Gaurav R.

Senior Consultant @ EY | Data Privacy professional, CIPP/E, India DPDPA, KSA PDPL, ISO 42001 certified

Mumbai, Maharashtra, India

About

Currently serving as a Technology Consultant at EY, I bring a unique blend of technical acumen and strategic insight to the table. Specialized in Data Privacy, I bring extensive experience ensuring compliance with the India DPDP Act, UAE PDPL and KSA PDPL. I've successfully spearheaded initiatives for clients across telecom, entertainment, automotive, real-estate, oil & gas, identified Personal Data Touch Points, developed robust Data Privacy strategies, and established effective governance structures through comprehensive gap assessments. My skills span RoPA document creation, Data Flow Diagrams, DPIA for critical processes, third-party vendor risk assessment, and policy drafting (Privacy Notice, Cookie Policy, Personal Data Breach management procedures, Data Subject Rights handling procedures, Data Protection impact assessment procedures, and Consent banners). Holding a Bachelor's in Computer Engineering and an MBA in IT Business Management, I continually stay abreast of the latest industry trends and technologies. Committed to improvement, I actively enhance my skills and knowledge.

Experience

  • EY (Full-time · 3 yrs 3 mos)
    • Senior Consultant
      Oct 2025 - Present · 10 mos

    • Technology Consultant
      May 2023 - Oct 2025 · 2 yrs 6 mos

      I am a Data Privacy professional, with extensive experience working on engagements requiring compliance with the India DPDP Act. He has successfully led initiatives for major tech organizations, which have included the identification of Personal Data Touch Points, the development of effective Data Privacy strategy and governance structures, as well as comprehensive gap assessments. My expertise extends to creating RoPA documents for processing activities, crafting Data Flow Diagrams, conducting DPIA for critical processes, third-party vendor risk assessment, and policy drafting including privacy policies, privacy notices, cookie policies, breach management procedures, Data Principal request handling procedures, Data lifecycle management procedures, and consent banners. I have also developed Implementation Charters that address specific areas required to follow privacy regulations and drafted the post-implementation review report for the organization.