Rashida A. Email and Phone Number

• Handle request for personal data from members of the public, patients and nurses. • Analyse reason for requests and understand the status of investigations by the NMC.• Applying relevant exemptions under law i.e. litigation privilege, legal privilege, third party information.• Redact and prepare data for disclosure.

Key Responsibilities:• Managed the ICO registration process for all the Thames Water entities.• Ensured the Privacy Notice was reviewed and amended as and when the need arose.• Designed and maintained the Data Protection portal by updating documentation/content.• Ad hoc projects e.g. International data transfer assessment composition. Development and Training:• Reviewed the content of the data protection mandatory company-wide training on an annual basis, and… Show more Key Responsibilities:• Managed the ICO registration process for all the Thames Water entities.• Ensured the Privacy Notice was reviewed and amended as and when the need arose.• Designed and maintained the Data Protection portal by updating documentation/content.• Ad hoc projects e.g. International data transfer assessment composition. Development and Training:• Reviewed the content of the data protection mandatory company-wide training on an annual basis, and monitored completion rates.• Created bespoke training for departments within the organisation that reflected the personal data/processes handled specifically by them.• Drafted communications sent to all employees and also to targeted teams via alternative means i.e. yammer posts/team huddles.• Created guidance documents for specific purposes e.g. managers handling employee data.Governance and Strategy Enhancement programme:• Management of the risk register, ensuring risks and actions were assessed on a monthly basis and the key controls were tested.• Conducted internal audits to assess compliance levels with data protection regulations/laws.• Reviewed all policies and standards on an annual basis, making amendments as the need arose and created new standards where required.• Assessed the validity of Data Protection Impact Assessment (DPIA) and Data Governance Assessments to ensure it was fit for purpose.Reporting:• Managed the administration and determined the agenda of the Data Protection Committee, writing up minutes and escalating issues of concern to higher management. Show less

Key Responsibilities:• The first point of contact within the company to address any privacy concerns or queries. Also provided advice by interpreting and applying the relevant data protection laws to responses. • Managed and prioritised a diverse workload setting expectations within the business to meet deadlines.• Managed all Subject Access Rights requests, complaints, and communications received from the Information Commission Office. • Managed the Subject Access Request… Show more Key Responsibilities:• The first point of contact within the company to address any privacy concerns or queries. Also provided advice by interpreting and applying the relevant data protection laws to responses. • Managed and prioritised a diverse workload setting expectations within the business to meet deadlines.• Managed all Subject Access Rights requests, complaints, and communications received from the Information Commission Office. • Managed the Subject Access Request process within Taylor Wimpey. • Investigated any compliance issues or personal data related breaches and aided the root cause analysis and determine corrective actions. • Provided long term deputisation for the Data Protection Officer during maternity leave cover.Development and Training:• Increased employee engagement across all business units to improve behaviour changes in day-to-day working, to achieve a compliant culture, and encouraging them to understand the benefits to the overall reputation of the business in being recognised for our excellence in regulatory compliance. • Carried out training and Q&A sessions with colleagues to be able to relay complex legal requirements in an easy to understand format.Governance and Strategy Enhancement programme:• Managed the program delivery of General Data Protection Regulation and Data Protection Act 2018 by creating policies, processes, guidance documentation and registers/logs.• Collaborated with business teams to understand third-party strategy and ensure data protection risks are managed. • Maintained all internal data protection information repositories ensuring they were reviewed and kept up to date. Reporting:• Managed the reporting process for key data protection and compliance issues.• Audited internal processes to assess compliance. • Updated and managed all logs of work carried out by the team e.g. breach, subject rights and complaints as well as providing reporting metrics to management. Show less

Key Responsibilities:• Acted as the point of contact for GDPR related queries for a variety of stakeholders globally.• Provided advice and guidance on data protection laws, escalating to the DPO for complex queries.• Processed subject access requests and other data subject rights requests.Development/Training:• Produced the draft data protection polices for approval.• Constructed the internal Information Governance resource intranet pages.• Created and… Show more Key Responsibilities:• Acted as the point of contact for GDPR related queries for a variety of stakeholders globally.• Provided advice and guidance on data protection laws, escalating to the DPO for complex queries.• Processed subject access requests and other data subject rights requests.Development/Training:• Produced the draft data protection polices for approval.• Constructed the internal Information Governance resource intranet pages.• Created and delivered tailored training to different departments, which were specific to their needs.• Promoted data protection within the Institution, assigning Privacy Champions in key areas.• Drafted contracts/data sharing agreements to ensure complaint processing of data with third parties.• Assisted business in the understanding of compliance in relation to data transfers outside of EU.Governance and Strategy Enhancement programme:• Worked closely with key stakeholders in the organisation to assist in the effective implementation of data protection objectives and key decision making.• Implemented privacy by design processes into data processing by completing Legitimate Interest Assessments (LIA) and DPIAs to assess and identify high-risk projects.• Developed and implemented a compliance programme for the Governance Working Group, which included the production and continuous review of Record of Processing Article 30.• Managed the Governance and Strategy Enhancement programme: risk assessment; project planning; delivering objectives; production of high quality deliverables within timeframes and financial margins. Reporting:• Promptly notified the Incident Management Team escalating serious data or security beaches.• Analysed data breaches and reported them to the relevant supervisory body as per reporting requirements.• Organised and led Steering Group Meetings to drive the compliance programme plan against project objectives.• Submitted monthly reporting of privacy incidents to the Assurance Board. Show less

• Reviewed Service Level Agreements/ Commercial Contracts.• Worked with internal departments to identify the companies GDPR risk and developed strategies to dissolve risk.• Implemented policy and procedure to ensure compliance with regulations.

• Investigatory research and information collating regarding companies Data Protection risks.• Worked to ensure all trade is conducted under contact.• Negotiated commercial contracts for goods and services.• Managed high workload independently by organising and planning work flow.

• Analysed reports of misconduct within tight deadlines; identified risks and determined whether further action needed to be taken by a Regulatory Supervisor.• Dealt with complaints verbally and in writing.• Reviewed voluminous materials and prepared summary reports.