data, if it will cause a problem with my other technologies, our technology experts also analyze it. So for this kind to solve this kind of problems, I guess people should know the reality of their problems and the reality of the technology they plan to implement. And second, they should also have a strong audit functions. Because after a time, the usage of technology is maybe change, too. positions may change. And they should be certain if they use this technology in a proper way, in compliance with the it illegal legislation, Oregon, in compliance with their, like risk management cybersecurity policy. Because it because business needs sometimes we do not pay attention about data protection stuff or people become forget. So audit can remind us the importance of this.  

Punit  25:23
Yeah, I think apart from audit, maybe it will also be interesting to contact the Privacy Officer or DPO. And they can help with the legitimate basis for such processing because you need to be knowing why you're processing this data. And what's the reason legitimate reason, legal reason for processing. But before we get into the DPO role, I think last time when we met you were also talking about the CSA, CSA framework, in CSA framework. And I think that can also assist in protecting privacy. Do you want to touch upon that because you've been part of that? And it'll be very interesting for people. What is this CSA blockchain? And how does it allow privacy as as a framework?  

Gokhan  26:08  
You never forget anything? I like your this trinity, which is great. Yes, classic utilize SFC in the name, cloud, it is related about cloud Cloud Security Alliance aims to increase awareness of how can explain awareness of us which include in IT security. So it's creating lust of services, certification standards. And lastly, classic utilize also see other kinds of technologies affect us the job tech clutch, and it declares it declared AI cloud Bill blockchain and other technology quantum quantum computing is our AR in our target. So it creates it started to create with groups working groups, it start to make analysis of this technologists and created some documentation upon its followers, for participants or for the public. And I also attended the working group of blockchain governance, almost one year before and in this group. When I attended they were created last have documentation about blockchain like blockchain top 10, risk, Blockchain common cybersecurity problems and how you can solve it this kind of temptations and when I first attended them, they were on they were creating two new documentation. One of them is DLT and blockchain technology privacy framework, and other one is cybersecurity framework with these frameworks, it is in the back beta test period. Now, I guess, later, we will be able to see these products with these products, we are aiming to help organization who wants to use blockchain technology and have some doubts about security and privacy. What should they do what what kind of audit checks controls, they should apply, they will able to see a generic documentation to analyze the blockchain technology usage from the governance side to take all the architectural side. And for example, nowadays, I am dealing with a increasing the controls what kind of controls we should apply and for specific risk blockchain risk, or I am checking dimension to control section of this documentation.  

Punit  29:03
No problem. So, essentially, it's kind of a control framework, which gives you controls for privacy, cybersecurity, risk  

Gokhan  29:10
Risk assessment and Control.  

Punit  29:12
Yes. Okay, that's interesting. I think we will aim to put the link or more details in the show notes. Now, in this world, which on one hand is scary if you extrapolate what quantum AI can do, and blockchain will do, but on the other hand, it's also a lot of opportunities for business to leverage these technologies and maybe be more competitive. What do you see happening in the future of next say, three to five years?  

Gokhan  29:44

I guess put it if I tell you something about three or five years, it will be that. How can I explain? Logical because  

Punit  29:54
How many years you want to tell?  

Gokhan  29:56
I don't know values. Maybe value because Yeah, I mean, I guess  

Punit  30:01  
2025 Let's say  

Gokhan  30:03
Yes 2025. For example, people see, I guess, different kinds of generic. We are now in degenerative AI period. And we can create lots of, for example, text. And it also created some images. Maybe we will see fake images, fake videos, more often only for the AI side. And for blockchain side, this also be you can be used for example, we talk about KYC AML onboarding. Now, also the malicious people maybe will activate this skills for to make malicious activities, and we will see this kind of problems. Second for the metaverse sites. Again, I'm not an expert of Metaverse of blockchain, because it is a another topic and I guess, this vision, this alternative way of life will be more white separate. I mean, because of the technology because of the AI, we cannot create last of digital twins with the help very easily without paying too much effort in blockchain site. I guess in crypto site, we will see the increase in energy station it is very obvious. In Turkey for example, we are waiting for a new legislation. And it will declared because the crypto sector is very popular in Turkey and the government want to control it. And second, we will see AI usage in crypto area independent by like Metaverse the like because thanks to AI technology we can create a digital twins without small efforts can be compared in previous times. And we will saw we will see also different kinds of cyber attacks, malicious activities just in general be solves almost I guess 17 successful cyber attacks to crypto ecosystem. And these were not brute force attacks. These were smart, you know, phishing attacks, they use telegram they use twitter and they use fake profiles created by maybe this kind of technologists and maybe we will be able to we will go on to see new creative attack types. And, again, why now we are seeing big financial institutions are stepping into crypto sector very strongly. It's not just my understanding, I guess the usage of crypto will be wide separate and will be increased and people see different kinds of usage in a blockchain in crypto sector.  

Punit  33:30
Okay, so essentially what we are going to see is more and more usage of AI crypto world. And both on the positive side, a lot of use cases and also by the negative side of things, but that's always the case. So with that, I would say if someone really wants to talk to you and want to contact you based on this conversation, what would be the best way for them to talk to you?  

Gokhan  33:59
It is easy to they can connect with me in LinkedIn because I am using LinkedIn very often I get very effective. And I have also email, I can share it. I can share my email now or when whenever they want whenever you want. They can write me and maybe I will come to Brussels and visit you and we can meet over there too. But LinkedIn is a very popular and very effective way of communication nowadays.  

Punit  34:33

Gokhan  34:33
They can write that  

Punit  34:34
Preferred option. And with that, I have to say in a sense of time, thank you so much. It was wonderful to have you and have a wonderful day.  

Gokhan  34:44
Thank you Punit. It is very important for me to attend these kind of initiatives. And a kind of today's show because increasing awareness in data protection, especially in the emerging technology is very crucial. Thank you Punit.

Punit  34:59
Thank you so much.  

FIT4Privacy  35:02
Thanks for listening. If you liked the show, feel free to share it with a friend and write a review. If you have already done so, thank you so much. And if you did not like the show, don't bother and forget about it. Take care and stay safe. Fit for privacy helps you to create a culture of privacy and manage risks by creating, defining and implementing a privacy strategy that includes delivering scenario based training for your staff. We also help those who are looking to get certified in CIPPE CIPM, and CIPT through on demand courses that help you prepare and practice for certification exam. Want to know more? Visit www.fit4privacy.com. That's www.fit4privacy.com. If you have questions or suggestions, drop an email at hello(at)fit4privacy.com.


As we move forward into a future shaped by rapid technological advancements, understanding the nuances of AI-driven innovations in the crypto world is crucial. Gokhan Polat's perspective reminds us of the dual nature of these developments—offering tremendous opportunities while demanding vigilant attention to privacy concerns. Whether you're an enthusiast, a business leader, or a privacy advocate, staying informed about these evolving dynamics will undoubtedly shape how we navigate the exciting yet challenging terrain ahead.


Gokhan Polat, a visionary leader on a mission to transform challenges into opportunities and foster growth in every endeavor. With a rich background in strategic growth, risk management, and community building, Gokhan has honed his skills in the dynamic realm of crypto asset services. As a seasoned leader, he navigated the intricacies of enterprise risk management, mastering the art of problem-solving in high-stakes environments.

Driven by a profound desire to empower others, Gokhan co-founded the Databulls community, cultivating a vibrant space for learning and collaboration in the tech and business spheres. This experience reinforced his belief in the transformative power of collaboration and shared knowledge. Gokhan leads strategy and business development at his company, where he thrives on crafting and executing ambitious plans that fuel sustainable growth. His strategic acumen and collaborative approach empower teams to surpass expectations and achieve remarkable results.

Gokhan's leadership style is characterized by a human touch, fostering strong, motivated teams through open communication, trust, and a focus on personal development. With strategic foresight, he translates vision into actionable plans, driving growth and maximizing team potential. His deep industry knowledge, spanning both crypto and professional services, equips him with invaluable insights into diverse domains. Gokhan is a champion of community, believing in the transformative power of collaboration and meaningful connections. With a passion for building something great together, Gokhan is poised to inspire, innovate, and lead in the ever-evolving landscape of business and technology. 

Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high AI & privacy awareness and compliance as a business priority by creating and implementing a AI & privacy strategy and policy.

Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 50 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.

As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.

For more information, please click here.


Listen to the top ranked EU GDPR based privacy podcast...

Stay connected with the views of leading data privacy professionals and business leaders in today's world on a broad range of topics like setting global privacy programs for private sector companies, role of Data Protection Officer (DPO), EU Representative role, Data Protection Impact Assessments (DPIA), Records of Processing Activity (ROPA), security of personal information, data security, personal security, privacy and security overlaps, prevention of personal data breaches, reporting a data breach, securing data transfers, privacy shield invalidation, new Standard Contractual Clauses (SCCs), guidelines from European Commission and other bodies like European Data Protection Board (EDPB), implementing regulations and laws (like EU General Data Protection Regulation or GDPR, California's Consumer Privacy Act or CCPA, Canada's Personal Information Protection and Electronic Documents Act or PIPEDA, China's Personal Information Protection Law or PIPL, India's Personal Data Protection Bill or PDPB), different types of solutions, even new laws and legal framework(s) to comply with a privacy law and much more.
Created with