Providing commercial B2B/B2C expertise on implementation of a data protection programme, governance and framework for 50 companies Integrated the main business competitor and oversaw implementation of data protection controls which were substantially missingImplanted effective information security and data protection governance for the UK’s leading property services group, advising various functions on responsibilities and status to minimise risk Key driver within Risk & Compliance Division, overseeing a team of handling a range of data protection tasks and specific initiativesWorked with Information Commissioners to manage breaches, building a strong reputation for risk mitigation for the Risk & Compliance TeamProvided pragmatic advice for Senior Leadership as SME, to ensure awareness and informed decision making on Data Protection risksEmbedded a culture of raised consciousness and efficiency around areas of data protection, including UK GDPR, GPDR, DPA 2018 and PECR Continuously monitored adequacy, effectiveness and compliance of data protection controls, benchmarking against standards and group controls Championed understanding group-wide by building and delivering data protection training programmes, promoting awareness, importance and obligations surrounding privacy and data protection complianceEnsured integration of Privacy By Design in organisational change and maintenance of required documentation such as ROPA and DPIAs

Led data protection, information governance and security strategy and operations for the UK's leading full service clinical home healthcare provider Reviewed existing privacy, information governance and security policies and processes including IT security, confidentiality, Caldicott, and data protection, identifying areas for improvementEnhanced incident response frameworks to ensure prompt resolution of actual or suspected breaches in confidentiality and integrity surrounding data protection and information security Formalised privacy, information governance and security frameworks to capture group requirements and built a scalable, fit-for-purpose function Supported transformational initiatives, advising and contributing to commercial tenders, responding to NHS and Big-Pharma requirements and taking part in detailed discussions on compliance-related challenges Led the company through cyber-essentials and prepared for ISO27001 certification, implementing a new information security management system and NHS Information Governance Toolkit

Defined, implemented and maintained privacy and information security strategy for this global professional accounting body offering the Chartered Certified Accountant qualification Enhanced compliance across a multi-site, multi-regulatory, global organisation, shaping and executing a robust schedule of information security and data protection compliance and assurance auditsDelivered significant increases in compliance, leading the organisation to PCI-DSS compliance in six months and benchmarking the UK organisation against ISO 27001 in preparation for certificationCollaborated with global leadership supporting each country with regulatory, including the Singapore Personal Data Protection Act, Canadian Anti-Spam Legislation, and Russian Data Localisation Law

Provided expertise and advice for the UK's leading Healthcare Informatics company, successfully aligning information governance strategies, policies, and procedures with business strategy Championed professional development as Training & Awareness Lead for London Connect Information Governance community, recognised by Dame Fiona Caldicott in 2 National Data Guardian reportsLed improvements in compliance, satisfying legislative requirements, meeting national codes of practice and advising multiple teams on various aspects of data protection within commercial relationshipsSaved 80% of business income by ensuring ongoing access to NHS patient data, one of only a handful of organisations to satisfy data protection requirements and secure this concession Key contributor to design and implementation of the Global Comparators programme, proven compliant with international data protection requirements, including HIPAALed development of ISO 27001 throughout the company in preparation for eventual certification, implementing new ISMS and successfully completing annual return of NHS Information Governance Toolkit

In this role I was responsible for advising on compliance with the Data Protection Act (and acted as the Data Protection Officer), Freedom of Information Act, Information Security Policy, Records Management and associated information legislation. I delivered and implemented the Information Governance Strategy and Policy and also implemented the Freedom of Information Act requirements at the University. A key delivery was the initiation of staff awareness / induction training on information governance & security issues and responsibilities. My role included being a Member of Senate Research Ethics Committee where I supported the incorporation of Data Protection matters into research projects.I was also one of the founding members and sat on the organising committee of the Higher Education Information Governance and Records Management Group, growing to represent the majority of HE institutions.In this role I was part of the sector advisory group for the Information Commissioners Office for Freedom of Information and Data Protection matters.

• Responsible for ensuring compliance with the Data Protection Act (Data Protection Officer) and NHS Caldicott Report, BS7799 and associated IT security issues.