Sonal Joshi

Dear Sir/ Ma’am,
I am an experienced Data Privacy and GRC professional with over a decade of legal and 
compliance expertise across Banking, Fintech, Healthcare and Technology sectors. My work with 
First Abu Dhabi Bank, Capgemini, and LTIMindtree has equipped me with hands-on knowledge 
in implementing privacy frameworks aligned with UAE Federal Law No. 45/2021, CBUAE CPR 
& CPS, GDPR, and other global privacy laws including PDPL (KSA), HIPAA, and DPDPA 
(India).
My core strengths include conducting privacy gap assessments, managing Data Subject Rights
(DSR) requests, and leading data breach investigations and response. I have also delivered ROPA, 
PRA & DPIAs, cross-border data transfer reviews, and third-party risk assessments using tools 
like BigID, OneTrust, and Archer.
I am particularly skilled and interested in working on:
• Data privacy operations & audits
• GRC framework design & implementation
• AI governance and ethical compliance
• Vendor risk & third-party data assessments
• Training and policy development for privacy awareness
Certified in CIPP/E, ISO 27001 LA, and currently pursuing CISSP, I combine legal acumen with 
technical awareness to support robust privacy governance, policy implementation, and GRC 
alignment. I look forward to contributing to your organization’s privacy and compliance 
initiatives.
Sincerely,
Sonal Joshi

Dear Sir/ Ma’am,
I am an experienced Data Privacy and GRC professional with over a decade of legal and 
compliance expertise across Banking, Fintech, Healthcare and Technology sectors. My work with 
First Abu Dhabi Bank, Capgemini, and LTIMindtree has equipped me with hands-on knowledge 
in implementing privacy frameworks aligned with UAE Federal Law No. 45/2021, CBUAE CPR 
& CPS, GDPR, and other global privacy laws including PDPL (KSA), HIPAA, and DPDPA 
(India).
My core strengths include conducting privacy gap assessments, managing Data Subject Rights
(DSR) requests, and leading data breach investigations and response. I have also delivered ROPA, 
PRA & DPIAs, cross-border data transfer reviews, and third-party risk assessments using tools 
like BigID, OneTrust, and Archer.
I am particularly skilled and interested in working on:
• Data privacy operations & audits
• GRC framework design & implementation
• AI governance and ethical compliance
• Vendor risk & third-party data assessments
• Training and policy development for privacy awareness
Certified in CIPP/E, ISO 27001 LA, and currently pursuing CISSP, I combine legal acumen with 
technical awareness to support robust privacy governance, policy implementation, and GRC 
alignment. I look forward to contributing to your organization’s privacy and compliance 
initiatives.
Sincerely,
Sonal Joshi

LL.B. , M.Sc. CIPP-E,  ISO 27001