Global healthcare insurance company
- Supported on an 8-month data privacy maturity uplift programme and improving compliance against a recognised GDPR framework.
- Led on various workstreams, including: the production of specialist GDPR training materials; assessing the businesses’ Records of Processing Activities (ROPA) and making recommendations; completing legitimate interest assessments (LIAs) and providing guidance on topics such as international data transfers.
- A core team member on secondment supporting the in-house legal function with business queries in relation to GDPR compliance.
- Supported on specific workstreams across the business, i.e. drafting and negotiating customer/supplier contracts alongside procurement and legal teams.
- Led on specific workstreams, such as the drafting of an incident management process for the business and producing legal precedents for both internal and external use.
Global Payment Processing provider
- Supported on the creation of a contracting playbook, templates and risk matrices for assessing GDPR compliance.
- Provided data privacy legal advice to various parts of the business, including in relation to commercial contracts and ePrivacy matters.
- Collaborated with teams to create or update Privacy Impact Assessments (PIAs) for new and existing high risk technologies and processes developed.
- Drafted various policies and supported the business and other internal colleagues to implement systems and controls. Assisted across lines of service with Risk Assurance and Consultancy experts to offer holistic end-to-end solutions for the business.