DIVYA

• Assisting global DPO in ensuring compliance with global data protection laws including PDPL, GDPR, DPDP etc
• Conducted comprehensive DPIAs for various products and services to identify potential privacy risks and develop strategies for mitigation
• Drafted, updated, and interpreted privacy policies, consent mechanisms, and data retention policies to align with regulatory requirements
• Managed data principal requests, including the right to deletion and grievance redressal
• Developed detailed data flow diagrams to facilitate the data mapping and tracking of sensitive information
• Creating and maintaining records of processing activities (ROPA) for different products and services
• Reviewed and negotiated data processing agreements with clients and vendors to ensure compliance with privacy regulations and organizational standards
• Assisted the information security and compliance teams in conducting and managing internal audits focused on privacy, security, and compliance
• Mitigated risks by integrating privacy by design principles into product development processes
• Monitored and logged data privacy incidents, assisting in investigations and providing resolutions to minimize impact
• Collaborated across cross-functional teams including Tech, Architecture, HR, Legal, product and compliance to develop and implement comprehensive data governance strategies
• Assisted the information security team in conducting vendor risk assessments to evaluate privacy compliance
• Working with architecture team collaboratively in developing consent mechanisms
• Created a JIRA dashboard and SharePoint site to enhance ticket tracking, reporting, and collaboration across teams
• Designed and delivered comprehensive training programs and awareness newsletters on data privacy

• Assisting DPO in conducting privacy impact assessments
• Driving One trust implementation and automation for NatWest Group
• Liaising with project manager, privacy manager and auditors to integrate data gathering automations within the process while analyzing the sensitivity of data
• Working with DPO and privacy manager to report data breaches while performing RCA (root cause analysis)
• Supported Privacy compliance requirements including breach reporting, data subject rights and ROPA
• Worked as point of contact and provided support for GDPR towards third party vendors, stakeholders, and Legal teams
• Conducted in depth data privacy gap assessments to identify areas of improvement under DSAR process
• Developed and imparted privacy training program for both internal and external clients
• Managed privacy incidents and data breach response plan
• Created One trust dashboard used for fetching daily MI report for Subject access requests and monthly breach reports
• Maintaining Records of processing activities
• Quality checking the sensitive data to avoid data breaches

Sr Analyst

• Processing subject access requests of different brands of NatWest under GDPR regulations and investigation the requirement
• Cleansing the data under GDPR regulations using different exemptions under GDPR
• Processing data of different brands associated with NatWest like Royal Bank of Scotland, Coutts, Ulster bank etc
• Responsible for processing investment-related information
• Involved in training third parties like PWC & Pinsent's solicitors for Data cleansing
• Involved in quality checking process to maintain quality of the DSARs request and maintain records of processing activities
• Certified in VBA codes and created an auto capture tool in MS access

• Demonstrated in-depth knowledge of global data protection laws (e.g., GDPR) ensuring organizational compliance through policy development and implementation
• Designed and delivered comprehensive training programs on data privacy and enhancing organizational awareness and compliance
• Responsible for implementing the privacy notice of the platform and following the recruitment process as per GDPR
• Liaised with the legal team for processing subject access request under article 15 and exercising right to erasure as per customer's request
• Liaising with the legal team in drafting privacy statements for their website
• Conducting monthly audit to avoid breaches and conducting training
• Ensuring privacy of the client's database as per GDPR

• Responsible for Training and guiding candidates in new divisions (UK, Europe, and US)
• Plan and implement an effective training curriculum related to GDPR, UK visa, HIPAA, US visa
• Maintaining database as per the GDPR policy
• Creating training material based on UK GDPR policy, Brexit, and different visa types

• Gathering and analyzing data to identify trends, patterns, and areas for improvement in operational processes
• Preparing reports and monitoring the effectiveness of implemented solutions to ensure ongoing operational excellence