Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Languages
Timeline
Generic
Pradosh Kumar Das

Pradosh Kumar Das

Cuttack

Summary

Accomplished IT professional with Fifteen years of experience in the Data Network And Data Security industry, complemented by a focused one year tenure in the evolving realm of data privacy. Adept at delivering exceptional results within highly regulated environments, I have consistently demonstrated a commitment to ensuring the security and confidentiality of sensitive information while meeting stringent compliance requirements

Complemented by One Year of focused experience in the field of data privacy, during which I successfully transitioned my expertise to safeguarding personal information and ensuring compliance with data protection laws. Skilled in conducting thorough data privacy impact assessments, implementing stringent security protocols, and providing tailored training programs to promote a culture of data protection awareness within organizations.

With a natural inclination for detail-oriented work, I am committed to maintaining the highest standards of accuracy and precision in handling sensitive information. My transition into the data privacy realm has further solidified my dedication to preserving the confidentiality and security of personal data.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Compliance Officer

Tutelr
Chennai
10.2022 - 10.2023
  • I had the privilege of working at Tutler Infosec Pvt ltd . for one years, During my working at Tutler Infosec Pvt ltd, I served as a Privacy Analyst. In this role, I was responsible for a wide range of tasks related to the privacy compliances and implementing security controls related to the projects . My primary responsibilities included:
  • Ensuring proper procedures to followed to maintain integrity and confidentiality of the client/customers
  • Ensuring compliance with Privacy And Security policies during onboarding to ensure fairness and transparency.
  • Conduct training regarding the Privacy Policies and security process and procedures to be followed .
  • Responsibilities and Achievements:

Privacy Impact Assessment (PIA):

• Conducted comprehensive Privacy Impact Assessments for all aspects of the Cloud Computing , Email Security and Application Security project, analyzing potential privacy risks and proposing mitigation strategies.

• Collaborated with cross-functional teams to identify and address privacy concerns in the project's design and implementation.

• Data Minimization and Legal Basis:

Ensured that customer data collection was strictly based on the legal basis of consent, in accordance with GDPR Article 6(1)(a).

• Worked closely with the legal department to draft and review consent forms, ensuring they were clear, specific, and easily accessible to customers.

• Transfer Impact Assessment (TIA):

• Led Transfer Impact Assessments (TIAs) to assess data transfers within the organization and to third-party entities, ensuring GDPR compliance during data movement.

• Risk Assessment:

• Performed regular risk assessments to identify emerging threats and vulnerabilities to personal data processed within the all the system.

• Collaborated with the IT team to implement security measures and controls to mitigate identified risks.

• Security of Processing:

• Ensured that personal data was processed securely, in accordance with GDPR Article 32, by implementing encryption, access controls, and regular security audits.

Compliance with Regulatory Requirements:

• Maintained an up-to-date knowledge of GDPR regulations and any amendments, ensuring that the project remained in compliance .

• Conducted regular internal audits and assessments to verify compliance with GDPR and other relevant data protection laws.

• Legal Basis:

• Ensured that the legal basis for processing customer data was grounded in GDPR-compliant consent, aligning with GDPR Article 6(1) (a).

• Collaborated closely with the legal department to draft and review consent forms, making them clear, concise, and easily accessible to customers.

• Data Minimization:

• Advocated for and implemented data minimization practices throughout the project, ensuring that only the necessary customer data was collected and processed.

• Developed and enforced data retention policies to comply with GDPR Article 5(1)(c).

• Consent Management:

• Implemented robust consent management mechanisms, allowing customers to easily grant, withdraw, or modify their consent preferences.

• Europe is known for having some of the strictest privacy laws in the world, with the General Data Protection Regulation (GDPR) being the cornerstone of its privacy framework.

• In the United States, privacy laws are more fragmented compared to the European Union. Privacy regulations vary depending on the type of data and industry, but there are some overarching principles:

• Privacy Laws by Sector: Privacy regulations in the U.S. are often sector-specific. For example, the Health Insurance Portability and Accountability Act (HIPAA) governs health information, while the Gramm-Leach-Bliley Act (GLBA) regulates financial data.

• State-Level Privacy Laws: Some states, like California, have enacted comprehensive privacy laws. The California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA), provide certain rights to California residents regarding their personal information.

• Canada has its own set of privacy laws, primarily governed by the Personal Information Protection and Electronic Documents Act (PIPEDA):PIPEDA is the main federal privacy law in Canada. It governs the collection, use, and disclosure of personal information by private sector organizations. PIPEDA is similar in many ways to GDPR, as it emphasizes consent, data subject rights, and accountability.

• In India ,The Digital Personal Data Protection Act, 2023 ("DPDP Act") is now in effect and governs the processing of digital personal data in India, regardless of whether the data was originally collected in digital or non-digital format and subsequently digitized

• Ensured that consent was collected, documented, and stored in accordance with GDPR requirements.

• Legal Basis:

• Ensured that the legal basis for processing customer data was grounded in GDPR-compliant consent, aligning with GDPR Article 6(1) (a).

• Collaborated closely with the legal department to draft and review consent forms, making them clear, concise, and easily accessible to customers

Senior Network Analyst

Vertics Broadband
Bhubaneswar
10.2012 - 06.2020
  • Administered software licensing and purchasing for effective installation of network.
  • Mitigated risk by analyzing complex computer systems to assess vulnerabilities.
  • Visually inspected temperature sensors to maintain health of servers and network devices.
  • Designed and implemented networks in collaboration with project engineers.
  • Diagnosed system hardware and software problems using advanced root-cause analysis.
  • Administered and prepared programs for IP addresses, developed network resources and trained support personnel to provide Tier I support to end users.
  • Documented all server and network problems and other unusual events in detail.
  • Analyzed data traces using protocol analyzers to identify anomalies and find solutions.
  • Defined security requirements for mainframe, workstations and personal computers.
  • Wrote ad hoc tools and patches to resolve recurring production problems.
  • Managed development, deployment and training of RTS system and internal systems suite.
  • Troubleshot and maintained networking devices and infrastructure across enterprise.
  • Upgraded network software and hardware for optimized performance.
  • Communicated with vendors to resolve network outages and periods of reduced performance.
  • Monitored system logs for all company computers and devices to maximize uptime.
  • Performed code review, code optimization, SQL query optimization and performance improvement for servers.
  • Kept up-to-date on new developments in computer and network vulnerabilities, data hiding and encryption.
  • Reviewed logs for all networking devices for unresolved abnormalities and problems.

Data Network Specialist

Seraphic Systems INC
Bhubaneswar
07.2008 - 09.2012
  • Instructed users on software and hardware use.
  • Analyzed data security risks and performed preventive measures.
  • Fielded and handled complaints and questions about information systems.
  • Documented IT procedures and day to day tasks.
  • Mitigated risk by analyzing complex computer systems to assess vulnerabilities.
  • Administered software licensing and purchasing for effective installation of network.
  • Administered and prepared programs for IP addresses, developed network resources and trained support personnel to provide Tier I support to end users.
  • Completed remote repairs involving software solutions and hardware repairs.
  • Wrote ad hoc tools and patches to resolve recurring production problems.
  • Incorporated feedback and recommendations from other staff members when modifying software.
  • Implemented and maintained firewalls, series switches and security appliances.
  • Monitored system logs for all company computers and devices to maximize uptime.
  • Performed code review, code optimization, SQL query optimization and performance improvement for servers.
  • Built server systems and installed into racks.
  • Configured and installed wireless controllers, routers and switches.
  • Communicated with vendors to resolve network outages and periods of reduced performance.

Education

Bachelor of Law (LLB - Law Enforcement

Utkal University
Cuttack
07.2023

Master of Science - Cybersecurity

Odisha State Open University
Ravenshaw University , Cuttack
07.2023

Bachelor of Science - Computer Science

Sikkim State University
Tadong , Sikkim
08.2003

Graduate in Network Engineering - Computer Networking

IIHT
Cuttack
05.2000

Associate of Science - Physics , Chemistry , Biology , Mathematics

Council Of Higher Secondary Education Orissa
Stewart Science College Cuttack
05.1997

High School Diploma -

Board of Secondary Examination Orissa
Cuttack
04.1995

Skills

CORE QUALIFICATIONS

Strong Knowledge of Data Protection Laws and Privacy Regulations (eg, GDPR, CPRA, PIPEDA, HIPAA)

CIPP/E Certified

Conducting PIA & DPIA

Data Mapping Automation

Consent & Preference Management

Ensuring Compliance with GDPR and other relevant regulations

Maintaining Record of Processing Activities (ROPA)

Training & Awareness Programs

Cross-functional Collaboration

Incident Response & Breach Notification

Policy & Procedure Development

Third Party Risk Management (TPRM

Excellent Communication skills

Respond to Data Subject Requests

Detail Oriented

Cookie Consent Management

PRIVACY REGULATION KNOWN

Europe is known for having some of the strictest privacy laws in the world, with the General Data Protection Regulation (GDPR) being the cornerstone of its privacy framework

In the United States, privacy laws are more fragmented compared to the European Union Privacy regulations vary depending on the type of data and industry, but there are some overarching principles:

Privacy Laws by Sector: Privacy regulations in the US are often sector-specific For example, the Health Insurance Portability and Accountability Act (HIPAA) governs health information, while the Gramm-Leach-Bliley Act (GLBA) regulates financial data

State-Level Privacy Laws: Some states, like California, have enacted comprehensive privacy laws The California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA), provide certain rights to California residents regarding their personal information

Canada has its own set of privacy laws, primarily governed by the Personal Information Protection and Electronic Documents Act (PIPEDA):PIPEDA is the main federal privacy law in Canada It governs the collection, use, and disclosure of personal information by private sector organizations PIPEDA is similar in many ways to GDPR, as it emphasizes consent, data subject rights, and accountability

In India ,The Digital Personal Data Protection Act, 2023 ("DPDP Act") is now in effect and governs the processing of digital personal data in India, regardless of whether the data was originally collected in digital or non-digital format and subsequently digitized

Accomplishments

    Achievements : Contributing Member

    Global Cybersecurity Association (GCA) · Freelance Global Cybersecurity Association (GCA) · Freelance Aug 2023


    Contributing Member

    IEEE Standards Association · Freelance IEEE Standards Association · Freelance Oct 2022 - Oct 2023 · Remote

Certification

• Passed CIPP/EU examination in AUG 2023.

• Completed the CIPP/EU/US/CANADA course by LAWSIKHO (2023).

  • • Completed GDPR certification and Preparation to CIPP Certification Test by UDEMY (2023).
  • Completed CISM certification and Preparation to CISM Certification Test by UDEMY (2023).
  • Completed CC certification and Preparation to CC Certification Test by UDEMY (2023).
  • Completed ISO 27001 LA certification and Preparation to ISO 27001 LA Certification Test by UDEMY (2023).
  • Completed MCP certification Server Management From MIcrosoft in 2001 .

Languages

English
Upper intermediate (B2)
Hindi
Advanced (C1)

Timeline

Compliance Officer

Tutelr
10.2022 - 10.2023

Senior Network Analyst

Vertics Broadband
10.2012 - 06.2020

Data Network Specialist

Seraphic Systems INC
07.2008 - 09.2012

Bachelor of Law (LLB - Law Enforcement

Utkal University

Master of Science - Cybersecurity

Odisha State Open University

Bachelor of Science - Computer Science

Sikkim State University

Graduate in Network Engineering - Computer Networking

IIHT

Associate of Science - Physics , Chemistry , Biology , Mathematics

Council Of Higher Secondary Education Orissa

High School Diploma -

Board of Secondary Examination Orissa
Pradosh Kumar Das