Might be available
(Updated 2024-02-14)GDPR Consultant/ Project Manager
London, UK
Native French, English, Arabic, Spanish, Beginner Italian
- Project Management
- Data Protection/GDPR
- Consultation
Skills (41)
METRICS
HR
Vendor Management
M&A
SAR
Project Management
Legal Support
CONTRACTS
VISIO
MENTORING
BUDGETING
PROJECT LIFECYCLE
COACHING
BEST PRACTICES
VENDOR SELECTION
Risk Management
ROI
PROJECT PLAN
STEERING
BUSINESS REQUIREMENTS
Legal Counsel
LOTUS NOTES
Confluence
Agile
COOKING
BUSINESS CASE
PROJECT PLANS
BUSINESS REQUIREMENTS GATHERING
MICROSOFT OFFICE
ITIL
MS OFFICE
PROJECT PLANNING
LIAISON
Scrum
Jira
IT Infrastructure Library
Marketing
TECHNICAL REQUIREMENTS
PMO
PRINCE2
ABB
Summary
High-impact, versatile and commercially astute, with an impressive record of project & programme delivery success in global finance institutions (insurance, banking sector), B2B, B2C, consulting, technology, real estate, SMEs, and blue-chip corporates.
Accustomed as a global GDPR Consultant/Regulatory Project Manager to leading highly complex strategic initiatives, engages across complex projects with potential to impact thousands of end users. Bridged the gap between business and technology.
A record delivering initiatives spanning data protection (GDPR, PIPA, POPIA, Australian Act 1988/ HIPAA, CCPA/CPRA and US state privacy laws) DORA, IFRS, infrastructure, networks, applications & cost-effectiveness, achieved via meticulous planning & attention to detail. Delivery focused, motivated by challenge, with a "can do" attitude.
Excellent interpersonal skills & customer facing skills, able to communicate and negotiate concisely at up to Board level, translating between technical and non-technical audiences, bringing clarity to secure 'buy-in'.
MSP, ITIL, PRINCE2, Agile, Scrum & Waterfall-experienced, pragmatically able to apply best practice tools.
Engaging & inspiring, experienced in managing multiple teams of geographically dispersed global resources throughout the lifecycle, harmonising teams & enabling people to grow by energising & mentoring talented staff.
Experienced in delivering change initiatives through all end-to-end lifecycle stages, from inception to BAU and benefits realisation, delivering high-quality work within fast-paced and challenging business environments.
Proven capacity to identify, analyse & solve complex problems, by designing IT/HR workable strategies, taking new approaches from concept through to successful completion.
Professional Experience
2021-03 - 2023-01
* Understanding the data Landscape processed: Documented the personal data held (structured and unstructured data), where it came from, who it is share it with and what the Business is doing with it by creating a Record of Processing activity (ROPA) (Article 30). Identified and documented the lawful bases for processing by assessing at the various types of data processing that I Infosys's client carries out. Map data flows which included the identification of data that Infosys's client processes and how it flows into, through and out of the Business as well any risks found.
* Data Privacy Impact Assessment: Completed a DPIA to mitigate data privacy risks before implementing the new Salesforce platforms and followed up on mitigation measures identified as part of Data Protection Impact Assessment. Established a policy which sets out when I Infosys client should conduct a DPIA, who will authorise it and how it will be incorporated into the overall project plan.
* Data retention and deletion: Ensuring the unnecessary data as part of the data retention legal and the organisation retention.
* Data Retention Vendor Management: Tool selection: Managing vendor selection to automate data retention and destruction accordingly.
* M&A: Ensuring M&A understand and operationalise data privacy implications.
* GDPR/Privacy Legal and Data Transfer Implementation: Conducting LIA and TIA and establishing legal basis of each processing activities recorded on the HR IAR. Producing a categorisation of contracts based on the following criteria relating to the sharing of personal data between the EU/UK and US: * Contracts that expressly permit the vendor to rely on Privacy Shield to make data transfers to the USA and other countries * Contracts that expressly incorporate the European Commission's 'standard contractual clauses' for data transfers (sometimes referred to as 'model clauses').
* Contracts that oblige the vendor to put those 'standard contractual clauses' in place for data transfers (as a separate data transfer agreement rather than being incorporated into the supply contract) * Legal support: Supported the Legal Counsel by making sure that Legal GDPR/Privacy Addendum is sent and accepted by the third parties (Cloud providers) and employees * IT Application/ Cyber Security: * Implementing follow up of the GDPR compliance of applications and other international projects including following up on incidents and implementing further mitigation measures based on incident analysis where appropriate. Ensured continuous transparency with end users on data protection measures * Security standards: Ensuring the technical requirements meet the ISO20071, Cyber Essential and Cyber Essential Plus standards.
* Operationalise IT Subject Rights within application * Operationalise consents and cookies.
* DORA: Enhanced the operational resilience of the financial sector by establishing a comprehensive framework for digital operational resilience (ICT Risk Management, incident reporting, digital operation resilience testing and third-party risk).
* Policies and Procedure Implementation: Identifying and drafting all the Infosys's client data protection-related policies (privacy notices, Data retention, SAR, Breach, Marketing, Consent, Cookies and GDPR statement) and work with Directors and local Data Protection Officers and focal points to develop and implement throughout the Infosys client.
* Data Governance Management: Ensured the Data Privacy integration of such measures into the wider data protection framework developed within Infosys client in liaison with the International Data Protection Steering Committee and taskforce. Responsibility for driving data privacy compliance across the business, by setting and driving the data privacy best practices, and ensuring that a "privacy by design" approach is embedded within the organisation.
* Risk & Dependencies Management: Took the lead in identifying and removing potential blockers, as well as managing dependencies across teams and disciplines. E2E programme and project lifecycle management, including planning, scope & risk.
* Communication and Change Management: Liaised with international data protection teams to ensure clear communication and consistency across Infosys client systems. Provided training to local staff and tailored data protection measures to local requirements where needed * Resource Management: Successfully led teams of multi-disciplinary resources and technology resources to implement the Workday project at a global scale, embedding best practices, processes, and technology to support business needs.
* Stakeholder Management: Collaborative engagement with key stakeholders (CISO team, Solution Architect, Salesforce SMEs and other divisions), building, managing, and nurturing internal and external relationships, including Deloitte, EY, and GRCI Law, managing expectations, and facilitating decision making.
* Leadership Management: Leading and motivating of programme resources, mentoring, and coaching talented teams, including working with Business Analysts, PMO, and Solution Architects.
Key contributions and successes: * Ensured all clients is compliant GDPR and other regulation withing the timely delivery of project scope, quality and benefits/outcomes and ensured changes were fully embedded into BAU. Tracked project milestones, adjusting project plans & resourcing to meet requirements.
* Directing project plans, teamwork assignments, and monitoring ongoing work efforts * Utilised Agile, Waterfall best practice in the successful roll-out of GDPR/One Trust/DORA projects.
* Proactively identified changes in work scope & ensured appropriate planning measures were taken * Oversaw GDPR/ IT transition projects, providing reporting metrics to executives on business case ROI * Analysed risk, establishing contingency plans, and identifying trigger events and mitigating actions * Drove organisational change as part of the new data solutions roll-out, communicating project goals * Led people through structural, procedural & cultural change, securing buy-in for new ways of working
2020-06 - 2021-01
* Acted as a 'trusted advisor' on data protection, IFRS and project delivery, engaging with senior-level stakeholders and building-up an accurate understanding for the business requirements for future services.
* Full project lifecycle management and delivery, including project planning, scope, budgeting & resourcing.
Key contributions and successes: * Leveraged Agile, Waterfall best practice, setting clear project delivery governance.
* Successfully implemented a key solution, including Data Protection, and IFRS projects.
2018-05 - 2020-04
* Acted as a 'trusted advisor' on GDPR/ CCPA and project delivery, engaging with senior-level stakeholders and building-up an accurate understanding for the business requirements for future services.
* Full project lifecycle management and delivery, including project planning, scope, budgeting & resourcing.
Key contributions and successes: * Ensured all clients is compliant data protection project, IFRS and other regulation withing the timely delivery of project scope, quality and benefits/outcomes and ensured changes were fully embedded into BAU. Tracked project milestones, adjusting project plans & resourcing to meet requirements.
* Directing project plans, teamwork assignments, and monitoring ongoing work efforts * Utilised Agile, Waterfall best practice in the successful roll-out of data protection project, IFRS projects.
* Proactively identified changes in work scope & ensured appropriate planning measures were taken.
* Oversaw data protection project, IFRS transition projects, providing reporting metrics to executives on business case ROI.
* Analysed risk, establishing contingency plans, and identifying trigger events and mitigating actions.
* Drove organisational change as part of the new data solutions roll-out, communicating project goals.
* Led people through structural, procedural & cultural change, securing buy-in for new ways of working.
Early Career
2016-03 - 2018-04
2015-10 - 2016-02
2015-05 - 2015-09
2014-09 - 2015-05
2014-02 - 2014-09
2013-02 - 2013-02
2012-01 - 2013-01
2010-01 - 2012-01
Academic Background
2024-02 - 2011-01
2024-02 - 2009-01
2024-02 - 2005-01