Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Aprajita Mazumdar

Mumbai

Summary

An experienced privacy professional with expertise in the investigation of privacy breach incidents, Data Loss Prevention monitoring, drafting breach notifications, Privacy Risk Assessment, etc.

I have researched and have practical work experience with various privacy laws, such as DPDPA, GDPR, and CCPA.

Post completion of my LLM, I have been working with ICICI Prudential's Cybersecurity and InfoSec team as a Privacy Consultant, contributing towards streamlining their systems and processes from a privacy perspective.

Overview

4
4
years of professional experience
1
1
Certification

Work History

Sr. Legal Analyst

RPA Infotech Pvt. Ltd
Mumbai
11.2024 - Current
  • Currently, I am working with ICICI Prudential as their Privacy Consultant. I am a part of their Cybersecurity and InfoSec team.
  • Advised management on regulatory requirements relating to business operations from a privacy perspective.
  • Drafted the feedback for the DPDP Rules, 2025, that was submitted to MEITY on behalf of ICICI Prudential.
  • Review the company policies and recommend adequate changes for them to be compliant with the Indian Privacy Laws (DPDPA, 2023).
  • Analyze and make data flow diagrams for various businesses, and provide recommendations to build a more secure system where the least amount of PII is at risk.
  • Review third-party vendor agreements from a privacy perspective, and negotiate changes on the same.
  • Negotiated terms of contracts with vendors and suppliers in accordance with applicable privacy laws.
  • Understand the working of any new tool or process, and ensure that they are complying with all the DPDPA requirements while being adopted by the organization.
  • Analyze potential privacy risks associated with proposed business deals or investments.

Legal Analyst

Ameriprise Financial
New Delhi
05.2021 - 09.2023
  • Conducted Data Protection Impact Assessments (DPIAs) for various business processes and vendors that were being used in the organization globally. This includes interacting with different business units to understand their processes, reviewing them while considering the concept of privacy by design, and providing them with the requirements that they need to follow.
  • Conducted a Privacy Risk Assessment (PIA) for all business units in the organization annually. This included the identification of the level at which PII is managed, and the extent of the business’s privacy risks while collecting, maintaining, and circulating personal information. Additionally, I also conducted Fraud Risk Assessments (FRAs).
  • Reviewed Privacy Notices, wherein we created or modified notices annually, and sent the same to all our clients, indicating the information that we have about them and how we use it.
  • Investigated privacy breach incidents (U.S., India, and EMEA). This included carrying out a thorough investigation of the incident, contacting all the concerned parties, and, if needed, drafting a notification letter according to the state privacy laws, and sending it to clients.
  • Reviewed Data Loss Prevention (DLP) tool alerts for any potential incidents, and further investigate the same.
  • Ad-hoc projects included drafting white papers on the Digital Personal Data Protection Act, 2023 (DPDPA), General Data Protection Rules (GDPR), California Consumer Privacy Act (CCPA), privacy laws prevailing in the Indian and international health sector, Short Selling Regulation (UK), and the Takeover Code (UK).
  • Additional responsibilities included my active involvement in the Diversity, Equity, and Inclusion (DEI), and Environmental Social Governance (ESG) sector of the organization.
  • Significant Achievements: Shared innovative ideas related to DPIAs that led to making the process smoother.

Education

Master of Laws - Data Protection And Intellectual Property

University of Law
London, United Kingdom -
11-2024

BA.LLB (Hons.) -

Alliance University
Bengaluru, India -
07-2021

High School -

Tagore International School
New Delhi, India -
03-2016

Skills

  • Privacy compliance
  • Data protection
  • Contract negotiation
  • Risk assessment
  • Regulatory analysis
  • Policy writing
  • Effective communication
  • Legal research expertise
  • Legal writing proficiency
  • Data privacy regulations
  • Legal risk assessment
  • Data privacy
  • Due diligence

Certification

  • Corporate & Commercial Law I: Contracts & Employment Law (University of Illinois and Coursera) – April’2020 – May’2020
  • Corporate & Commercial Law II: Business Forms, Financing & Governmental Regulation (University of Illinois and Coursera) – April’2020 – May’2020
  • Contract drafting and Legal writing program (Enhelion Knowledge Ventures Pvt. Ltd.) – April 2017 – October 2017
  • Introduction to Environmental Law and Policy (University of North Carolina) – August’2020
  • Gender and Sexuality: Diversity and Inclusion in the Workplace (University of Pittsburgh) – August’2020

Timeline

Sr. Legal Analyst

RPA Infotech Pvt. Ltd
11.2024 - Current

Legal Analyst

Ameriprise Financial
05.2021 - 09.2023

Master of Laws - Data Protection And Intellectual Property

University of Law

BA.LLB (Hons.) -

Alliance University

High School -

Tagore International School
Aprajita Mazumdar