Pradosh Kumar Das

• I had the privilege of working at Tutler Infosec Pvt ltd . for one years, During my working at Tutler Infosec Pvt ltd, I served as a Privacy Analyst. In this role, I was responsible for a wide range of tasks related to the privacy compliances and implementing security controls related to the projects . My primary responsibilities included:
• Ensuring proper procedures to followed to maintain integrity and confidentiality of the client/customers
• Ensuring compliance with Privacy And Security policies during onboarding to ensure fairness and transparency.
• Conduct training regarding the Privacy Policies and security process and procedures to be followed .
• Responsibilities and Achievements:

Privacy Impact Assessment (PIA):

• Conducted comprehensive Privacy Impact Assessments for all aspects of the Cloud Computing , Email Security and Application Security project, analyzing potential privacy risks and proposing mitigation strategies.

• Collaborated with cross-functional teams to identify and address privacy concerns in the project's design and implementation.

• Data Minimization and Legal Basis:

Ensured that customer data collection was strictly based on the legal basis of consent, in accordance with GDPR Article 6(1)(a).

• Worked closely with the legal department to draft and review consent forms, ensuring they were clear, specific, and easily accessible to customers.

• Transfer Impact Assessment (TIA):

• Led Transfer Impact Assessments (TIAs) to assess data transfers within the organization and to third-party entities, ensuring GDPR compliance during data movement.

• Risk Assessment:

• Performed regular risk assessments to identify emerging threats and vulnerabilities to personal data processed within the all the system.

• Collaborated with the IT team to implement security measures and controls to mitigate identified risks.

• Security of Processing:

• Ensured that personal data was processed securely, in accordance with GDPR Article 32, by implementing encryption, access controls, and regular security audits.

Compliance with Regulatory Requirements:

• Maintained an up-to-date knowledge of GDPR regulations and any amendments, ensuring that the project remained in compliance .

• Conducted regular internal audits and assessments to verify compliance with GDPR and other relevant data protection laws.

• Legal Basis:

• Ensured that the legal basis for processing customer data was grounded in GDPR-compliant consent, aligning with GDPR Article 6(1) (a).

• Collaborated closely with the legal department to draft and review consent forms, making them clear, concise, and easily accessible to customers.

• Data Minimization:

• Advocated for and implemented data minimization practices throughout the project, ensuring that only the necessary customer data was collected and processed.

• Developed and enforced data retention policies to comply with GDPR Article 5(1)(c).

• Consent Management:

• Implemented robust consent management mechanisms, allowing customers to easily grant, withdraw, or modify their consent preferences.

• Europe is known for having some of the strictest privacy laws in the world, with the General Data Protection Regulation (GDPR) being the cornerstone of its privacy framework.

• In the United States, privacy laws are more fragmented compared to the European Union. Privacy regulations vary depending on the type of data and industry, but there are some overarching principles:

• Privacy Laws by Sector: Privacy regulations in the U.S. are often sector-specific. For example, the Health Insurance Portability and Accountability Act (HIPAA) governs health information, while the Gramm-Leach-Bliley Act (GLBA) regulates financial data.

• State-Level Privacy Laws: Some states, like California, have enacted comprehensive privacy laws. The California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA), provide certain rights to California residents regarding their personal information.

• Canada has its own set of privacy laws, primarily governed by the Personal Information Protection and Electronic Documents Act (PIPEDA):PIPEDA is the main federal privacy law in Canada. It governs the collection, use, and disclosure of personal information by private sector organizations. PIPEDA is similar in many ways to GDPR, as it emphasizes consent, data subject rights, and accountability.

• In India ,The Digital Personal Data Protection Act, 2023 ("DPDP Act") is now in effect and governs the processing of digital personal data in India, regardless of whether the data was originally collected in digital or non-digital format and subsequently digitized

• Ensured that consent was collected, documented, and stored in accordance with GDPR requirements.

• Legal Basis:

• Ensured that the legal basis for processing customer data was grounded in GDPR-compliant consent, aligning with GDPR Article 6(1) (a).

• Collaborated closely with the legal department to draft and review consent forms, making them clear, concise, and easily accessible to customers

• Administered software licensing and purchasing for effective installation of network.
• Mitigated risk by analyzing complex computer systems to assess vulnerabilities.
• Visually inspected temperature sensors to maintain health of servers and network devices.
• Designed and implemented networks in collaboration with project engineers.
• Diagnosed system hardware and software problems using advanced root-cause analysis.
• Administered and prepared programs for IP addresses, developed network resources and trained support personnel to provide Tier I support to end users.
• Documented all server and network problems and other unusual events in detail.
• Analyzed data traces using protocol analyzers to identify anomalies and find solutions.
• Defined security requirements for mainframe, workstations and personal computers.
• Wrote ad hoc tools and patches to resolve recurring production problems.
• Managed development, deployment and training of RTS system and internal systems suite.
• Troubleshot and maintained networking devices and infrastructure across enterprise.
• Upgraded network software and hardware for optimized performance.
• Communicated with vendors to resolve network outages and periods of reduced performance.
• Monitored system logs for all company computers and devices to maximize uptime.
• Performed code review, code optimization, SQL query optimization and performance improvement for servers.
• Kept up-to-date on new developments in computer and network vulnerabilities, data hiding and encryption.
• Reviewed logs for all networking devices for unresolved abnormalities and problems.

• Instructed users on software and hardware use.
• Analyzed data security risks and performed preventive measures.
• Fielded and handled complaints and questions about information systems.
• Documented IT procedures and day to day tasks.
• Mitigated risk by analyzing complex computer systems to assess vulnerabilities.
• Administered software licensing and purchasing for effective installation of network.
• Administered and prepared programs for IP addresses, developed network resources and trained support personnel to provide Tier I support to end users.
• Completed remote repairs involving software solutions and hardware repairs.
• Wrote ad hoc tools and patches to resolve recurring production problems.
• Incorporated feedback and recommendations from other staff members when modifying software.
• Implemented and maintained firewalls, series switches and security appliances.
• Monitored system logs for all company computers and devices to maximize uptime.
• Performed code review, code optimization, SQL query optimization and performance improvement for servers.
• Built server systems and installed into racks.
• Configured and installed wireless controllers, routers and switches.
• Communicated with vendors to resolve network outages and periods of reduced performance.