Upcoming Privacy Champions Community Online webinars

On Wednesday, March 11th, 2026 at 10:00 AM PST, Privacy License is hosting a free, live 1-hour executive briefing on “The Illusion of Control: When “Mature” TPRM Programs Still Lose Privacy,” featuring  Shruti Mukherjee, Director, Governance, Risk and Compliance, in conversation with Founder & CEO, Nabanita De, Privacy License.

Third-party risk management (TPRM) programs have evolved significantly in recent years. Organizations now point to advanced ERM alignment, standardized assessments, continuous monitoring tools, and stronger contractual safeguards as evidence of maturity.

On paper, it looks like progress. Yet privacy incidents involving third parties continue to surface with alarming frequency.

This session examines a difficult but necessary question:  Why does privacy accountability continue to fail even in mature TPRM environments? 

Drawing on real-world advisory experience and regulatory trends, this session argues that the issue is rarely a lack of framework sophistication. Instead, failures occur where accountability is assumed rather than operationalized.

Participants will explore how privacy risk becomes diluted across legal, procurement, security, and business functions; why contracts often create a false sense of control; and how static assessments fail to keep pace with evolving vendor behavior.

The session moves beyond theory and focuses on practical mechanisms for shifting from process maturity to accountability maturity, ensuring privacy risk is actively governed throughout the vendor lifecycle, not just documented at onboarding.

Learning Objectives
Participants will:

• Understand why advanced TPRM frameworks do not automatically ensure privacy accountability
• Identify where ownership breaks down across the vendor lifecycle
• Recognize the limitations of static assessments and checkbox compliance
• Evaluate the false comfort of contractual safeguards without operational enforcement
• Learn practical strategies to strengthen third-party privacy oversight

This session is ideal for:

• Chief Privacy Officers
• Data Protection Officers
• Third-Party Risk Managers
• Compliance & Risk Leaders
• Legal Counsel handling vendor contracts
• CISOs and Security Governance Professionals
• Board and Audit Committee Advisors

About our Speaker

Shruti Mukherjee is a GRC leader specializing in privacy governance, third-party risk management, and AI accountability. She works at the intersection of privacy, security, and operational risk, helping organizations move from documented compliance to demonstrable control effectiveness.

Shruti has led enterprise risk transformation initiatives, vendor governance enhancements, and AI governance programs across regulated environments. She is a frequent conference speaker on privacy accountability, AI risk, and modern GRC practices, and is known for translating regulatory expectations into practical, operational frameworks that withstand audit and regulatory scrutiny.

DPDP Act Implementation : Myths & Facts

By Associate Director, PWC

On Wednesday, March 4th, 2026 at 5:00 PM PST, Privacy License hosted a free, live 1-hour executive briefing on “DPDP Act Implementation : Myths & Facts,” featuring Abhishek Tiwari, Associate Director, PWC, in conversation with Founder & CEO, Nabanita De, Privacy License.

As India’s Digital Personal Data Protection Act, (DPDP Act) moves from policy discussion to real-world enforcement, organizations across startups, enterprises, healthcare, fintech, edtech, and AI ecosystems are facing a critical moment of confusion.

Many companies believe they are compliant because they have a privacy policy.
Others assume DPDP only applies to large corporations.
Some think consent banners are enough.
And many underestimate enforcement, penalties, and cross-border implications.

The result? A dangerous gap between perceived compliance and actual regulatory exposure.

This session will help privacy leaders, founders, compliance teams, and AI governance stakeholders separate myth from reality — and understand what DPDP implementation actually requires at a technical, legal, and operational level.

We’ll move beyond surface-level summaries into practical, execution-level clarity.

We covered:

• The most common myths about DPDP Act applicability and enforcement
• Who qualifies as a Data Fiduciary vs Significant Data Fiduciary — and why it matters
• The real meaning of consent under DPDP (and what invalidates it)
• Children’s data, verifiable parental consent, and age-gating challenges
• Cross-border data transfers — what is actually restricted vs misunderstood
• Notice requirements and dark pattern risks
• Data minimization, purpose limitation, and retention obligations in practice
• Grievance redressal and Data Protection Board exposure
• Penalty structures and real financial impact scenarios
• Implementation checklists for startups, mid-market, and enterprise companies
• How DPDP intersects with GDPR, CCPA, and global privacy programs
• Practical governance controls to move from “policy written” to “program implemented”

Because compliance is not about publishing a policy.
It’s about operationalizing accountability.

This session is ideal for:

• Founders and Startup Operators
• Chief Privacy Officers and Data Protection Officers
• CISOs and Security Leaders
• Legal & Compliance Teams
• AI Governance and Product Leaders
• Healthcare, Fintech, and EdTech Compliance Teams
• Risk & Regulatory Affairs Professionals
• Privacy Engineers and Technical Governance Teams
• Venture Investors evaluating regulatory risk

About our Speaker

Abhishek Tiwari is a distinguished leader in privacy, data protection, and AI governance, known for driving national-scale initiatives and elevating industry capability. He is a globally certified privacy professional; his certifications include CIPP/E, CIPM, CIPP/A, AIGP, and he is also an FIP demonstrating his commitment to the highest international standards of excellence.

His expertise is recognized globally through his inclusion in the European Data Protection Board’s Pool of Support Experts, where he contributes to impactful advisory work and policy development. Abhishek is also an IAPP Asia Vanguard Award recipient, one of the most prestigious honors in the global privacy community.

He served as an Education Advisory Board member during 2024-2025 and beginning January 2026, he will serve on the IAPP Privacy Engineering Section Advisory Board, representing India in shaping the future of privacy engineering and responsible data innovation worldwide.

Widely recognized as the driving force behind Pan-India privacy event planning and execution, Abhishek has transformed how privacy conversations happen across the country. His vision, network, and on-ground leadership have helped create one of India’s most vibrant and influential privacy communities bringing together regulators, global experts, industry leaders, and emerging professionals to accelerate the nation’s privacy and AI governance journey.

When Confidentiality Meets the Cloud: Evidentiary Priviledge Challenge in Enterprise AI

By Vice President, Regulatory Compliance, Integra Connect

On Wednesday, February 25th, 2026 at 9:00 AM PST, Privacy License hosted a free, live 1-hour executive briefing on “When Confidentiality Meets the Cloud: Evidentiary Privilege Challenge in Enterprise AI,” featuring Marlyse McQuillen, Vice President, Regulatory Compliance, Integra Connect, in conversation with Founder & CEO, Nabanita De, Privacy License.

As organizations rapidly deploy AI tools across legal, healthcare, financial services, and enterprise environments, a critical risk is being overlooked: evidentiary privilege. While privacy programs focus on safeguarding personal data, attorney-client communications, doctor-patient discussions, and therapeutic confidences are meant to be legally protected at an absolute level. However, common AI practices such as logging, model training, prompt retention, and multi-tenant cloud architectures may inadvertently waive privilege, sometimes permanently.

This session helps privacy professionals, legal teams, compliance leaders, and AI governance stakeholders understand how AI systems can silently erode centuries-old privilege protections, and what to do before irreversible legal consequences occur.

We’ll move beyond theory into practical, real-world risk scenarios and mitigation strategies.

We covered:

• The difference between privacy compliance and evidentiary privilege
• How AI tools (chatbots, copilots, enterprise AI platforms) can inadvertently waive privilege
• The impact of logging, telemetry, model training, and multi-tenant infrastructure on confidential communications
• What state ethics boards and regulatory authorities are saying about AI use in privileged contexts
• Real-world scenarios where privilege may be broken through routine AI usage
• Practical checklists and governance controls to preserve privilege in AI-enabled environments
• Contractual, technical, and operational safeguards organizations should implement immediately
• How to educate legal, product, and engineering teams on privilege-specific AI risks

Because once privilege is waived, it cannot be restored.

This session is ideal for:

• General Counsels and In-House Legal Teams
• Chief Privacy Officers and Data Protection Officers
• AI Governance Leaders
• CISOs and Security Leaders
• Healthcare, Financial Services, and SaaS Compliance Teams
• Privacy Engineers and Technical Governance Professionals
• Risk, Ethics, and Regulatory Affairs Leaders
• Founders deploying AI into regulated environments

 
About our Speaker

Marlyse McQuillen is a senior privacy, data governance, and AI governance counsel with more than 17 years of experience advising highly regulated SaaS, healthcare, and financial services organizations.

She has built enterprise privacy and AI governance programs from the ground up, led incident response and regulatory engagement that preserved tens of millions in revenue, and translated complex regimes like GDPR, CCPA/CPRA, GLBA, HIPAA, and emerging AI regulations into pragmatic controls for product and engineering teams.

Prior to going in-house, Marlyse focused on M&A and securities as an associate at Greenberg Traurig’s Miami office. Marlyse holds a JD, summa cum laude, from the University of Miami, a BA from Harvard University, and multiple industry certifications, including AIGP, CIPP/US, CIPP/E, and CIPM. She also volunteers as an advisor/DPO for The Plunk Foundation, a nonprofit promoting digital data privacy for women, children, veterans, and underserved communities.

Getting Started with India's DPDPA

By EY's Senior Privacy Consultant

On Friday, February 6th, 2026 at 05:00 PM IST, Privacy License hosted a free, live 1-hour executive briefing on “Getting Started with India’s Digital Personal Data Protection Act (DPDPA)”, featuring Chetandeep Singh Batra, Senior Consultant at Ernst & Young (EY), in conversation with Founder & CEO, Nabanita De, Privacy License.

As India enters a new era of data protection with the DPDPA, organizations across sectors are facing fundamental questions around compliance, governance, operational readiness, and regulatory interpretation. From startups to large enterprises, understanding how to practically operationalize the DPDPA is now a business-critical priority.

This session helps privacy professionals, legal teams, compliance leaders, and data governance teams understand the core building blocks required to get started with DPDPA implementation, moving beyond legal text into real-world execution.

We’ll break down what it truly takes to operationalize India’s privacy law, including practical insights from advisory work and industry experience.

We covered:

• An overview of the DPDPA and how it compares with GDPR and other global frameworks
• Key obligations for Data Fiduciaries and Data Processors
• Practical steps for building a DPDPA compliance roadmap
• Consent management, notice requirements, and data principal rights
• Data localization, cross-border transfers, and regulatory expectations
• Common pitfalls organizations face when starting DPDPA compliance
• How to align legal, technical, and operational teams around privacy

This session is ideal for:

• Data Protection Officers and Privacy Leads
• Compliance, Risk, and Legal Professionals
• Chief Privacy Officers and General Counsels
• CISOs, Security and Data Governance Leaders
• Founders and Startup Operators building in India
• Privacy Engineers, Analysts, and Program Managers
• Organizations preparing for DPDPA enforcement

About our Speaker

Chetandeep Singh Batra is a lawyer and privacy professional with over 5 years of experience in data protection and cybersecurity. He currently works at EY as Assistant Manager in Data Privacy and also serves as the IAPP Chapter Chair for New Delhi, contributing actively to the global privacy community.

He holds CIPP/E and ISO 27001/27701 certifications and has a strong background in privacy laws, compliance frameworks, and governance programs. An accomplished author, Chetan has written 7 books, including two focused on privacy and cybersecurity.

With a diverse background spanning legal advisory, compliance, and privacy governance, he brings a highly practical perspective on how organizations can translate regulatory requirements into real operational programs.

Traits of an effective DPO

by Head of Data Privacy at Saudi Credit Bureau

On Saturday, January 31st, 2026 at 07:30 AM PST, Privacy License hosted a free, live 1-hour executive briefing on “Traits of an effective DPO”, featuring Muneeb Imran Sheikh, Head of Data Privacy at Saudi Credit Bureau, in conversation with Founder & CEO, Nabanita De, Privacy License.

DPOs are higly sought after roles that require complex navigation between protecting the individuals’ rights and also ensuring that organizations maintain and exhibit adherence to Data privacy regulations. In an era where Data Privacy has become ever more important its important for privacy professionals to understand the competencies are essential to implement data privacy programs within an organization.

This session helped privacy professionals, compliance leaders, and data governance teams understand the core competencies required to design, implement, and manage effective privacy programs within organizations of all sizes.

We broke down what it truly takes to operationalize privacy, moving from regulatory theory to practical, actionable strategies that drive both compliance and business value.

We covered:

• The evolving role and responsibilities of the DPO in today’s regulatory environment.
• Core competencies every privacy professional must master
• Practical steps for implementing privacy programs aligned with GDPR and other global frameworks
• How to balance business objectives with data protection obligations
• Strategies for managing cross-border data transfers, vendor risks, and consent frameworks
• Common pitfalls that can undermine compliance and how to avoid them
• Leveraging privacy governance as a source of organizational trust and competitive advantage

This session is ideal for:

• Data Protection Officers and Privacy Leads
• Compliance and Risk Management Professionals
• Chief Privacy Officers and General Counsels
• Data Governance and Security Leaders
  Policy Makers and Regulators overseeing privacy frameworks
• Privacy Engineers, Analysts, and Program Managers
• Organizations preparing for or enhancing GDPR and global privacy compliance

About our Speaker

Muneeb Imran Sheikh is Head of Data Privacy at Saudi Credit Bureau and an Data Privacy, Cybersecurity & AI Governance Expert with a forte in Strategy, Program development, Governance, Risk and compliance.

Based in Middle East region, he has worked with different clients from financial, governmental and telecommunication sector to help them in developing and implementing Cybersecurity and Privacy program in accordance with their regulatory, legal and compliance requirements. He is author of a book Data Privacy, A Practical Handbook on Governance and Operations.

He has contributed with his knowledge and expertise through various writings, podcasts, policy reviews, conference appearances.

Bridging the Gap Between Privacy Policy and Privacy Engineering

By Head of Technology Law, Privacy/Data Protection and AI Governance at Oguntoye & Oguntoye 

On Thursday, July 31th, 2025 at 9:00 AM PST, Privacy License hosted a free, live 1-hour webinar on “Bridging the Gap Between Privacy Policy and Privacy Engineering”, featuring Ridwan Badmus, Head of Technology Law, Privacy/Data Protection and AI Governance at Oguntoye & Oguntoye LP, in conversation with our founder & CEO, Nabanita De.

This session focussed on the persistent disconnect between privacy lawyers and privacy engineers in translating legal privacy requirements into actionable engineering outcomes. While privacy laws and policies set the framework for compliance, product teams often face challenges in implementing these frameworks effectively due to differing terminologies, approaches, and priorities.

Whether you're a privacy lawyer drafting policy or an engineer implementing technical controls, this talk equipped to collaborate more effectively across disciplines. We explored:

• How privacy lawyers and engineers can better understand each other’s roles and priorities
• Techniques to bridge the communication gap between legal and technical teams
• Collaborative strategies to embed privacy-by-design into systems and product development
• Practical approaches for aligning legal risk assessments with technical implementation
• Methods to improve cross-functional collaboration across privacy, legal, product, and engineering
• How to drive a unified approach to data protection that enables both compliance and innovation

This session is ideal for:

• Privacy leaders, lawyers and policy professionals seeking to influence product decisions and translate policy into practice
• Privacy engineers and technical leads responsible for implementing data protection controls
• Product managers and cross-functional stakeholders embedding privacy into the product development lifecycle
• Compliance, risk, and security professionals working to operationalize privacy across AI and data systems
• AI/ML practitioners who need to understand privacy requirements and build responsibly
• Anyone working at the intersection of privacy, technology, and product innovation

About our Speaker

Ridwan Badmus is the Head of Technology Law, Privacy/Data Protection and AI Governance at Oguntoye & Oguntoye LP, Privacy Engineering and AI Governance Lead at TechStabs Consulting and Co-Founder/Privacy Technologist at FR Data Protection. He's certified as an AI Governance Professional and Information Privacy Technologist with the International Association of Privacy Professionals (IAPP). Ridwan specialises in seamlessly integrating privacy, data protection & trustworthy AI requirements into products to process data responsibly. As a technology lawyer, he provides legal expertise across various domains, offering rare multidisciplinary support to startups and enterprises.

Integrating Privacy into the Artificial Intelligence Dev Lifecycle

By Senior Privacy Engineer, T.Rowe Price

On Monday, June 16th, 2025 at 9:00 AM PST, Privacy License is hosted a free, live 1-hour webinar on “Integrating Privacy into the Artificial Intelligence Dev Lifecycle”, featuring AbdulMajeed Raji, Senior Privacy Engineer, T.Rowe Price, in conversation with our founder & CEO, Nabanita De.

As artificial intelligence becomes a core pillar in product innovation, embedding privacy directly into the AI development lifecycle is critical for building trustworthy systems. Whether you are developing AI models, advising on responsible AI governance, or integrating privacy by design into data-driven products, this session provided practical strategies to bridge privacy and AI engineering. We covered:

• How to integrate privacy considerations at each stage of the AI development lifecycle
• Practical approaches for addressing privacy risks in model training, deployment, and monitoring
• The evolving regulatory landscape around AI and its privacy implications
• Real-world examples and lessons learned from implementing privacy solutions at scale

and more!

This session is perfect for:

• Privacy professionals collaborating with AI and data science teams
• AI practitioners looking to build privacy-resilient systems
• Legal, compliance, and security professionals navigating AI risk governance
• Product and engineering teams embedding privacy by design into AI initiatives
• Anyone curious about the intersection of privacy and artificial intelligence in today’s fast-evolving landscape

About our Speaker
AbdulMajeed Raji is a Senior Privacy Engineer at T. Rowe Price, driving the implementation of privacy engineering frameworks. With a career spanning nonprofits like Save the Children International and major privacy organizations, AbdulMajeed brings deep expertise in translating complex privacy principles into practical engineering solutions that scale across industries.

Privacy By Design 101

By Meta Privacy Program Manager

On Thursday May 29th 2025 at 10:30 am PST, Privacy License hosted a free live 1 hour webinar on "Privacy By Design 101", featuring Carolina Braga, Privacy Program Manager, Meta, in conversation with our founder & CEO, Nabanita De. 

In a world where data is the new currency and regulation is tightening, privacy can no longer be an afterthought. In this session, we unpacked how to turn privacy into a design principle, not a patch. Whether you're launching your first product or scaling privacy across global teams, this session covered how you proactively embed privacy into every layer of your business. Topics we’ll explored included:

• What Privacy by Design really means (and what it doesn’t)
• The 7 foundational principles of PbD—and how they apply beyond theory
• How to operationalize PbD across the entire product lifecycle—from ideation and prototyping to engineering and post-launch reviews
• Real-world implementation tips: how to integrate privacy workflows without slowing down innovation
• Common pitfalls to avoid when working with cross-functional teams in agile and fast-paced environments
• Expect practical insights, real examples, and forward-looking strategies that help you shift privacy from a compliance checkbox to a competitive advantage.

Perfect for privacy leaders, privacy managers, product leaders, engineers, founders, and privacy professionals looking to scale trust with speed. 

About our Speaker

Carolina Braga is currently Privacy Program Manager at Meta and an accomplished AI governance and data protection leader with a global track record of operationalizing scalable, risk-based privacy programs across complex, high-stakes environments. With over a decade of experience spanning technology, consulting, and corporate sectors, she has led major privacy initiatives at companies in the tech, pharmaceutical and oil and gas sectors. Carolina specializes in embedding Privacy by Design into AI product lifecycles, conducting DPIAs, and aligning enterprise operations with evolving regulations such as GDPR, LGPD, and PIPL. Her expertise bridges legal, technical, and strategic domains, driving cross-functional collaboration, streamlining compliance workflows, and spearheading regulatory readiness across global teams. Carolina holds a Master of Law, focused on Responsible AI and an MBA in Information Security Management.