Description

Strategic privacy consultant delivering governance frameworks across 55+ jurisdictions. Currently in process of qualifying as a solicitor in England and Wales. I specialise in modular compliance assets—structured for audit-grade defensibility and scalable deployment across a range of environments.

My work spans privacy remediation, cross-border risk logic, and regulatory overlays involving AI, ethics, and profiling safeguards. Clients engage me to translate complex obligations into operational clarity—supporting legal defensibility, stakeholder alignment, and programme maturity uplift.

Industry field of expertise

Languages

English
Native or bilingual

Workplace preferences

Remote only

Primarily works remotely

BBC
Privacy Consultant (Contractor)
PRESS AND MEDIA
November 2024 - Today (1 year and 7 months)
London, United Kingdom
Delivered global privacy controls and embedded scalable governance across editorial, HR, and supplier workflows.
- Solely delivered architect-grade data mapping across 55+ jurisdictions, including multiple EU countries, US states, Brazil, China, India and Japan—structured for modular deployment and audit-grade defensibility
- Led global data mapping strategy: designed and deployed enterprise-grade frameworks for cross-border compliance
- Delivered RoPA entries across GDPR, APPI, PIPL, DPDP, and U.S. state laws, aligned to operational workflows
- Conducted DPIAs on AI-driven tools, flagging algorithmic bias, profiling risks, and sensitive data triggers across multiple legal regimes
- Built ethics overlays for data across APAC, MENA, EU, and Africa, incorporating cultural and geopolitical nuance
- Delivered jurisdiction-specific governance assets tailored to GDPR, CCPA, APPI, PDPA, DPDP, and PIPL
- Enabled cross-functional teams to adopt privacy controls through structured workflows and practical guidance, reducing bottlenecks and increasing operational clarity
DPIA artificial intelligence Cross-border data transfers Privacy Programme Management GDPR remediation
Vanguard
Senior Data Protection Specialist (Contractor)
BANKING AND INSURANCE
February 2023 - May 2024 (1 year and 3 months)
London, UK
Led multi-jurisdictional privacy remediation and delivered strategic risk reduction across UK, EU, and US operations.
- Delivered DPIAs and TIAs across UK, EU, and US data flows—supporting lawful basis selection, transfer risk mitigation, and regulatory defensibility under GDPR, CCPA, and other frameworks
- Scoped and maintained RoPAs across European entities, embedding scalable governance and improving audit readiness
- Led key workstreams in Vanguard’s global privacy remediation programme—achieving all deliverables and shifting programme maturity from high-risk to low-risk
- Operationalized OneTrust to streamline assessments, automate workflows, and enable cross-functional teams to self-serve with confidence
- Advised senior stakeholders and committees on privacy risks, programme status, and jurisdictional developments—anchoring strategic decisions in regulatory clarity

GDPR Privacy programme management Onetrust DPIA
Motor Insurers' Bureau
Privacy Specialist
BANKING AND INSURANCE
January 2022 - December 2022 (11 months)
Milton Keynes, United Kingdom
Led UK privacy notice and client remediation workstreams; served as primary contract strategist within the data protection function.
- Delivered the UK-wide privacy notice remediation programme—aligning content with GDPR transparency standards and insurance-sector expectations
- Led client-facing remediation workstreams—recalibrating consent architecture and lawful basis logic across digital and operational channels
- Acted as primary contract lead—reviewing controller–processor relationships, refining clauses, and reducing regulatory exposure
- Scoped and mitigated privacy risks across claims data, telematics, and third-party engagements within the UK insurance sector
- Supported procurement and legal teams on contract negotiation and vendor governance
- Embedded scalable privacy controls through modular guidance and cross-functional enablement
Privacy Notices Contract negotiation Article 28 GDPR