Sonal Joshi

Dear Sir/ Ma’am,

I am an experienced Data Privacy and GRC professional with over a decade of legal and compliance expertise across Banking, Fintech, Healthcare and Technology sectors. My work with

First Abu Dhabi Bank, Capgemini, and LTIMindtree has equipped me with hands-on knowledge in implementing privacy frameworks aligned with UAE Federal Law No. 45/2021, CBUAE CPR

& CPS, GDPR, and other global privacy laws including PDPL (KSA), HIPAA, and DPDPA

(India).

My core strengths include conducting privacy gap assessments, managing Data Subject Rights

(DSR) requests, and leading data breach investigations and response. I have also delivered ROPA,

PRA & DPIAs, cross-border data transfer reviews, and third-party risk assessments using tools like BigID, OneTrust, and Archer.

I am particularly skilled and interested in working on:

• Data privacy operations & audits
• GRC framework design & implementation
• AI governance and ethical compliance
• Vendor risk & third-party data assessments
• Training and policy development for privacy awareness

Certified in CIPP/E, ISO 27001 LA, and currently pursuing CISSP, I combine legal acumen with technical awareness to support robust privacy governance, policy implementation, and GRC alignment. I look forward to contributing to your organization’s privacy and compliance initiatives.

Sincerely,

Sonal Joshi

Dear Sir/ Ma’am,

I am an experienced Data Privacy and GRC professional with over a decade of legal and compliance expertise across Banking, Fintech, Healthcare and Technology sectors. My work with

First Abu Dhabi Bank, Capgemini, and LTIMindtree has equipped me with hands-on knowledge in implementing privacy frameworks aligned with UAE Federal Law No. 45/2021, CBUAE CPR

& CPS, GDPR, and other global privacy laws including PDPL (KSA), HIPAA, and DPDPA

(India).

My core strengths include conducting privacy gap assessments, managing Data Subject Rights

(DSR) requests, and leading data breach investigations and response. I have also delivered ROPA,

PRA & DPIAs, cross-border data transfer reviews, and third-party risk assessments using tools like BigID, OneTrust, and Archer.

I am particularly skilled and interested in working on:

• Data privacy operations & audits
• GRC framework design & implementation
• AI governance and ethical compliance
• Vendor risk & third-party data assessments
• Training and policy development for privacy awareness

Certified in CIPP/E, ISO 27001 LA, and currently pursuing CISSP, I combine legal acumen with technical awareness to support robust privacy governance, policy implementation, and GRC alignment. I look forward to contributing to your organization’s privacy and compliance initiatives.

Sincerely,

Sonal Joshi

LL.B. , M.Sc. CIPP-E, ISO 27001