Data Protection Analyst at Gyavans Services Ltd (2023-02 – Present)
- Lead and delivered DPIAs for initiatives including a SharePoint migration and employee wellness app, identifying risks around personal and special category data and embedding data protection by design and by default, resulting in reduced data exposure, strengthened access controls and compliant project delivery.
- Delivered privacy risk assessments and governance discussions, presenting complex privacy risks in a clear, business-focused way and influencing senior stakeholders on risk acceptance and mitigation actions.
- Oversaw data subject rights (DSAR) handling, triaging requests, liaising with relevant departments to retrieve key information, and applying appropriate redactions, ensuring accurate responses delivered within statutory timeframes and in line with UK GDPR requirements.
- Developed governance documentation, guidance, and induction training for new staff to improve organisational awareness of data protection and information governance responsibilities.
- Supported monitoring of compliance with legal and regulatory requirements, contributing to risk management and governance reporting.
- Drafted internal guidance, policies, and procedures relating to data protection, privacy, and regulatory compliance.
- Managed and investigated data protection incidents and breaches, including successfully containing an incident involving unauthorised access to personal data within 24 hours by coordinating with IT and operational teams to restrict access, remediate risks, and strengthen controls.
- Maintain the organisation's Record of Processing Activities (RoPA), working with IT and Information Asset Owners to identify data ownership and document processing activities, strengthening transparency and governance oversight.
- Lead the preparation and delivery of quarterly Audit & Risk committee reports, providing senior leadership with oversight of organsiational data protection performance, compliance metrics, incidents, and risk management activities.
- Contributed to the review and analysis of data retention periods, ensuring alignment with storage limitation principles under GDPR.
Data Protection Officer at 1st Central Insurance Ltd via Teleperformance (2024-02 – 2025-03)
- Supported IAOs in defining and drafting data retention periods across business functions, and developed a centralised organisational retention schedule, ensuring alignment with GDPR storage limitation principles and internal policies.
- Collaborated with Legal, Procurement, and cross-functional teams to support supplier onboarding, conducting vendor due diligence and reviewing contracts (including SCCs and IDTAs) to ensure third-party compliance with Article 28 requirements, data protection obligations, and security standards such as Cyber Essentials Plus and ISO 27001.
- Delivered data protection awareness training as part of new starter induction programmes, ensuring consistent understanding of data protection principles, organisational policies, and best practices across the workforce.
- Managed and investigated data protection incidents, including logging incidents in tracking systems, conducting risk assessments, and supporting root-cause analysis to prevent recurrence.
- Handled and coordinated responses to Data Subject Access Requests (DSARs), ensuring timely, accurate, and compliant responses within statutory deadlines.
- Managed and coordinated data protection activities, monitoring delivery against key priorities and internal SLAs to ensure timely and compliant completion of DPIAs, ROPAs, policy reviews, privacy notices, and advisory requests.
- Tracked and reported on data protection deliverables, including Legitimate Interest Assessments, Business Impact Assessments, training, and regulatory registrations, ensuring alignment with compliance requirements and continuous improvement of DP operations.
- Introduced the use of Microsoft Purview to automate retention policies and labels, enabling trigger-based reviews by Information Asset Owners at end-of-life stages to support compliant data deletion or archiving in line with retention requirements.
- Reviewed and challenged high-risk DPIAs and AI Impact Assessments, ensuring transparency, fairness, data minimisation, and compliance with Article 22 safeguards for automated decision-making.
Information Governance Officer at Lawrencia & Co Solicitors (2023-08 – 2024-10)
- Delivered structured client reporting and case updates by analysing case data, documenting key findings, and presenting clear risk insights, supporting data protection compliance, regulatory readiness, and informed stakeholder decision-making.
- Managed sensitive personal and operational data within a controlled governance environment (including OneTrust), ensuring secure handling, appropriate access controls, and maintenance of accurate, audit-ready records in line with data protection and confidentiality requirements.
- Produced quarterly privacy and compliance reports by analysing data flows, incident logs, and risk registers, summarising key findings, risk exposures, and remediation actions, and presenting insights to senior stakeholders to support governance oversight and informed decision-making.
- Handled complex ad hoc data protection queries and regulatory requests (including SARs, breach assessments, and lawful basis queries), conducting rapid risk assessments and coordinating with relevant teams to deliver accurate, compliant outcomes within statutory deadlines, while maintaining clear audit trails and documentation.
- Strengthened governance and control frameworks by reviewing documentation processes, defining clear data ownership, and implementing consistent naming conventions and structured folder permissions to improve record accuracy, accessibility, and GDPR compliance.
- Built strong, trusted relationships with clients and cross-functional teams by communicating complex data protection requirements clearly and professionally.
- Completing third party vendor privacy assessments, reviewing data sharing agreements and data protection clauses.
Governance Officer at Bav & partners LTD (2023-03 – 2024-08)
- Ensured accuracy, completeness, and compliance of sensitive operational and client data, validating information against internal controls and regulatory requirements, ensuring audit readiness in line with data privacy standards.
- Prepared structured operational and performance reports by analysing operational data, highlighting risk exposure, and supporting senior stakeholders in informed decision making and governance oversight.
- Reviewed datasets and documentation to identify data quality issues and privacy risks, implementing corrective actions to strengthen data reliability and reduce regulatory exposure.
- Managed end-to-end reporting processes for privacy-related metrics, collecting, organising, and analysing information across multiple systems while ensuring confidentiality and integrity.
- Responded to ad-hoc data protection queries and information requests from stakeholders with precision and timeliness in line with regulatory expectations and deadlines.
- Strengthened data governance and privacy frameworks by enforcing high standards of record-keeping, information security, and adherence to GDPR, CCPA, and other relevant privacy regulations.
Operations & Compliance Reporting Officer at Central Bank of Nigeria (2019-01 – 2020-12)
- Monitored adherence to banking regulations and internal policies, ensuring accurate regulatory reporting and consistent compliance with applicable legislative requirements.
- Compiled and validated regulatory reports and data submissions, ensuring accuracy and completeness, and alignment with governance and privacy requirements.
- Implemented and maintained compliance policies and procedures within the bank, supporting the embedding of data protection controls across business operations.
- Identified compliance and data privacy risks by reviewing business processes and data handling activities, conducting risk assessments, and recommending targeted controls such as access restrictions, data minimisation, and improved documentation practices to reduce regulatory exposure.
- Coordinated regulatory audits and compliance reviews, ensuring timely remediation of findings and maintenance of audit-ready documentation.
- Maintained up-to-date knowledge of evolving regulatory and data protection requirements, supporting organisational readiness and continuous compliance.
GRC Risk Analyst at Nigerian Security Printing & Minting Plc (2018-07 – 2019-09)
- Analysed contracts, procurement records, and operational data to identify potential data privacy risks, control gaps, and compliance issues.
- Supported internal privacy and data governance frameworks by ensuring the integrity and confidentiality of sensitive information across financial, contractual, and operational records.
- Contributed to data privacy risk mitigation strategies by identifying and recommending controls.