Rupa Pattni

MAPLES GROUP, London: Global Data Protection Officer (current)

• Group Privacy Framework: Defined and reported on the maturity of the Group Privacy Framework, aligning global regulatory requirements with commercial priorities and enterprise risk management objectives. Increased visibility of the function by developing Board, Operating Committee, and stakeholder management reporting.
• Advisory: Managed compliance across EU, UK, Cayman, Singapore, Hong Kong, UAE, and US including cross-border transfers; alignment with local regulatory requirements in vendor and client contract reviews; support to ISO 27701 audit processes to evidence privacy control effectiveness.
• Asset Mapping: Responsible for the implementation of a Privacy GRC platform to support the transition of the data inventory and records of processing activities to an automated solution (including integrations with Azure and Entity Management systems).
• Incident Management: Strengthened the privacy element of the incident management framework by implementing robust risk assessment, escalation, and regulatory notification protocols, improving response timeliness and governance oversight.
• Training and Awareness: Drove continuous improvement of the Group data protection training programme to enhance employee awareness and increase compliance. Delivered annual e-learning training combined with tailored F2F training; worked with Information Security to deliver annual surveys to measure awareness and determine direction for future initiatives.
• Data Subject Rights: Redesigned the data subject rights process, reducing average response time and improving audit readiness.
• Regulatory & Stakeholder Engagement: Served as primary contact for supervisory authorities across 10 jurisdictions, including ICO, DPC, and Cayman Ombudsman, overseeing regulatory inquiries, breach notifications, and cross-border data transfer governance. Close collaboration with internal stakeholders including Information Security, Risk, and Compliance.
• Line management of 1–2 permanent employees and budget responsibility for the Group function.

MAPLES GROUP, London: Global Data Protection Manager (2022-2025)

• Regulatory Compliance: Supported multi-jurisdiction compliance (EU, UK, Cayman, Singapore, Hong Kong, UAE, US) and cross-border transfers; vendor and client contract reviews; ISO 27701 audit support.
• Policy & Framework: Maintained global data protection policies, standards, and procedures, including data subject rights handling and breach notification frameworks.
• Training & Awareness: Designed and delivered organisation-wide privacy e-learning and some face to face training strengthening employee awareness and embedding a culture of data protection accountability across all levels.
• DPIA & Risk Management: Maintained Data Protection Impact Assessments (DPIAs) for new systems and business practices, advising on risk mitigation and privacy-by-design controls.
• Incident & Breach Management: Directed the investigation, documentation, and remediation of personal data breaches, including regulatory notification to authorities such as the Cayman Ombudsman, the UK's Information Commissioner's Office, the Irish Data Protection Commission, etc, ensuring timely and defensible reporting.
• Third-Party Risk Assessment: Reviewed and negotiated data protection provisions in third-party agreements, strengthening vendor compliance and cross-border data transfer safeguards.
• Regulatory & Stakeholder Engagement: Served as a primary contact for supervisory authorities and data subjects, managing regulatory inquiries, complaints, and escalations with professionalism and risk awareness.

HUAWEI TECHNOLOGIES UK, Reading: UK Privacy Officer (2020-2022)

• Lead UK Privacy Officer: Acted as Lead Privacy Officer for multiple business units (R&D, Consumer, Global Finance, Customer Accounts), establishing, maintaining, and overseeing a robust privacy governance framework aligned to business strategy and risk appetite.
• Training and Awareness: Designed and delivered targeted training and awareness initiatives to strengthen understanding of UK GDPR, PECR, and the Data Protection Act 2018, including regulatory divergence from the EU regime and alignment considerations across EU, US, and APAC regions.
• Organisational Structure: Operated within a complex global matrix structure, reporting directly to the UK Chief Security Officer while maintaining a dotted-line to the regional and Group privacy teams to ensure global consistency and local compliance.
• Horizon Scanning and Reporting: Produced and presented monthly privacy maturity insights and regulatory horizon scanning updates to senior stakeholders across the UK, EU, Western Europe, and APAC, highlighting emerging risks and their potential business impact.
• UK Privacy Strategy: Defined and implemented the UK privacy strategy, overseeing key programme components including data inventory management (OneTrust), DPIAs/PIAs, incident management (including tabletop simulations), data processing agreement reviews, training delivery, and regulatory advisory support.
• Privacy Champion Network: Established and led a network of privacy champions to embed accountability across business entities. Launched monthly governance forums to monitor priorities, track risk mitigation actions, and review developments in the regulatory landscape. Increased engagement through regular newsletters and facilitated focus groups.
• Audits: Led the planning and successful execution of ISO 27001 and ISO 27701 certifications for the UK entity, managing audit preparation, stakeholder interviews, remediation tracking, and close collaboration with Information Security to achieve certification.
• Recognition: Recognised for performance and leadership with multiple awards, including Outstanding Contribution, Future Star, Cyber & Privacy Team Award, and Excellent Individual Contribution.

BARCLAYS BANK PLC, Canary Wharf: Senior Privacy Manager (2011-2020)

• Privacy Function: Contributed to the establishment of the privacy function's core responsibilities prior to the introduction of the GDPR; UK responsibilities expanded to include global privacy advisory.
• Regulatory Compliance: Lead SME for the GDPR and PECR implementation programmes; contributed to the development of the Group and UK Interpretation Handbooks. Knowledge sharing with internal teams, the wider Compliance team, and key business areas. Presented updates at weekly and monthly meetings; escalated issues to the Head of Privacy, Legal, and the Steering Committee.
• Advisory role: Primary point of contact for distribution channels and product areas in Retail banking; supporting assessment of branch level privacy controls (i.e. physical access, confidential waste, disclosure, complaints management) and online privacy controls (i.e. transparency of processing, online marketing, retail banking app, and open banking).
• Governance Frameworks: Contributed to the establishment of governance frameworks; including the team competency framework, quality assurance approach to support the implementation of privacy self-service tools, Privacy team operating model and supporting RACI, and the wider Compliance CRA and RCSA activity.
• Inter-personal skills: Role required strong decision making, analytical, and organisational skills. Able to work autonomously, and to plan and prioritise activities to enable efficient and effective delivery. Supported the Head of BUK Privacy to deliver strategic direction and leadership of the privacy team.

BARCLAYS BANK PLC, Canary Wharf: Retail Compliance Manager (2005-2011)

• Represented Compliance on internal cross-border initiatives, providing interpretation of relevant EU regulation.
• Led drafting of Barclay's response to regulatory reviews (e.g. FSA's ARROW action), which specifically focused on mortgage affordability.
• Contributed to the development of risk frameworks/dashboards.
• Horizon scanning for significant and relevant regulatory developments.
• Provided direction on remediation activity in response to regulatory breaches.
• Aggregation of Compliance management information.