Sep 2021 – Dec 2025 · 4 yrs 3 mos

• Established and scaled a global Privacy & Data Protection Capability Area, building and leading five teams across four countries. Accountable for delivering compliance with global privacy legislation across 1st and 2nd lines, i.e Data Subject Rights, Records of Processing Activities, Privacy by Design controls and implementation, data retention and deletion standards, employee privacy training, awareness and communications programs, first-line risk assessment and remediation, embedding privacy standards across business units, as well as operational and framework-level privacy metrics.
• Defined strategic direction aligned to corporate priorities, setting Service Level Agreements and
• successfully negotiating operational tooling Service Level Objective agreements to drive operational
• maturity and compliance across Booking.com, FareHarbor, and Booking Holdings Financial Services.
• Key Achievements:
• Developed the hiring strategy and resource requirements to scale services globally through
• multi-year planning.
• Coached first-time managers into autonomous, high-performing leaders.
• Streamlined privacy operations across multiple brands.
• Designed and implemented global privacy training and communication programs
• across 30+ global offices , driving leadership engagement.
• Delivered stakeholder alignment, ensuring sustainable compliance and operational efficiency.
• Increased operational capacity via automation, recruitment, and process redesign, underpinned by the development of operational metrics.
• Conducted an M&A privacy due-diligence assessment on behalf of the parent company, identifying risks and shaping remediation activities and commitments prior to acquisition.
• Delivered the Global Privacy Shared Services model for BHI, supporting all sister brands to drive operational maturity and risk mitigation.
• Represented Booking.com as a standing member of the Booking Holdings Inc. Global Privacy
• Function, alongside the Chief Privacy & Data Protection Officers of the broader group.

May 2018 – Aug 2021 · 3 yrs 3 mos

• Built and managed the Privacy & Data Protection function for Rentalcars.com/Booking.com Transport Limited, embedding global privacy compliance into operations across multiple business units including Customer Services, Human Resources, Marketing and Technology, with a heavy focus on the General Data Protection Regulation, in addition to the privacy legislations in the US, Brazil, and China.
• Established operational processes, procedures and frameworks for regulatory compliance.
• Deputised for the registered Data Protection Officer, liaising with the Information Commissioners
• Office.
• Oversight and lead on Data Subject Rights Requests, Data Protection Impact Assessments, Record
• of Processing Activities, data retention and deletion standards, incident response, cookie governance,
• and employee privacy training.
• Key Achievements:
• Established the Privacy Management Team , fostering collaboration between Legal, Security,
• and Compliance.
• Successfully managed regulatory engagement and resolution of authority queries.
• Aligned operational privacy processes across the separate legal entities of
• Rentalcars.com/Booking.com Transport and Booking.com.
• Lead on privacy incident management, driving resolution and retrospective actions.
• Delivered GDPR readiness programs, privacy policies, and audit frameworks.

Apr 2016 – May 2018 · 2 yrs 1 mo

• Lead operational readiness for GDPR, including gap analysis, Data Subject Rights Requests process design, and identity validation.
• Supported PCI and compliance alignment across multiple functions.
• Oversaw stakeholder engagement and vendor management for a new multi-channel contact platform.
• Owned CS tooling optimisation, including telephony services (system admin) leading to annual
• savings of £0.5m.
• Developed relationships across Customer Services and Technology departments to establish
• resolution frameworks and agreements for issue prioritisation leading to increased productivity for the
• Service Desk.

Jan 2015 – Mar 2016 · 1 yr 2 mos

• Designed and implemented workforce planning systems for international multi-site contact centres.
• Implemented and optimised the Real Time functionality for Customer Services
• Optimised overtime processes, automating business requirements leading to an operational saving of
• 10 hours per week.
• Introduced access controls to safeguard personal data, while optimising resources to meet demand.
• Business partner to the third party Work Force Management service provider, driving roadmap
• improvements.

Mar 2013 – Apr 2014 · 1 yr 1 mo

• Delivered the replacement of a county-wide social care database, addressing legacy data migration, privacy risks, and access controls, working in a multi-disciplinary team to gather and execute on requirements.
• Designed and lead on User Acceptance Training, including accessibility tool compatibility.
• Designed and implemented staff training and process improvements.

Jul 2011 – Dec 2014 · 3 yrs 5 mos

• Supporting the core planning function of the Customer Access Service to manage and maintain service performance.

Jul 2009 – Jul 2011 · 2 yrs

• Developing and aligning services across a multi-tier Council structure, developing best practice and reporting tools to monitor the success. Creating and maintaining strong relationships with third party agencies for continued success.

Aug 2004 – Jul 2009 · 4 yrs 11 mos

• Undertaking of Section 47 (NHS and Community Care Act 1990) Social Care assessments through the collection and processing of personal and special category data, and commissioning of services to meet need. Leading several high-profile projects, to deliver high-cost savings and protect vulnerable adults within Private Residential Care Services.

Mar 1997 – Aug 2004 · 7 yrs 5 mos

• Developing community based satellite services across East Lancashire and building sustainable relationships with local and voluntary organisations to provide valuable opportunities.