Mahi Gupta
Privacy Expert
Delhi, Hyderabad
Summary
Results-oriented legal professional and proactive manager, offering a track record of leadership, strategic planning, and effective problem-solving. Known for methodical organization and optimization to meet client demands. Demonstrates independent decision-making skills and sound judgment to positively impact company success. Specialized expertise in GDPR compliance, Data Privacy Assessment, CSA, DPIA, and DPRIA (Data privacy risk impact assessments), along with proficiency in data flow mapping and PII inventory development. A certified CIPP Europe (CIPP/e) professional from IAPP, I bring a passion for data privacy law and a comprehensive understanding of data protection regulations. Dedicated to assisting in assessments and risk analysis related to data privacy, I possess knowledge and experience in privacy and data protection laws beyond GDPR, including PDPL, CCPA, and the Data Protection Bill (India). My focus is on championing data protection and privacy initiatives, ensuring organizational compliance and adherence to best practices. As a dedicated service professional, I have consistently met company goals through organized practices. Skilled in working under pressure and adapting to new situations and challenges, I am poised to contribute to the success of the next environment I join. With a hardworking attitude and a commitment to providing quality support, I am eager to bring my expertise to new heights.
Overview
4
4
years of professional experience
4
4
years of post-secondary education
5
5
Certifications
Work History
Assistant Manager
Deloitte
Hyderabad
05.2023 - Current
- Client-Facing Strategic Consultant (Middle East Region): Conducted comprehensive initial state assessments for clients based in the Middle East Region, specializing in gap analysis for data privacy compliance. Formulated Implementation Strategies, Road maps, and Target Operating Models tailored to organizational requirements, with a keen focus on adhering to PDPL and GDPR standards.
- Legal and Regulatory Expertise: Developed and maintained a profound understanding of the legal and regulatory landscape for data privacy, incorporating updates to PDPL and GDPR.
- Cross-Functional Risk Management: Collaborated closely with cross-functional teams to identify risk areas and provided strategic recommendations for effective remediation strategies.
- Compliance Facilitation Specialist: Guided organizations in conducting RoPa’s, PIA’s, and DPIA’s for both current business activities and upcoming technologies, ensuring alignment with organizational objectives and regulatory requirements.
- Privacy by Design Integration: Embedded the concept of Privacy by Design and Default into organizational processes. Developed, created, and implemented policies and procedures, including RoPaTemplate, PIA template, DPIA Template, Data Subject Rights Procedures, Consent Management Procedures, Data Breach Procedures, Data Breach Plan and Framework, Privacy by Design and Default Policy, Enterprise Privacy Policy, Enterprise Privacy Framework, Privacy Notices, and Retention and Deletion Policy.
- Client-Focused Guidance and Training: Played a pivotal role in the client-facing aspect, offering guidance and training to employees on data privacy best practices. Conducted audits to ensure strict compliance with data privacy regulations and standards.
- Policy Review and Record Management: Reviewed and maintained the accuracy of existing Policies and Procedures for organizations. Ensured up-to-date records of all data privacy assessments, audits, and related activities.
- Trend Analysis and Strategic Recommendations: Stayed abreast of emerging data privacy trends and technologies, providing strategic recommendations for the adoption or modification of existing practices. Facilitated organizational transition toward a privacy-eccentric culture.
- Team Mentorship for Professional Development: Mentored team members to enhance their professional development and foster accountability within the workplace.
- Hands-On Client Assistance: Offered hands-on assistance to clients, assessing their needs, and maintaining a current understanding of their preferences.
SME
Elevates
Chandigarh
03.2022 - 03.2023
- Handled projects for industry leaders like Expedia group with a focus on ensuring compliance with various laws in the Contractual clauses with a specific focus on Privacy and Confidentiality.
- Engaged in providing subject matter expert support to the team on issues related to the management of data and formulation of policies in consonance with Privacy and Protection Law.
- Involved in research and analysis of privacy laws including but not limited to GDPR, CCPA, India’s Digital Data Protection Bill, and associated rules.
- Drafted and managed the execution of Data Processing Agreements/Standard Contractual Clause under GDPR for clients.
- Engaged in training of Peers on the role of Privacy Law and Privacy Impact Assessments. Contract Lifecycle Management through Context software- App and Web-based
- Prepared proposal documentation and specifications based on client needs.
Legal Analyst
BYJUS
Bangalore
05.2020 - 02.2022
- Drafted and vetted documents relating to Mergers and Acquisitions(M&A) as a team member.
- Involved in review of Privacy and Confidentiality clauses in Agreements with the clients and their compliance with laws and regulations.
- Assisted in Reviewing, drafting, and negotiating a full range of commercial contracts, Confidentiality agreements, Service Level Agreements, Agreements related to Ed-Tech Services, Software Agreements, and Non-Disclosure Agreements (NDAs) using Contract Management Software and SaaS.
- Compiled data and conducted research to draft legal documents for attorneys.
- Supported case preparation by interpreting laws, rulings and regulations.
- Conducted legal research to prepare attorneys and clients for next steps in legal cases.
Education
Master of Laws - Constitutional Law
Amity Law School
Noida 05.2017 - 05.2018
LLB - Intellectual Property Rights
Amity University
Noida 05.2014 - 04.2017
Skills
Employee performance evaluations
Recruiting and interviewing
Negotiation
Data Privacy and Protection
GDPR, CCPA, PDPL, PDPA
Personal Data Handling, Management and Protection
Standard Contractual Clauses relating to Privacy and Confidentiality
Contract Management
Conducting CSA,ROPA, PIA, DPIA
Creating Privacy Notice, Privacy Policy, Data Subjects Rights Procedure, Data Breach Procedure and Plan
Certification
CIPP/E
Timeline
CIPM
11-2023
Assistant Manager
Deloitte
05.2023 - Current
CIPP/E
05-2023
One trust tool Management
05-2023
One trust Third Party Management
05-2023
SME
Elevates
03.2022 - 03.2023
Bar Council License
09-2020
Legal Analyst
BYJUS
05.2020 - 02.2022
Master of Laws - Constitutional Law
Amity Law School
05.2017 - 05.2018
LLB - Intellectual Property Rights
Amity University
05.2014 - 04.2017