Managed end-to-end enterprise privacy operations, executing 250+ contract reviews, RFP/RFI assessments, and 40+ Privacy Risk Assessments (PRAs) for product releases and AI integrations, ensuring 100% SLA adherence and zero regulatory escalations

Architected and launched a centralised Internal Privacy Portal, creating a self-service compliance ecosystem that reduced ad-hoc operational dependency by 40% and accelerated organisation-wide compliance maturity.

Transformed privacy operations by designing a standardised Vendor & AI Intake Framework and a KPI-driven metrics model, enabling data-driven decision-making across all business units.

Led AI Privacy Readiness: Initiating  Privacy Risk Assessments (PRAs) specifically for GenAI integrations (ChatGPT, Gemini), ensuring "Privacy by Design" was embedded before product release.

Designed AI Governance Frameworks: Improved internal policies for the secure use of LLMs (Claude, Perplexity), mitigating risks related to data leakage and model training.

Directed incident response and forensic investigations for high-impact privacy incidents (10,000+ records affected), implementing containment and remediation strategies that resulted in zero regulatory escalations.

Spearheaded ISO 27701 (PIMS) readiness and enhanced AI-specific privacy governance frameworks, aligning organisational practices with evolving global regulations and responsible AI principles.

Acted as strategic privacy advisor and cross-functional leader, collaborating with HCLTech and internal stakeholders to embed Privacy by Design and promote a privacy-first culture via executive communications and newsletters.

Built and scaled a privacy programme from zero, partnering with the DPO to establish governance structures, processes, and a team of 12 privacy analysts delivering full operational readiness within 6 months.

Led training and awareness initiatives for 150+ stakeholders across GDPR/CCPA regulations, internal SOPs, and privacy processes, achieving measurable uplift in organisation-wide compliance culture.

Oversaw PIA/DPIA/ROPA and Data Mapping assessments for 200+ third-party processes and in-built technologies, maintaining live risk reports and driving risk mitigation across all critical workflows.

Negotiated and drafted 50+ Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs), ensuring global data transfer compliance and reducing legal exposure.

Evaluated and deployed Securiti AI, OneTrust, and Process Unity, directly influencing the development of a customised internal privacy tool that optimised workflows and reduced manual effort by ~30%.

Designed and developed a proprietary data model tool to extract and analyse key Terms of Service and Privacy Policy clauses, improving GDPR/CCPA compliance review efficiency for international clients.

Developed a centralised Contract Database for international clients, ensuring ongoing compliance of privacy notices with GDPR/CCPA obligations and governing law requirements, giving 80% accuracy.