Tag: Privacy

  • “In global data protection, it’s not just about conflicting opinions, it’s about reconciling overlapping laws, operational realities, and evolving expectations.” – Daniella Sankar, Independent Data Protection Consultant.

    “In global data protection, it’s not just about conflicting opinions, it’s about reconciling overlapping laws, operational realities, and evolving expectations.” – Daniella Sankar, Independent Data Protection Consultant.

    This interview has been published by Anshi Mudgal and The SuperLawyer Team

    With over two decades of legal experience across aviation, manufacturing, IT, banking, and more, what first drew you to specialize in data protection and privacy law?
    In 2016, I had the privilege of working with a mentor who saw potential in my analytical approach and encouraged me to explore data protection more deeply. At the time, privacy was gaining global traction with the GDPR on the horizon and organizations beginning to grapple with what responsible data stewardship truly meant. What intrigued me wasn’t just the regulatory complexity, but the human dimension: how we protect dignity, autonomy, and trust? 

    How did your law degree at The University of the West Indies, Cave Hill Campus, Barbados shape your worldview and influence your approach to international data protection and cross-border compliance?

    Studying law in Barbados gave me a strong foundation in critical thinking and comparative legal analysis. I was surrounded by students from across the Caribbean (from The Bahamas to Guyana) and our coursework often involved comparing legal systems from the UK, India, and the US. It was a diverse, intellectually rich environment that encouraged me to look beyond borders and see law not just as a set of rules, but as a tool for societal transformation. That exposure shaped my global mindset and continues to guide my work today; whether I’m advising on GDPR compliance, India’s DPDPA, or data protection frameworks in the Middle East. I approach cross-border compliance not merely as a technical exercise, but as an opportunity to bridge cultures, align values, and foster global accountability. Legal compliance is more than a regulatory requirement. It’s a step toward building trust, empowering communities, and strengthening institutions.

    You’ve advised organizations on GDPR, DPDPA, and other global privacy regulations. What are the biggest challenges multinational companies face in harmonizing compliance across jurisdictions?

    When it comes to legal compliance, the saying “too many cooks spoil the pot” doesn’t quite capture the complexity. In global data protection, it’s not just about conflicting opinions, it’s about reconciling overlapping laws, operational realities, and evolving expectations. The most pragmatic approach for MNC’s is to anchor their framework in the highest standard (typically the GDPR) and then layer in jurisdictional nuances across your operations. It sounds simple, but implementation requires careful calibration. MNCs need to weigh time, cost, enforcement risk, the litigious nature of data subjects, and the reputational impact on their brand. These factors, when considered together, help determine their compliance priorities. This juggling act is one of the greatest challenges for multinational organizations. And it doesn’t end once the framework is built as keeping up with changing requirements, new enforcement trends, and emerging technologies is a continuous process. Compliance isn’t static; it’s a living, evolving discipline.

    After more than a decade in inhouse legal roles, you transitioned into independent consulting and later established your own practice. What motivated this shift, and how did it change your perspective?

    I reached a point where I wanted to change both professionally and personally. I had gained significant experience across aviation, manufacturing, IT, and banking, but I felt the pull to work more closely with small and medium-sized businesses that often can’t afford large legal teams but still need strategic guidance to transform their operations. Independent consulting gave me the freedom to support these organizations across industries, helping them build privacy programs from the ground up. It also allowed me to take better care of my health and spend more time with my family :something the corporate pace rarely permitted. Along the way, I’ve realized that data protection compliance is still viewed by many as a luxury rather than a necessity. It’s not always a top priority, especially for growing businesses. That’s where I bring added value not just through privacy expertise, but by integrating my cross-functional skills in contracts, intellectual property, and operational risk. I offer clients a holistic view of compliance that’s practical, scalable, and rooted in their business realities.

    In your diverse practice, what has been one of the most challenging cases for you, and how did you navigate it?

    Everyone uses templates and guidelines today but preparing for GDPR compliance before 2018 was a very different story. There were no ready-made toolkits, no plug-and-play solutions. Crafting documentation meant starting from scratch interpreting the law line by line, understanding its intent, and translating best practices into operational reality. It was challenging, especially under tight timelines and high-stakes environments. Time-sensitive projects always come with pressure, but I’ve learned to navigate the magnitude with focus and resilience. A few grey hairs later, I’m proud to say I’ve pulled through and helped organizations build privacy programs that are not just compliant, but meaningful.

    You’re deeply involved in privacy training and awareness programs. What’s the most common misconception employees or leaders have about data protection? How do you see AI reshaping legal compliance and data protection practices in the near future?

    One of the most persistent challenges in data protection is that many people still struggle to grasp the basic concept of personal data. Culturally, there’s a long-standing comfort with sharing information in many countries (photos, medical details, contact numbers) with service providers, often without a second thought. So when it comes to implementing data protection compliance within organizations, employees may not fully understand what they should avoid or why it matters. 

    That’s why education is critical. It’s not just about rules, it’s about understanding the reason behind the law and the consequences for both the individual and the organization. Leaders, too, often underestimate the importance of compliance. Some assume regulators won’t enforce the law, so they question the need to invest in privacy programs. What they miss is the long-term brand value that privacy compliance can bring. That’s trust, credibility, and resilience.

    AI is reshaping the compliance landscape. It introduces new challenges especially around automated decision-making and data ethics but it also brings precision and efficiency. Many data breaches stem from human error, and AI can help reduce that risk by handling repetitive, high-volume tasks with consistency. When used responsibly, AI becomes a powerful ally in building smarter, more secure privacy frameworks.

    While designing and implementing data protection policies and internal controls, what are the most critical factors organizations should keep in mind? 

    Policies should be written in clear, accessible language to ensure all employees can easily understand and apply them. They must be reviewed annually to remain relevant and effective. Updates should reflect current industry trends as well as internal insights and lessons learned. To reinforce understanding, training should be used to animate policy content, thus transforming written guidelines into meaningful, memorable practices.

    How can data privacy be effectively embedded into day-to-day operations rather than treated as one-off compliance exercises?

    Embedding data privacy into daily operations starts with applying core protection principles consistently, regardless of one’s role or department. When privacy is treated as a shared responsibility, it naturally becomes part of business-as-usual. One-off compliance exercises may check legal boxes, but they rarely build lasting habits or cultural awareness. By integrating privacy into everyday activities ..step by step, day by day…it becomes second nature to staff and strengthens both trust and compliance.

    You’re passionate about mentoring young legal professionals. What key qualities should future privacy leaders cultivate to thrive in a rapidly evolving regulatory environment?
    Future privacy leaders must embrace adaptability by welcoming new challenges, evolving technologies, and diverse ways of working. Flexibility isn’t just a skill, it’s a mindset that allows them to navigate shifting regulations and organizational cultures with confidence. Equally important is respect. Privacy is a collaborative field, enriched by voices young and old, technical and legal, strategic and operational. Every colleague brings a unique ingredient to the pot and leaders who listen, learn, and uplift others will build stronger, more resilient privacy cultures.

    With data protection laws expanding globally, what major trends do you foresee shaping privacy compliance over the next five years, and how do you see your practice evolving?

    Over the next five years, AI will be one of the most transformative forces in privacy compliance. Its rapid adoption will pose significant regulatory and operational challenges, especially around transparency, accountability, and lawful processing. Initially, many practitioners may struggle to keep pace with the evolving tools and frameworks. But as familiarity grows, AI will become an ally streamlining meticulous tasks such as maintaining records of processing activities, comparing cross-border legal requirements, and conducting compliance assessments. Those currently take up a lot of my time, so I’m especially keen to explore how AI can reduce administrative burden while enhancing accuracy and consistency.

    Get in touch with Daniella Sankar –

  • From NLIU to the World Stage: Women in Tech Leading the Next Frontier of Technology Law and Data Privacy – Kriti Sharma, Director, Head of Regulatory Legal and Compliance (India and Southeast Asia) at Dun & Bradstreet, and Data Protection Officer (India and Singapore).

    From NLIU to the World Stage: Women in Tech Leading the Next Frontier of Technology Law and Data Privacy – Kriti Sharma, Director, Head of Regulatory Legal and Compliance (India and Southeast Asia) at Dun & Bradstreet, and Data Protection Officer (India and Singapore).

    This interview has been published by Anshi Mudgal and The SuperLawyer Team

    Starting from your first role in 2008 at Khaitan & Co., you’ve built a legal career that bridges traditional law and cutting-edge technology. What mindset shaped this journey?
    My journey has been one of deliberate growth — from shadowing senior counsel during internships to advising boards on privacy and AI. At NLIU, I learned discipline and legal craftsmanship. Assisting senior counsel before the Supreme Court taught me the value of precision in advocacy.

    Joining Khaitan & Co. in 2008 gave me exposure to private equity and M&A, where I realized law can enable growth, not just mitigate risk. These experiences shaped my approach to law as a living system — not merely a set of rules.

    “Every deal, every court brief was a rehearsal for the lawyer I was becoming.”

    You pursued an MSc in Law & Finance at the University of Oxford in 2015. How did this experience reshape your perspective on law, business, and technology?
    Oxford was transformational. The program pushed me to think like a policymaker and strategist, marrying systems thinking with economic foresight. The admissions process itself forces you to ask: Who are you, and what will you change?

    At Oxford, I realized law is not just about resolving disputes — it’s about designing fairer futures. Today, whether drafting cross-border data policies or shaping ethical AI frameworks, I rely on those lessons — precision, foresight, and human-centered thinking.

    “Oxford didn’t just open doors. It reshaped how I walk through them.”

    After Oxford, you joined Baker & McKenzie, London, in 2016, working on complex cross-border deals. How did this prepare you for tech law challenges?

    Baker & McKenzie exposed me to multi-jurisdictional transactions involving data, competition law, and tech-driven businesses. It refined my ability to integrate legal advice with commercial strategy — a skill that remains critical in regulatory leadership.

    “Global deals teach you that law is not just local compliance — it’s about harmonizing rules with vision.”

    With the Digital Personal Data Protection Act, 2023 (DPDPA) reshaping privacy frameworks, what should businesses focus on?

    DPDPA 2023 introduces a consent-first, rights-driven approach. Businesses must embed privacy into their DNA. The Business Requirement Document on Consent Management becomes crucial — translating legal obligations into features like granular consent, revocation, and audit logs.

    For SaaS companies, compliance means building privacy into product architecture from the start — not bolting it on later.

    “Under DPDPA, privacy is no longer a checkbox. It’s a design principle.”

    AI regulation is evolving fast. How should SaaS companies approach permitted AI usage?

    Permitted AI usage means innovating responsibly — ensuring data processing aligns with consent, purpose limitations, and ethical safeguards. For SaaS, it requires documenting use cases, maintaining risk registers, and conducting ethical reviews before rollouts.

    “Permitted AI usage is about proving that innovation respects rights, not just scaling technology.”

    You transitioned from law firms to leading compliance and privacy in-house. How did this shape your leadership style?

    Law firms were my training ground, but moving in-house allowed me to build rather than just fix. At CoinSwitch and later at Dun & Bradstreet, I became a translator between risk and vision — operationalizing DPDPA and IT Act obligations into workflows teams could implement.

    Leading cross-border teams taught me that leadership isn’t about authority; it’s about making people feel safe, seen, and inspired.

    “You can’t lead well if you’re afraid of being disliked. Courage creates clarity.”

    Aligning compliance across India, Singapore, and European markets is challenging. What worked for you?

    The key is balancing speed with regulation. At Dun & Bradstreet, we operationalize DPDPA alongside Singapore’s PDPA while maintaining agility. The secret lies in simplifying complex regulations into actionable steps and keeping regulatory reporting both consistent and efficient.

    “Regulatory leadership is about keeping law human.”

    You’ve faced curveballs in high-stakes environments. How have they shaped you?

    I’ve seen strategies falter and negotiations stall — not because of effort, but because the environment changed faster than expected. Each curveball wasn’t a setback; it was a reset that made me sharper.

    Examples:

    • In a cross-border M&A deal, cultural misalignment nearly derailed progress. Listening and adapting saved the deal.
    • During a privacy review, spotting gaps in vendor contracts early prevented regulatory risk.
    • When developing a consent framework, simplifying it through user-centric design improved adoption across teams.

    “Curveballs teach you to anticipate change, stay agile, and turn challenges into frameworks that drive long-term success.”

    What do recognitions like being featured in prominent legal rankings or industry awards mean to you in terms of your professional journey and leadership?

    These awards reflect consistency and relevance. They’re not destinations; they’re mirrors reminding me to stay adaptive, curious, and innovative while empowering the teams I work with.

    “Careers aren’t built in boardrooms. They’re built in quiet moments of reflection, persistence, and refusal to be ordinary.”

    You lead Regulatory, Legal & Compliance across India and Southeast Asia. How can a lawyer carve their path to becoming a DPO while managing these broader responsibilities?

    Being an effective DPO while leading regulatory, legal, and compliance functions means more than knowing laws — it’s about embedding privacy into the company’s growth strategy.

    At Dun & Bradstreet, where analytics power decisions for enterprises worldwide, the DPO role is integral to building trust while enabling innovation.

    What works:

    • Deepen expertise in privacy (DPDPA, sectoral laws, cybersecurity).
    • Embed privacy into processes, not just policies.
    • Work across teams — legal, product, engineering — to align compliance with agility.
    • Learn from real challenges, such as mitigating risks in cross-border data flows.
    • Keep learning and stay visible through certifications and thought leadership.

    “A great DPO doesn’t just enforce compliance; they design trust that drives the business forward.”

    What’s your advice for young lawyers entering privacy and tech law?
    Pick a niche — privacy, SaaS, fintech — and go deep. Master laws like DPDPA 2023, the IT Act, AI frameworks, and client-facing SEBI regulations. Pair this with an understanding of how technology works, and share your insights through writing and forums.

    “Expertise is built when curiosity meets consistency.”

    You’ve handled billion-dollar deals and privacy decisions impacting millions. How do you stay grounded?

    Balance is intentional. Strong mentors and high-performing teams keep me centered. High-stakes work demands clarity that comes from preparation and purpose.

    “Balance isn’t slowing down. It’s designing rhythms that let you accelerate without burning out.”

    Final Words to the SuperLawyer Community

    Law is evolving at the speed of technology. Even in an age of AI and SaaS, three things remain timeless: trust, clarity, and courage.

    My journey — from NLIU Bhopal to Oxford (2015), Baker & McKenzie London (2016), and leading privacy across India & Southeast Asia, to being recognised in the Forbes India Top 100 Lawyers 2023 and Business World Legal 40 Under 40 — is proof that deliberate choices shaped by curiosity and resilience can redefine what’s possible.

    “You don’t have to be fearless. You just have to move forward despite the fear — and build a brand that speaks for itself.”

    Get in touch with Kriti Sharma –

  • In Conversation With- Shweta Sahu, Leader, International Dispute Resolution Practice at Nishith Desai Associates

    In Conversation With- Shweta Sahu, Leader, International Dispute Resolution Practice at Nishith Desai Associates

    This interview has been published by Prabhjot Singh, Priyanka Karwa and The SuperLawyer Team

    Was pursuing law planned for you or it all happened in a flow? Kindly share with our readers.

    I always wanted to do something different. Back in 2010, law was yet to be popular choice. I made a conscious decision to pursue law while most of my batchmates were preparing for IIT-JEE or the AIPMT. I was completely ignorant of the career prospects neither did I have anyone to speak to. The decision was indeed laden with risks, but it was worth it.

    How has been your experience thus far dealing with critical arbitration matters, and how do you address this area to young minds in the legal profession?

    As rightly said, most of the arbitrations that we work on are fact-heavy and high stake. So, there is no scope for any mistake. Significant time goes into understanding the technicalities, strategizing and executing. Each step has to be handled with utmost precision. While the entire process is often strenuous, the challenges are extremely enriching and wholesome.

    There is sufficient scope for arbitration in India and the law is constantly evolving. I also witness a lot of interest for arbitration amongst the younger lawyers and even students. However, familiarity with the basic concepts is often lacking.

    What is your take on the scope of technology-related litigation in India?

    Technology-related litigations are expected to surge in India with the introduction of Metaverse, NFTs, cryptocurrency etc. and changes to technology laws (such as Intermediary Guidelines and Digital Media Ethics Code Rules, 2021).

    We are already experiencing a plethora of issues – ranging from regulatory concerns to privacy/data breach and money-laundering. Further, alleged cases of cyber-attacks, online frauds, impersonation, phishing, online defamation, hate speeches etc. have been on a high.

    Lately we have been hearing there are a lot of challenges for women in litigation, be it late working hours or other issues, how do you deal with them? And what would be the same?

    Challenges have always been there. Of late, the discussions surrounding these challenges have begun, which is a good start. Litigation is often perceived as a “men’s club” and it becomes difficult to pierce the stereotypes.

    In several cases women have been forced to or gaslit into completely giving up litigation or making changes to their careers. Reasons are manifold. In certain cases, the compensation is meagre; thus, women are convinced into giving up litigation and be told – “It’s not worth it”. Late working hours and the frequent need to travel are also common reasons. Till date, there are courts which do not have proper toilets for women.

    The unequal representation is even more prominent in courts in smaller towns and districts. In one of my outstation hearings, I had noticed the entire court complex just had two women on that day – the judge and myself.

    I have consistently made efforts to do everything that is expected of a lawyer – to avoid any possibility of being the less preferred one. Be it travelling or working late or appearing in Court. With the able support of my seniors, several barriers have been broken. But there’s a long way to go.

    What are the practices you implement to follow privacy in different legal matters or transactions and how the young generation should prioritize it further in their own careers?

    Given that I work in a technology-driven law firm, there are advance high security systems in place to take care of privacy concerns within the firm. Even the interns are required to enter into non-disclosure agreements to prevent any situation of privacy breach.

    As lawyers, it is our foremost duty to protect client documents and information from undue disclosure and understand the importance of client-attorney privilege. Young lawyers should be educated of the same. To start with, law schools should emphasise on these aspects as a part of the curriculum (Law of Evidence and/or Professional Ethics).

    Above all, the younger generation must careful of the content they share on LinkedIn or other social media platforms.

    Was there any roadmap that helped you thus far in your journey, or any mentor that supported you from the very beginning, please share how was it for you?

    I have had the privilege of receiving unconditional support from my parents throughout my journey. I have also enjoyed the rare privilege of consistent support and encouragement from my seniors at work. While each one of us has the potential to succeed, it is this kind of support which helps in moving ahead. Further, I strongly believe in being genuine and honest to myself and my work.

    I wouldn’t say it is a perfect world but these factors have helped me survive.

    Could you highlight some of your success habits that enable you to meet your goal?

    Most of my lessons are from my own mistakes. I believe, we learn best from our own mistakes. They make us think and hunt for better solutions. That’s what experience is to me.

    I prioritise a healthy lifestyle. Thus, I plan each day in advance. This includes balancing my professional and personal lives and keeping them separate.

    Lastly, what advice would you give to someone starting out?

    There are certain basics for which there are no substitutes – work hard, think smart and be ethical.

    But there is no generic advice which would be applicable to all freshers out there. The legal profession is generally very demanding, so plan each day well.

    “Experience and live through your own journey and lessons. Do not compare yourself with others but compare yourself with your old self – if you’re a better person and a better lawyer than you were earlier.”

    -Shweta Sahu

    Get in touch with Shweta Sahu-

  • In Conversation with: Denis Sadovnikov, Data Protection Officer, Sberbank and External Expert, Consultant and Coach at Data Privacy Office Europe

    In Conversation with: Denis Sadovnikov, Data Protection Officer, Sberbank and External Expert, Consultant and Coach at Data Privacy Office Europe

    This interview has been published by Prabhjot Singh, Priyanka Karwa and The SuperLawyer Team

    Was pursuing law pre-planned for you or did it happen by chance?

    Legal profession was my deliberate choice. Since my childhood I have been passionate about my rights, rights of others, human rights, justice and the degree of compatibility of state’s legislation with law.    

    What were the struggles you faced in the beginning?

    I gained my first legal experience when I was a teenager. When I was sixteen I helped my parents in their litigations. It was arduous and disappointing sometimes. I saw incompetent judges, judges who neglected and perverted the law. And I saw plenty of pieces of legislation which were obviously outdated or unjust.

    My family was poor, that is why I started my legal education as military-police cadet (this option is completely paid by the state), this way demanded hard work not only to master the subjects but also to pursue some police duties.

    Additionally, I managed to participate in some legal scientific societies, conferences and provide vulnerable people with legal advice and help for free. During my study I got acquainted with ICRC activities and became true adherent of ICRC and IHL.

    When I graduated from the university, I gave up the career at the police service because the reality there was far from principles of rule of law and human rights priorities. Then it turned out that graduated professionals with the background of police universities are much less demanded on the market.

    That is why I had to develop, approve and demonstrate the highest level of legal professionality continuously. I tried to obtain advanced experience, pursue scientific researches and started working as lecturer in law.            

    According to you Denis, as a law student, where should the focus be on, the hard work on academics or smart work on networking and building a great skill-set?

    I think both elements are important. They complement each other. Networking helps you demonstrate your competence but you should actually have what to demonstrate.

    What are your views on AI or legal tech adoption, what restrictions will it have in the coming years?

    Every technology may be used for good and for evil, particularly, technologies which we currently embrace under AI umbrella term. These technologies are able to improve our life enormously but on the other hand they might affect human societies devastatingly.

    Particular concerns are connected to potential loss of human control, dehumanization of decision-making, surveillance, profiling and manipulation of will. Threats regarding to automation of weapon also should be stressed.

    AI needs regulation as well as we regulate nuclear energy. I believe that we should regulate such powerful technology both on international and domestic level in order to put human first and make technology serve people and uplift humans’ personality, not degrade it, prevent inflicting harm and misuse of AI systems.         

    Denis, you’ve been quite active as a Data Protection Officer since Feb 2022, what are the roles and responsibilities of the same?

    To cut a long story short, I’m responsible for development and maintaining Privacy Management System throughout AI lifecycle, including design stage, collecting data, forming dataset training of the model, its testing and deployment.

    On the one hand I should assess whether we are entitled to use particular data for development of particular model (indicate personal data, assess purposes of processing, define necessary amount of data, minimize data and processing operations, chose appropriate legal ground for processing, provide transparent communication with data subjects, weight up their reasonable expectations and the context of processing, define storage period and destruction mechanism as well as protective measures, etc.).

    On the other hand my role is to assess the possible impact of particular AI solution on data subjects’ rights and freedoms.

    DPO is both the advocate of data subject defending human rights as well as business assistant helping to find and implement solutions which are compliant with law and comfortable for users. Correlating these two points is crucial to implement Privacy by Design.

    Another significant thing is definition of applicable law and rationalizing legal requirements of different jurisdictions. It is also important to be familiar with world-best trends and approaches and be ready to implement them. Additionally, it is worth to be mentioned that DPO should make sure that all employees are aware of data protection issues and able to handle data in accordance with internal policies.

    That is why I spend huge amount of time educating and training our staff to communicate with people.       

    What are the strategies that may help someone to clear the certifications for CIPM, FIP, GDPR DPP and GDPR DPM?

    From my point of view, the best strategy is to combine theory and practice, to educate oneself continuously and try to implement all new knowledge in practice immediately. 

    Denis, can you please share the compliances for AI and legal tech in Russia?

    Russia is prominent by its IT professionals including the field of AI. Currently many small and medium companies are leaving Russia because of political instability, but leaders are in place. These are mainly two hugest companies: Sber (not only Sberbank, but the group of companies on the whole) and Yandex Group. Speaking about legal tech, I’d indicate such companies as Pravo.ru, Kept (former KPMG) Seamless (former CMS), Consultant, Garant and others.   

    As someone who is passionate about pursuing law in Russia, what are brownie points one need to always look out for?

    Russia is European country and belongs to European continental legal tradition. Russian legal system by its nature is an example of civil law jurisdiction based on Roman legal heritage. The composition of system and vast majority of legal institutions are derived from French ones, some from German.

    Influence of English law took place but was not significant. Robust French-fashion frame of law is spoil by some unreasonable derivations and poor enforcement and legal culture. Utmost positivism is a predominant way of thinking among practitioners.

    That is why it is useful to explore Russian law in the context of European jurisprudence, particularly, French.       

    Unfortunately, currently it is not the best time for jurisprudence in Russia. Legal system is not in well fit and it is continuing to be erased. Almost each new piece of legislation undermines coherence and predictability of legal order. It seems like Russian rulers are trying to follow all bad examples of Lon Fuller’s Rex.

    True sense and purposes of law are quite frequently perverted and misused during the application and enforcement. Independent judiciary does not exist. Truly speaking, the rule of law at all does not exist.

    We need a new generation of lawyers who could reinforce rule of law, priority of internationally recognised principles, universal human rights, predictability and coherence of legal system.   

    Lastly, any advice for our young legal professionals?

    Stick to your principles and aways remember that lawyer’s mission is to protect human rights and uphold rule of law and justice rather than merely apply legislation. You should be able to find law behind sophisticated and controversial language of legal texts.

    It is up to you to be creators rather than executors and improve your legal system and legal environment.

    -Denis Sadovnikov

    Get in touch with Denis Sadovnikov-

  • In Conversation with: Josephina Nshunju, Founding Leader & CEO – Association of Privacy Lawyers in Africa and Data Data Privacy Analyst (CIPP/E) at Kazient Privacy Experts

    In Conversation with: Josephina Nshunju, Founding Leader & CEO – Association of Privacy Lawyers in Africa and Data Data Privacy Analyst (CIPP/E) at Kazient Privacy Experts

    This interview has been published by Prabhjot Singh, Priyanka Karwa and The SuperLawyer Team

    Did you always want to become a Lawyer or was it something that you decided in the later part of your school life? What other career options would you have considered, if not law?

    As a child I was drawn to the elegancy of the legal profession. I didn’t know much back then other than the fact that I loved how they dressed and spoke with so much confidence. When I was in high school I became fascinated with Fashion Designing and decided I was going to be a fashion designer but being an African child, I really didn’t have that much freedom of choice. My father felt there was no future for fashion in my country.

    In that day and age he was right. Since I had studied art subjects togather with Fashion science, it was now a matter of so what’s plan B. First I was thinking maybe Business Administration but since I needed to have at least 3 choices I selected law but I was sceptical about it.

    So, being a lawyer was not my first choice but looking back and analyzing the kind of person I am,  I now believe I was always meant to be a lawyer. So naturally this answers your second part of the question as well. If I wasn’t a lawyer I would have either been a Fashion Designer or a Professional Baker. In fact I owned a home baking business before relocating to Sweden and I still bake for my family and friends when they have special celebrations.

    How smooth is it to be an in-house counsel? Or is it the other way round? 

    Well I would it has it’s challenges but if you are comparing it to being a litigation lawyer working in a law firm, I would say in-house is smooth. One thing I love about being an in-house counsel is that you get exposed to a more practical aspect of the corporate culture and that helps you a lot when advising clients. I noticed when I collaborated with our external panel of lawyer on some of our cases, it was a bit of a challenge explaining to the how the processes work in the organisation vis a vis what the law says.

    There are skills I obtained working in-house that have helped me feel comfortable doing tasks that’s weren’t strickly related to legal.

    Not many young female lawyers reach the height you achieved, what was the story behind your success? Were you the privileged child or had to dig in deep to quench the thirst? 

    I have not done much research in this area so I can’t really say whether there are many or few female lawyers that reach this level, but I one thing i know for sure is, there are more female lawyers working in house than in legal practice.

    It takes boldness to be a litigation lawyer and I applaud all the ladies that chose that path. I wouldn’t consider myself privileged but some people might judge me as such because I did obtain my early education and high school education in Zimbabwe which at the time was considered to be the country with the best education in Africa.

    Returning back home to Tanzania for my university education and even when I started working I did notice I had a bit of an advantage because of that experience. I was also very lucky to get my first job two weeks after my final university exam and it was in banking. That is why I never worked in a law firm.

    What can be the real challenges while establishing a career in the field of law?

    Law is very wide as you know. There are many branches of law and areas of practice. One of the challenges faced by many young lawyers is choosing an area of practice as well as whether to work in-house or in a law firm. It’s very important early on to decide your niche and start investing more in it. Trying to be a master of all is ending up being a master of none. When it comes to deciding where to work, it’s another challenge.

    For most law graduates, the first that comes to mind is work in a Law firm, but they quickly realise how tough it is to make it in a firm. This brings confusion because throughout law school (at least where I come from) the lecturers prepare you for a career in a Law firm. But the world is different so you start struggling because you are not sure of where else you fit. We are rarely told of the option to work in-house. It took me a while to understand that I could have an in house career and still get my practising license.

    What responsibilities do companies have under the GDPR?

    Companies have a lot of responsibilities under the GDPR. I can’t go into details listing everything that a company need to comply with but it all comes down to accountability.

    Accountability to itself, its employees, its customers, the general public and the territories in which they operate their businesses. Companies are held accountable under the law for how they govern personal data. So that means from the moment they collect it to the moment it’s destroyed and forgotten.

    A company is responsible for making sure the data is secure both materially and physically, only those who need to access have access, it’s accessed and used for only the purposes for which it was obtained, It should never be kept for longer than is necessary and if it was be shared with other companies or sent to another country the proper security measure should be applied.

    There is a lot that goes on behind the scenes than what I can describe here, but in a nutshell the above gives you an overview of what the GDPR requires.

    As we know, metaverse, NFT’s all are on the rise, but how does it impact our privacy standards and other regulations?

    Unfortunately I am not well versed on what is going on as far as Metaverse and NFT’s are concerned since that has not been my area of focus as yet, so I will refrain from assumptions. I can comment what I know in general. There is a lot that is going on with technology and it’s moving very and it’s quite unfortunate that laws will always be reactive because unfortunately laws are always enacted to solve a problem that has already occured.

    Legislators will need to relook at our privacy laws and other legal instruments to make sure we uphold people’s right to privacy as these new inventions will have access to even more personal information that has potential to cause more damage than what we see today.

    How has been your experience as a Co-Founder and Interim CEO of he Association of Privacy Lawyers in Africa (APLA)

    APLA is still very young, we officially launched it end of September this year. There is a lot to be done. It’s hard to describe it, but I will try.

    When Igxtelle who had the vision for APLA contacted me and mentioned that she believes that she and I would do great things together, I can tell you for sure APLA was nowhere near what I thought she meant. The vision of APLA is so huge that I am often scared even to try to imagine it, but I feel beyond blessed to be part of it’s inception, and now it’s establishment.

    It’s also a huge challenge because nobody has walked this path before us. There are other associations but we all have our uniqueness so working on the organisational structure, setting up everything and managing a team where all of you are new to the tasks, is quite a challenge.

    The good thing is I am not leading it alone. I am with all the other 6 founders supporting me step by step so I don’t feel that much pressure yet. I am excited about what the future holds for us and maybe on our 1 year anniversary I will have a different story to tell.

    Would you like to give few advices to young legal professionals that worked well for you?

    Believe in yourself and focus on your goal until you achieve it, as I always say consistency over perfection. Choose your niche and invest in it academically, professionaly and even in networking. Find a mentor and you can have more than one mentor actually.

    Someone you know you can respect and you see where they are is where you would like to be. This cuts down your learning curve significantly.

    You can have a mentor to guide your professionally and another to help you with your personal brand/profile. Never underestimate the power of continuous personal development. Whether you are employed, in between jobs or self employed always invest in perfecting your craft, attend networking events and learn from other people’s experiences.


    Get in touch with Josephina Nshunju-