Data Privacy Third-Party Risk
Resume:
Ola Dosunmu
DATA PRIVACY: CIPP/US, CIPP/E, CISA
Address: Atlanta, GA 30133 Phone: 470-***-**** Email: *********@*****.*** PROFESSIONAL SUMMARY
Certified Data Privacy Analyst with over eight years of progressive experience in enterprise data governance, regulatory compliance, and privacy operations. Specialized in leveraging platforms like OneTrust, TrustArc, and Archer to operationalize privacy frameworks, manage cross-border data flow requirements, and advise on third-party risk. Blends a legal background, security auditing knowledge, and hands- on database administration experience to provide strategic and tactical guidance on privacy programs aligned with GDPR, CCPA, HIPAA, and ISO 27701. Strong in data lifecycle management, stakeholder engagement, and embedding privacy into technology systems for sustainable compliance.
CORE COMPETENCIES
Privacy Tools: OneTrust (Data Mapping, DPIA Automation, Consent), TrustArc, RSA Archer, Excel, SharePoint
Operations: ROPA Development, DSAR Lifecycle Management, Data Inventory Creation, Privacy Impact Assessment
Privacy Compliance & Security : GDPR, CCPA/CPRA, HIPAA, HITECH, ISO 27701, SCCs, DPAs, BAAs, Vendor Privacy Risk Review, Incident, Transparent Data Encryption (TDE), Data Masking, PGP Encryption, SSL/TLS, Role-Based Access Control (RBAC), Active Directory, PCI-DSS, COBIT, Guardium Integration
DevOps & CI/CD: SQL Change Automation (Redgate), Git, Integration with DevOps pipelines, PEM Alerting
Technical Background: SQL Server Administration, Vulnerability Remediation, Secure Configuration
Database Platforms: PostgreSQL (9.3–15), SQL Server (2012–2022), MySQL, MSSQL, AWS RDS, Azure SQL Database, GC-SQL
Cloud & Virtualization: Microsoft Azure, AWS (EC2, RDS, S3), Google Cloud Platform (GCP), VMware HA & DRS. PROFESSIONAL EXPERIENCE
Data Privacy & Compliance Specialist
Lenovo – Morrisville, NC Dec 2022 – Present
Spearheaded the development of data inventories and classification schemes using OneTrust to align with GDPR Article 30 obligations.
Partnered with product and procurement teams to embed privacy-by-design requirements into vendor onboarding processes, using DPIA templates and automated approval flows.
Reviewed complex technical architectures to identify high-risk processing and proposed privacy-enhancing measures using both technical and contractual mitigations.
Supported global M&A efforts by conducting privacy due diligence reviews of target firms’ data practices, identifying control gaps, and advising on remediation plans.
Used TrustArc to monitor consent capture mechanisms across multiple properties, ensuring transparency, choice, and valid lawful bases for processing.
Authored SOPs for DSAR fulfillment, incorporating jurisdiction-specific timelines and system owner collaboration procedures.
Collaborated with Cybersecurity to respond to identified data vulnerabilities, enhancing privacy controls within internal reporting tools.
Implemented automated workflows in OneTrust for DPIA initiation and review, improving speed-to-assessment and cross-team coordination.
Coordinated international regulatory research and summarized enforcement trends to support Lenovo’s global privacy strategy alignment.
Provided privacy controls validation during internal software development lifecycle (SDLC) gates using predefined privacy checklists.
Assessed marketing campaigns for compliance with ePrivacy and cookie regulations, advising on lawful basis and consent string format.
Performed configuration reviews of analytics tools to ensure anonymization, pseudonymization, and opt-out mechanisms were functional.
Developed privacy FAQs and self-service guides for business users to reduce manual DSAR triage overhead.
Conducted due diligence of third-party APIs embedded in enterprise applications to validate compliance with Lenovo’s privacy framework.
Worked alongside Engineering teams to classify PII datasets and design structured de-identification workflows to enhance compliance posture.
Contributed to legal reviews of SCCs and participated in creating customized contractual clauses for third-country data transfers.
Conducted privacy training and tabletop breach simulations for business units to improve incident preparedness and regulatory response. Data Privacy Analyst
Cardinal Health – Atlanta, GA Oct 2018 – Nov 2022
Applied ISO 27701 controls to build a risk register for privacy threats across internal systems using RSA Archer and coordinated mitigations with InfoSec.
Used OneTrust to design and manage an automated DSAR intake process that streamlined response validation and improved alignment with GDPR Article 15 requirements.
Evaluated vendor processing activities against privacy criteria, and negotiated BAAs and DPAs to align data handling obligations with organizational risk appetite.
Configured privacy controls in internal applications to enforce data minimization and purpose limitation principles based on DPIA findings.
Worked alongside Engineering teams to classify PII datasets and design structured de-identification workflows to enhance compliance posture.
Contributed to legal reviews of SCCs and participated in creating customized contractual clauses for third-country data transfers.
Conducted privacy training and tabletop breach simulations for business units to improve incident preparedness and regulatory response.
Integrated OneTrust modules with internal case management tools to streamline audit documentation and generate compliance dashboards for DSARs and PIAs.
Conducted Transfer Impact Assessments (TIAs) for cross-border data transfers and documented risk posture for EU-US transfers.
Drafted privacy guidance documentation for internal teams to clarify distinctions between legitimate interest and consent under GDPR.
Analyzed data retention gaps in archived systems and initiated review procedures to validate deletion accuracy for legacy data.
Collaborated with HR and Legal to establish privacy controls for employee records during internal investigations and audits.
Led cross-functional privacy working groups to review policy updates, aligning procedures with evolving global regulatory expectations. SQL Server Database Administrator
Booz Allen Hamilton – Atlanta, GA Jan 2016 – Oct 2018
Developed automated compliance scripts in PowerShell for SQL Server hardening aligned with PCI and HIPAA audit requirements.
Supported Privacy and Risk teams by providing access logs and audit trail queries for forensic investigations and data subject request traceability.
Executed secure migration strategies for legacy platforms, leveraging encryption and role-based access controls to ensure confidentiality of PII during transfer.
Performed root cause analysis on data access anomalies and coordinated remediation with internal stakeholders to reduce unauthorized access risk.
Collaborated with Legal and Compliance to review database architecture ahead of PIAs and suggest secure configurations for upcoming deployments.
Designed SQL Agent jobs to routinely capture and archive access history logs supporting internal and external audit traceability.
Supported secure provisioning processes by scripting automated user role assignments and permissions consistent with data handling classifications.
Collaborated with privacy leads to implement logging standards that aligned with GDPR’s Article 30 data accountability requirements.
Built server health monitoring dashboards with Idera and native SQL tools to alert privacy stakeholders to unusual query behavior.
Assisted Cybersecurity team with correlating audit trail anomalies with privacy breach assessments for root cause analysis.
Documented standard operating procedures for database failover recovery that included privacy and access control considerations.
Partnered with legal team to map sensitive data flow across staging environments and validate masking procedures for pre-production systems.
CERTIFICATIONS
Certified Information Privacy Professional / United States (CIPP/US)
Certified Information Privacy Professional / Europe (CIPP/E)
Certified Information Systems Auditor (CISA)
OneTrust Certified Privacy Professional (Core, DPIA, Consent, Data Mapping)
Microsoft Certified Solutions Associate (MCSA)
Associate Consultant – Nigerian Institute of Management EDUCATION
Bachelor of Laws (LL.B) – Olabisi Onabanjo University, Nigeria Apr 2009 B.L. (Law) – Nigerian Law School Jul 2011
Contact this candidate