VARSHA SEWLAL

• Compile privacy compliance frameworks, conduct privacy audits, operator agreements, data privacy impact assessments, privacy by design, compliance framework, training on data protection legislation, Information Security management, IT Governance Frameworks
• Records of processing -ROPA, drafting of regulations and policies
• Conducting of internal privacy and compliance audits, reviewing of agreements with affiliates to assess privacy compliance
• Development, review, and implementation of data privacy frameworks, Technical and Organisational Measures, policies, procedures, and templates, aligned with data privacy laws and regulations (e.g., GDPR, ISO 27701, ISO 27001, PCI DSS, NDMO)
• AI, machine learning, cloud computing, cybersecurity, blockchain, IoT, robotics, e-identity, biometrics, RPA, encryption, digital forensics, etc
• Drafting, reviewing, and negotiating complex contracts: Vendor agreements, cloud services agreements, software licensing agreements, service level agreements, intra-group service contracts, etc
• Expertise in contract interpretation and dispute resolution: International arbitration, litigation experience, conflict resolution skills
• Strong understanding of corporate and commercial la M&A, subsidiaries, international operations, joint ventures, etc
• Knowledge of regulatory compliance: Banking regulations, technology regulations, data privacy laws, etc
• Legal Services across organization
• Negotiation and Drafting of contracts and agreements, Management and mitigation of Risks, litigation, dispute resolution, enforcement procedures and compliance
• Legal and Compliance, Regulatory Compliance Registers, Risk Assessment and Due Diligence, Breach Investigation and Documentation, Privacy Issue Identification, Training and Communication Development, Record-Keeping and Reporting ,Stakeholder Engagement, Metrics Development and Monitoring and Developed Regulatory Compliance Registers ensuring alignment with ethics, compliance, and privacy obligations across all business areas
• Identifying and assessing compliance risks, developing and implementing compliance programs by creating policies and procedures to help the organization comply with the law, monitoring and enforcing compliance, providing training and education, responding to regulatory inquiries and resolving compliance issues
• Conducting due diligence on potential business partners or investments, Advising on compliance with industry-specific regulations, Developing and implementing ethical codes of conduct, Investigating allegations of non-compliance, Representing the organization in regulatory enforcement actions
• Corporate Governance support, Policy Development, Contract drafting, negotiation and review , legal and regulatory monitoring, legal training and presiding over regulatory compliance matters
• Provided expertise and technical advice in all matters and issues related to legal matters, including preparation and drafting and review of draft related laws and local orders and regulatory decisions
• Reviewed contracts and agreements between client and relevant stakeholders, including terms and conditions, to outline the relationship between them and support client in all contracts concluded with other parties
• Prepared database of international, regional and local legal systems related to the legislation in the field of transport, so as to benefit from it in the legislative field
• Lead the DPO solutions strategy by identifying, justifying and implementing comprehensive processes and tools to support data privacy operations, increase privacy automation and centralise record keeping
• Influence the data technology strategy and roadmap through techniques and privacy enhancing technologies that touch the entire data life cycle including areas such as access management, authentication, encryption, minimisation and aggregation, collection and use of personal data
• Design the process and methodology of the Privacy by Design
• Establish practices to ensure ongoing vigilance when implementing Privacy by Design
• Define the process and tools for managing Records of Processing Activities (RoPAs)
• Work with key stakeholders to document RoPAs
• Develop and recommend enhancements for Data Privacy Impact Assessments in line with the requirements of data privacy laws when initiating new projects that may pose a high risk to privacy
• Lead improvements to our privacy and security programme considering third parties and vendor risk as a priority
• Advise on privacy incidents as part of a cross-functional team who investigates and manages privacy incidents
• Lead Compliance and Ethics Programs
• Company Secretary Responsibilities:
• Maintain accurate and up-to-date records of shareholders, directors, and company documents
• Ensure adherence to relevant legislation and regulations by filing annual returns and other statutory documents with the appropriate authorities
• Efficiently organize and manage board meetings, general meetings, and other corporate gatherings
• Prepare comprehensive meeting agendas, minutes, and resolutions
• Provide strategic advice to the board of directors on corporate governance matters, risk mitigation strategies, and legal obligations
• Foster strong relationships with shareholders through effective communication and addressing their concerns
• Streamlining administrative processes by implementing effective document management systems and overseeing HR functions as required
• Project management experience, including assisting PMs with status updates, audit/technical assessment reports, and project management meetings.

· Creating and updating course materials, including lectures, readings, and assignments, on topics related to AI and digital policy.

· Facilitating interactive learning sessions and workshops for students and researchers.

· Providing guidance and support to students, particularly those involved in research projects or internships.

· Undertaking independent research on specific AI and digital policy issues, contributing to the overall knowledge base of the field.

· Assessing the potential impacts of emerging technologies and developing policy recommendations.

· Working with other researchers, policymakers, and industry leaders to advance the field.

· Overseeing the logistics of courses and programs, including scheduling, enrolment, and grading.

· Organizing workshops, conferences, and other events related to AI and digital policy.

· Assisting with administrative tasks such as grant applications, report writing, and event planning.

· Promoting CAIDP's work through social media, blog posts, and public speaking engagements.

· Fostering a collaborative and inclusive environment for students, researchers, and policymakers.

· Keeping abreast of the latest developments in AI and digital policy through reading, attending conferences, and networking.

• Utilized data-driven instruction to modify lesson plans based on student performance trends, leading to improved outcomes across all subject areas.
• Mentored new Teaching Fellows, providing guidance on effective classroom strategies and sharing valuable experiences from the field.
• Participated in ongoing professional development opportunities to stay current on best practices in education and enhance instructional skills.
• Served as an advisor for extracurricular activities, promoting personal growth and teamwork among participants.
• Improved student comprehension by implementing creative teaching strategies and real-world examples in lessons.
• Integrated multicultural elements into lessons, encouraging global awareness and appreciation for diversity among students.
• Delivered tutoring services to help students grasp course material and improve grades.
• Collaborated with other teachers to develop cross-curricular projects, enhancing student understanding of interconnected subjects.
• Coordinated interdisciplinary projects between departments to create cohesive learning experiences that reinforced core concepts from multiple subject areas.
• Established strong relationships with parents through regular communication and conferences, fostering a supportive educational network for students.
• Provided mentoring, gave advice on study skills and helped students with learning problems.
• Developed personalized assessments for students, resulting in tailored instruction that met individual needs and boosted overall performance.
• Designed engaging lesson plans that incorporated diverse learning styles, accommodating the unique needs of each student.
• Utilized formative assessment tools to identify areas for improvement and adjusted instruction accordingly, optimizing student progress.
• Implemented classroom management techniques effectively, maintaining a positive learning environment conducive to student success.
• Verified course design and delivery complied with school quality guidelines and regulatory standards.
• Organized school-wide events to promote community involvement and positive school culture, bringing together students, staff, and families for memorable experiences.
• Participated in and contributed to departmental meetings to stay informed about university policies and initiatives.
• Advised and mentored students on navigating academic and professional goals with support and guidance.
• Planned and delivered lectures and course materials to communicate course content and provide students with subject matter knowledge.
• Collaborated with other faculty and staff to improve teaching and learning by sharing resources and best practices.
• Developed and graded exams and assessments to evaluate student learning and provide feedback on performance.
• Collaborated with staff in curriculum reviews to improve course and program offerings.
• Offered office hours and one-on-one meetings with students to provide additional support and guidance to students.
• Kept accurate records of student performance to track student progress and provide feedback on performance.
• Created syllabus and instructional plans for each class session in accord with stated course objectives.
• Applied innovative teaching methods to encourage student learning objectives.
• Incorporated instructional technologies in course delivery for both in-class and online instruction.
• Guided students in researching, structuring and presenting debate case.
• Developed semester outlines and instructional plans for each class session to comply with stated course objectives.
• Taught diverse student population by employing various learning styles and abilities.
• Evaluated and supervised student activities and performance levels to provide reports on academic progress.
• Assessed students' progress and provided feedback to enhance learning.
• Graded quizzes, tests, homework, and projects to provide students with timely academic progress information and feedback.
• Created materials and exercises to illustrate application of course concepts.
• Created excitement and enthusiasm in classroom by delivering engaging subject matter.
• Designed and implemented various educational activities and programs to meet student needs.
• Built strong rapport with students through class discussions and academic advisement.
• Created positive and safe learning environment for students by setting and enforcing classroom code of conduct.
• Conducted engaging in-class discussions to facilitate learning and encourage participation.

• Provided strategic direction to legal services unit and offered advisory and consultancy services on corporate governance processes
• Drafted, managed, and coordinated litigation, legal contracts, ICT contracts, and memorandums of understanding
• Developed policies such as labour law proposals and litigation strategies according to evidence-based research
• Data privacy gap assessments/audits, strategy development, framework design, solution implementation, and project execution
• Development, review, and implementation of data privacy frameworks, Technical and Organisational Measures, policies, procedures, and templates, aligned with data privacy laws and regulations (e.g., GDPR, ISO 27701, ISO 27001, PCI DSS, NDMO)
• Experience with international standards and local regulatory requirements (e.g., ISO 27701, GDPR, ISO 27001, PCI DSS, NDMO)
• Conducting Data Protection Impact Assessments (DPIAs) to identify and mitigate privacy risks
• Lead Compliance and Ethics Programs
• Reduced litigation costs through developing and implementing appropriate management systems
• Enhanced consistency across all legal departments by crafting cohesive litigation and legal services strategy
• Identifying and assessing compliance risks, developing and implementing compliance programs by creating policies and procedures to help the organization comply with the law, monitoring and enforcing compliance, providing training and education, responding to regulatory inquiries and resolving compliance issues
• Conducting due diligence on potential business partners or investments, Advising on compliance with industry-specific regulations, Developing and implementing ethical codes of conduct, Investigating allegations of non-compliance, Representing the organization in regulatory enforcement actions
• Developed data protection compliance guidelines and frameworks
• Conducting privacy audits
• Privacy by design and default principles
• Drafting outsourcing agreements, cloud computing agreements and ICT Contracts
• Privacy Compliance Frameworks and Personal Information Impact Assessments (DPA)
• Drafting and amendment of policies to be aligned with privacy and security frameworks
• Records of processing -ROPA
• Enforcement procedures and compliance
• Supported the implementation of compliance policies and procedures, consistently meeting deadlines and ensuring the quality of documentation
• Developed and updated Regulatory Compliance Registers regularly, ensuring alignment with ethics, compliance, and privacy obligations across all business areas
• Tracked risk assessments and performed due diligence activities for new and existing business associates, contributing to the achievement of key performance metrics
• Assisted in investigating breaches of the Compliance Programme, meticulously maintaining records of findings, recommendations, and implemented actions
• Identified privacy issues related to data protection compliance with suppliers and IT systems, facilitating prompt resolution
• Developed and delivered engaging compliance training and communication sessions, enhancing employee awareness of relevant compliance obligations and facilitating seamless onboarding
• Maintained comprehensive records of risk assessments, due diligence, investigations, actions taken, communications, and training to meet reporting requirements of internal and external stakeholders
• Engaged proactively with stakeholders to ensure the effective implementation of the Company's Compliance Program
• Assisted in developing, monitoring, and reporting critical metrics to provide timely updates to all relevant stakeholders
• Master of the High Court
• Developed strong relationships with key stakeholders to build trust, drive collaboration, and secure buy-in for business initiatives.
• Guided business planning, competitive analysis and strategy development.
• Reduced costs through strategic vendor partnerships, streamlined procurement processes, and optimized resource allocation.
• Supervised work teams and motivated individuals to meet goals and objectives through stellar customer services.
• Oversaw comprehensive risk management activities that safeguarded company assets while minimizing exposure to potential threats.
• Mentored executive team members for professional development and succession planning.
• Oversaw staff training and professional development.

• SA [ Involved with setting up of administrative and legal processes to start office]
• Oversee delivery of legal services across policy development, research, and IT analysis areas
• Lead consultations of complex, diverse, and sensitive technological issues in line with Information Regulator’s mandate
• Develop and implement strategies to drive cloud computing, cyber-security, data transfer and data protection initiatives
• Compile privacy compliance frameworks, operator agreements, data privacy impact assessments and development of codes of conduct
• Drafting of public policies and delivered training on data protection legislation
• Information Security - Data Breaches, Enforcement
• Drafting, reviewing, and negotiating complex contracts: Vendor agreements, cloud services agreements, software licensing agreements, service level agreements, intra-group service contracts, etc
• Expertise in contract interpretation and dispute resolution: International arbitration, litigation experience, conflict resolution skills
• Strong understanding of corporate and commercial la M&A, subsidiaries, international operations, joint ventures, etc
• Knowledge of regulatory compliance: Banking regulations, technology regulations, data privacy laws, etc
• Identifying and assessing compliance risks, developing and implementing compliance programs by creating policies and procedures to help the organization comply with the law, monitoring and enforcing compliance, providing training and education, responding to regulatory inquiries and resolving compliance issues
• Conducting due diligence on potential business partners or investments, Advising on compliance with industry-specific regulations, Developing and implementing ethical codes of conduct, Investigating allegations of non-compliance, Representing the organization in regulatory enforcement actions
• Expert knowledge on data protection frameworks POPIA, GDPR, CCPA, LGDP, PDA, Article 379 of the UAE Penal Code, Constitution of the UAE (Federal Law 1 of 1971), Fe d er a l De cre e -L aw N
• 4 5 of 2 02 1 UAE Data law 2021).Knowledge of MENA data protection frameworks
• Directs and supervises the activities of the Legal Unit and ensures consistency and transparency of the legal policies, practices and interpretation
• Development, review, and implementation of data privacy frameworks, Technical and Organisational Measures, policies, procedures, and templates, aligned with data privacy laws and regulations (e.g., GDPR, ISO 27701, ISO 27001, PCI DSS, NDMO)
• Experience with international standards and local regulatory requirements (e.g., ISO 27701, GDPR, ISO 27001, PCI DSS, NDMO)
• Conducting Data Protection Impact Assessments (DPIAs) to identify and mitigate privacy risks
• Designing, implementing, and maintaining privacy management workflows for issue identification, logging, investigation, and resolution
• Developing of guidance notes on consent, direct marketing, and codes of conduct, appropriate, reasonable,organizational and technical measures, processing of personal information, standard operating procedures to facilitate compliance with POPIA, GDPR, CCPA,LGDP,PDA
• African Data protection legislation
• Project management experience, including assisting PMs with status updates, audit/technical assessment reports, and project management meetings
• Lead Compliance and Ethics Programs
• Knowledge of IT Governance Frameworks [NIST (National Institute of Standards and Technology) Cybersecurity Framework , COBIT (Control Objectives for Information and Related Technology), ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) ISO/IEC 38500, Business Continuity and Disaster Recovery, King Principles of Corporate Governance
• Conducting of privacy audits, reviewing of agreements with affiliates to assess privacy compliance and the provision of legal advice related to the work of the organization
• (Data Protection Authority)
• Records of processing -ROPA
• Enforcement procedures and compliance
• Privacy by design and default , Regulatory Sandboxes
• Ensures legality in the implementation of the Organization's activities by advising on policy, constitutional and legal aspects or are related to the interpretation and application of legal instruments; the interpretation and drafting of legal instruments
• Represents the Organization in consultations and negotiations involving constitutional and legal questions
• Provision of legal opinions or advice on data protection, cyber-security, risk and compliance, Research on Fintech (block chain, crypto currencies, mobile payments, regulation of Fintech), data protection compliance, trans-border information flows, predictive analytics, big data & AI
• Consent Management, Data Breach Management, Data Protection Adequacy Decisions, AI Policy Development
• Lead the DPO solutions strategy by identifying, justifying and implementing comprehensive processes and tools to support data privacy operations, increase privacy automation and centralise record keeping
• Influence the data technology strategy and roadmap through techniques and privacy enhancing technologies that touch the entire data life cycle including areas such as access management, authentication, encryption, minimisation and aggregation, collection and use of personal data
• Establish practices to ensure ongoing vigilance when implementing Privacy by Design
• Define the process and tools for managing Records of Processing Activities (RoPAs)
• Work with key stakeholders to document RoPAs
• Develop and recommend enhancements for Data Privacy Impact Assessments in line with the requirements of data privacy laws when initiating new projects that may pose a high risk to privacy
• Lead improvements of our privacy and security programme considering third parties and vendor risk as a priority
• Advise on privacy incidents as part of a cross-functional team who investigates and manages privacy incidents
• Maintain privacy incident records and analyse overall risk with connections to the RoPA
• Provide advice and recommendations to minimise or eliminate privacy vulnerabilities leading to potential privacy incidents
• Conduct regular audits of the IT landscape to identify privacy risks
• Work with key stakeholders to manage risks identified
• Provide subject matter expertise on the AI governance framework
• Manage a team of Privacy Analysts

• Pretoria, SA
• Management of largest Guardians Fund in SA
• Drafting, reviewing, and negotiating complex contracts: Vendor agreements, cloud services agreements, software licensing agreements, service level agreements, intra-group service contracts, etc
• Expertise in contract interpretation and dispute resolution: International arbitration, litigation experience, conflict resolution skills
• Strong understanding of corporate and commercial la M&A, subsidiaries, international operations, joint ventures, etc
• Knowledge of regulatory compliance: Banking regulations, technology regulations, data privacy laws, etc
• Legal Services across Organization
• Negotiation and Drafting of contracts and agreements, Management and mitigation of Risks, litigation, dispute resolution Enforcement procedures and compliance
• Drafting forms and regulations
• Directed daily functions of 300 staff members across two national offices
• Oversaw regulation of curatorship’s, deceased estates, guardian funds, liquidations, insolvencies, and trusts
• Managed financial, fraud prevention, HR, litigation, performance, service delivery, and stakeholder relations operations
• Engaged in African regional workshops as well as high-level public and private sector interactions
• Provided leadership and training to legal professionals and management teams
• Drafted legal directives and policies to ensure data protection compliance and readiness with legislative frameworks including POPIA
• Drafting of policies
• Spearheaded project on transformation of state legal services in concurrent position as Chief Director Research for Department of Justice and Constitutional Development
• Improved performance of state attorneys by designing and executing skills matrix and turnaround strategies
• Advanced digital capabilities through leading implementation of E-Systems including e-learning modules, electronic diary management, as well as e-filing and e-government research
• Advanced ICT contract management, data protection compliance, and risk analysis capabilities
• Enhanced accountability, planning and transparency across departmental branch by effectively monitoring and optimising existing processes
• Increased productivity outputs by 90% through designing bespoke evaluation, service delivery, and value chain systems
• Developed data protection compliance guidelines and frameworks
• Incorporate privacy by design and default principles when systems are being developed
• Privacy audits conducted
• Records of processing -ROPA
• Supported the implementation of compliance policies and procedures, consistently meeting deadlines and ensuring the quality of documentation
• Developed and updated Regulatory Compliance Registers regularly, ensuring alignment with ethics, compliance, and privacy obligations across all business areas
• Risk assessments, performed due diligence activities to the achievement of key performance metrics
• Assisted in investigating breaches of the Compliance Program, meticulously maintaining records of findings, recommendations, and implemented actions
• Identifying and assessing compliance risks, developing and implementing compliance programs by creating policies and procedures to help the organization comply with the law, monitoring and enforcing compliance, providing training and education, responding to regulatory inquiries and resolving compliance issues
• Conducting due diligence on potential business partners or investments, Advising on compliance with industry-specific regulations, Developing and implementing ethical codes of conduct, Investigating allegations of non-compliance, Representing the organization in regulatory enforcement actions
• Identified privacy issues related to data protection compliance with suppliers and IT systems, facilitating prompt resolution
• Developed and delivered engaging compliance training and communication sessions, enhancing employee awareness of relevant compliance obligations and facilitating seamless onboarding
• Maintained comprehensive records of risk assessments, due diligence, investigations, actions taken, communications, and training to meet reporting requirements of internal and external stakeholders
• Engaged proactively with stakeholders to ensure the effective implementation of the Company's Compliance Program
• Assisted in developing, monitoring, and reporting critical metrics to provide timely updates to all relevant stakeholders
• Drafting outsourcing agreements, cloud computing agreements and ICT Contracts
• Privacy Compliance Frameworks and Personal Information Impact Assessments (DPA)
• Lead Compliance and Ethics Programs
• Skilled at working independently and collaboratively in a team environment.

• Legal Services across Organization
• Negotiation and drafting of contracts and agreements, Management and mitigation of Risks, litigation, dispute resolution Enforcement procedures and compliance
• Drafting forms and regulations
• Investigation of maladministration, fraud, and corruption in state departments
• Assessing compliance and risk framework
• Drafting, litigation, ICT Law Contracts, and high-level stakeholder engagements
• Provincial outreach manager for KZN and Head of Advocacy
• International Ombuds
• Mediation, Negotiation and Conciliation, Litigation