RITIKA JOSHI

M&G Global Services is the shared services center of M&G Plc headquartered in the United Kingdom.

Highlights:

• Responsible for assessing privacy impacts of AI solutions considered for implementation within the organization through the AI Governance forum
• Supporting the impact assessment and implementation of new regulations such as EU AI Act, DORA and India DPDPA
• Expanded the India team strength fourfold by demonstrating subject matter skills and a ability to run a mature privacy function
• Delivered efficiencies by developing key operational processes and achieving scalability of operations for DTIAs and contract remediation
• Developed a PowerBi dashboard for efficient reporting of key metrics, risk areas and trend analysis for privacy risk
• Led the Schrems II SCC remediation project which included contractual remediation and Data Transfer Impact Assessments (DTIA) for 1000+ contracts
• Worked on key strategic projects for high risk business portfolios to manage privacy risks

Job Responsibilities:

• Privacy Lawyer in the second line privacy risk function reporting to the Chief Data Protection Officer
• Leading the team responsible for the management of data privacy contracts, data sharing agreements, non-disclosure agreements and operationalising international transfer requirements by conducting data transfer impact assessments and third country assessments
• Responsible for creating scalable assets such as playbooks and process documentation for a structured privacy program
• Leading the Data Privacy function for the India entity including contractual negotiation of privacy clauses, risk identification and mitigation and advising business stakeholders on privacy issues
• Liaising with external counsel to solicit advise on key privacy developments and support strategic implementation within the organization
• Supporting breach management and grievance management for the global as well as local entity
• Supporting privacy audits, policy attestation, authority requests
• Supporting the first line teams providing guidance and oversight to privacy operations activities

Highlights:

• Developed expertise in privacy implementation in the healthcare sector
• Led a team to implement a GDPR Consent Management Lifecycle project for a new pharmaceutical client.
• Developed a Privacy Program Framework that served as a out of box solution marketed by the firm to pharmaceutical clients
• Drafted a global privacy policy for a US based top pharmaceutical client
  

Job Responsibilities:

• Provided privacy Subject Matter Expertise during the implementation of regulations such as EU GDPR, Brazil- LGPD, Turkey - LPPD, China - PIPL, US- CCPA among a few
• Led a team of 10 associates managing BAU privacy operations (Data Subject Rights, Privacy Impact Assessments, Data Breach Notification, Supplier assessments etc.) for a fortune 500 pharmaceutical company.
• Supported creation of a standardized approach and lifecycle for implementation of future new regulations
• Developed processes that execute operational activities such as Data Subject Rights, Data Incident and Breach Management etc.
• Provided client leadership with regular insightful privacy program metrics through weekly and monthly status updates
  

Highlights:

• Supported remediation of high risk systems and applications on the road to GDPR go-live
• Owned and independently handled the training and awareness workstream including envisioning, executing and modernizing privacy trainings.
  

Job Responsibilities

• Worked at the forefront of Microsoft’s Core Services Engineering GDPR readiness efforts and contributed majorly to the success of the organization’s GDPR success story.
• Advised system and application owners and supported them in their compliance with the requirements of the privacy program
• Supported engineering teams understand and implement privacy by design in their product offerings
• Drafted the questionnaire for Privacy Impact Assessments (PIA) and Supplier Assessments.
• Was part of a team that conducted PIA’s for 200+ applications and systems in the organization portfolio in OneTrust.
  

• Acted as the legal counsel and corporate secretary to ensure legal and secretarial compliance
• Worked with Corporate Headquarters towards General Data Protection Regulation (GDPR) preparedness for Data Processors;
• Led org-wide Data Privacy training & awareness programs and compliance awareness campaigns for employee

• Subject Matter Expert for in-depth Internal Audit of Listed and Unlisted Public and Private Limited Companies across diverse sectors such as Real Estate, Manufacturing, Automobile FMCG.

• Drafted and negotiated vendor and intra-group contracts
• Formulated internal Legal Policies and Standard operating procedures
• Managed FCPA compliance monitoring