Varsha Sewlal

Privacy and Tech Attorney

Executive Legal, Policy, Research and Information Technology Analysis and Deputy Information Officer(DPO), 2019 - Present
Information Regulator (Data Protection Regulatory Authority of SA), Johannesburg, SA
Oversee delivery of legal services across policy development, research, and IT analysis areas. Lead consultations of complex, diverse, and sensitive technological issues in line with Information Regulator’s mandate. Develop and implement strategies to drive cloud computing, cyber-security, data transfer and data protection initiatives. Compile privacy compliance frameworks, operator agreements, data privacy impact assessments and development of codes of conduct. Drafting of public policies and delivered training on data protection legislation. Information Security - Data Breaches, Enforcement.
 Engaged in African regional data protection initiatives and workshops with network of personal data protection authorities.
 Developing data protection compliance guidelines and frameworks.
 Artificial Intelligence Policy ( GIZ AFRICA-ASIA POLICY MAKER NETWORK)
 Designed cyber security and data protection toolkits and digital access programs.
 Engaged in African regional data protection initiatives and workshops with network of personal data protection authorities.
 Expert knowledge on data protection frameworks POPIA, GDPR, CCPA, LGDP, PDA, Article 379 of the UAE Penal Code, Constitution of the UAE (Federal Law 1 of 1971), Federal Decree-Law No. 45 of 2021 UAE Data law (2021).Knowledge of MENA data protection frameworks.
 Directs and supervises the activities of the Legal Unit and ensures consistency and transparency of the legal policies, practices and interpretation.
 Developing of guidance notes on consent, direct marketing, and codes of conduct, appropriate, reasonable, organizational and technical measures, processing of personal information, standard operating procedures to facilitate compliance with POPIA, GDPR, CCPA,LGDP,PDA
Page 2 of 6
 Knowledge of IT Governance Frameworks [NIST(National Institute of Standards and Technology ) Cybersecurity Framework , COBIT (Control Objectives for Information and Related Technology), ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) ISO/IEC 38500, Business Continuity and Disaster Recovery, King Principles of Corporate Governance.
 Conducting of internal privacy audits, reviewing of agreements with affiliates to assess privacy compliance and the provision of legal advice related to the work of the organization. (Data Protection Authority).
 Privacy by design and default , Regulatory Sandboxes
 Ensures legality in the implementation of the Organization's activities by advising on policy, constitutional and legal aspects or are related to the interpretation and application of legal instruments; the interpretation and drafting of legal instruments. Represents the Organization in consultations and negotiations involving constitutional and legal questions.
 Provision of legal opinions or advice on data protection, cyber-security, risk and compliance.
 Research on Fintech (block chain, crypto currencies, mobile payments, regulation of Fintech), data protection compliance, trans-border information flows, predictive analytics, big data & AI.
 Consent Management, Data Breach Management, Data Protection Adequacy Decisions
 AI Policy Development
Chief Director Legal Services and Deputy Information Officer(DPO), 2018 - 2019
Department of Employment and Labour, Pretoria, SA
Provided strategic direction to legal services unit and offered advisory and consultancy services on corporate governance processes. Drafted, managed, and coordinated litigation, legal contracts, ICT contracts, and memorandums of understanding. Developed policies such as labour law proposals and litigation strategies according to evidence-based research.
 Reduced litigation costs through developing and implementing appropriate management systems. Enhanced consistency across all legal departments by crafting cohesive litigation and legal services strategy.
 Developed data protection compliance guidelines and frameworks. Privacy by design and default principles. Drafting outsourcing agreements, cloud computing agreements and ICT Contracts.
 Privacy Compliance Frameworks and Personal Information Impact Assessments (DPA).
 Drafting of policy.
Page 3 of 6
PROFESSIONAL EXPERIENCE, CONTINUED
Master of the High Court (Head of Office), 2009 - 2018
Department of Justice and Constitutional Development, Pretoria, SA
 Directed daily functions of 300 staff members across two national offices. Oversaw regulation of curatorship’s, deceased estates, guardian funds, liquidations, insolvencies, and trusts. Managed financial, fraud prevention, HR, litigation, performance, service delivery, and stakeholder relations operations. Engaged in African regional workshops as well as high-level public and private sector interactions. Provided leadership and training to legal professionals and management teams. Drafted legal directives and policies to ensure data protection compliance and readiness with legislative frameworks including POPIA. Drafting of policies.
 Spearheaded project on transformation of state legal services in concurrent position as Chief Director Research for Department of Justice and Constitutional Development.
 Improved performance of state attorneys by designing and executing skills matrix and turnaround strategies.
 Advanced digital capabilities through leading implementation of E-Systems including e-learning modules, electronic diary management, as well as e-filing and e-government research.
 Advanced ICT contract management, data protection compliance, and risk analysis capabilities.
 Enhanced accountability, planning and transparency across departmental branch by effectively monitoring and optimising existing processes.
 Increased productivity outputs by 90% through designing bespoke evaluation, service delivery, and value chain systems.
 Developed data protection compliance guidelines and frameworks. Incorporate privacy by design and default principles when systems are being developed.
 Drafting outsourcing agreements, cloud computing agreements and ICT Contracts
 Privacy Compliance Frameworks and Personal Information Impact Assessments( DPA)
ADDITIONAL EXPERIENCE
Investigator, Office of the Public Protector, Pretoria, SA
 Investigation of maladministration, fraud and corruption in state departments
 Assessing of compliance and risk frameworks
 Drafting, litigation, ICT Law Contracts and high level stakeholder engagements.
 Provincial outreach manager for KZN and Head of Advocacy
 International Ombuds
 Mediation, Negotiation and Conciliation
Page 4 of 6
 Drafting of Policies
Senior Associate, Renisha Naidoo and Company, Durban/Kwa-Dukuza, SA
Civil and Criminal Litigation and Drafting , Privacy Law ,ICT Law Contractsrafting of Pleadings( particulars of claim, pleas, replication, provisional sentence,, claims in reconvention) Notice of Motion: heads of argument, affidavits, appeals),Arbitration proceedings, Drafting of Commercial Contracts and Employment Contracts, Data Protection Compliance, Lease, Sale, Administration of Deceased Estates
Insolvency, Execution, Cession, NDA, Breach of Contract, Credit Agreements, Eviction, Negligence, Suretyship
Sale of Immovable Property, Advanced Contract Law( Conditional contracts, Mistake, Illegality, Duress, Fraud, Performance, Variation and Discharge, Mora and Breach, Remedies for Breach, Damages, Interdicts, Cancellation)
Candidate Attorney, M.S. Mall and Company, Durban/Kwa-Dukuza, SA
Litigation and Drafting, Criminal and Civil Litigation, ICT Law Contracts, Drafting of Pleadings( particulars of claim, pleas, replication, provisional sentence,, claims in reconvention) Notice of Motion: heads of argument, affidavits, appeals),Arbitration proceedings, Drafting of Commercial Contracts and Employment Contracts, Data Protection Compliance, Lease, Sale, Administration of Deceased Estates, Insolvency, Execution, Cession, NDA, Breach of Contract, Credit Agreements, Eviction, Negligence, Suretyship,Sale of Immovable Property, Advanced Contract Law( Conditional contracts, Mistake, Illegality, Duress, Fraud, Performance, Variation and Discharge, Mora and Breach, Remedies for Breach, Damages, Interdicts, Cancellation
QUALIFICATIONS SUMMARY
 Proven track record in drafting legal guidelines, policies, regulations and impact assessments to support citizens in understanding and complying with data protection regulatory frameworks.
 Demonstrated expert skills in drafting and managing heads of argument, contracts, legal opinions, legal frameworks, policies and research papers.
 Accomplished abilities in representing landmark legal cases related to privacy in court proceedings.
 Astute Researcher on Data Privacy, Data Security, Data Transfers, AI Regulation, Global Data Protection and Cyber security Frameworks and ICT law ( spectrum, broadband ,universal access, interconnection, open data).
LICENSES & CERTIFICATIONS
Certificate Africa-Asia Policy Maker Network Peer Learning and Capacity Building Program on Artificial Intelligence, ( GIZ AFRICA-ASIA POLICY MAKER NETWORK 2021
Opportunities and Risks of AI,AI and Tech policy, AI Sectoral Approaches ( Health, State, Telecoms) , AI readiness ,Governing AI for more local innovation, AI for sustainable development, AI for economic and social development ,National implementation of AI policy, Data Governance and Data Sharing, AI Ethics and Human Rights, Building Responsible AI Ecosystems and Interdisciplinary approaches
Certificate in Cyber security, WomHub, 2021
Challenges of Internet Governance, Institut Barcelona Estudis Internacionals, 2018
Internet Governance, North American School of Internet Governance, 2018
Page 5 of 6
Policy Writing, Internet Corporation of Assigned Names and Numbers (ICANN), 2018
Conflict Resolution, Negotiation and Mediation, Department of International Relations and Cooperation, 2017
Advanced Leadership and Service Delivery in the Public Service, Administrative Staff College of India (ASCI), 2014
Certificate in Intellectual Property Law, World Intellectual Property Organisation and UNISA, 2011
AFFILIATIONS
Legal Practice Council, Member (Admitted Attorney)
IAPP, Member of International Association of Privacy Practitioners
Internet Society (ISOC), Member
Non-Commercial Users Constituency (NCUC) and Non-Commercial Stakeholder Group (NCSG), Member
CyberBRICS, Associated Scholar
British High Commission Pretoria and WomHub , ( November 2021 – March 2022) Cyber Resilience Digital Access Program Trainer
 Cyber Resilience Digital Access Program Trainer
 Training SMME’s on cyber security
 Training of women entrepreneurs on Cybersecurity
CONFERENCES, PUBLICATIONS, & PRESENTATIONS
African Network of Personal Data; Global Action on Cyber Crime Extended (GLACY+); IAIR Conference Dublin; ILO Geneva; International Ombud’s Association; Mandela Institute: Court Annexed Mediation: Successes, Challenges and Possibilities; Protection Authorities Workshops; SADC Lawyers Association.
South African use of technology during COVID-19
Protection of Personal Information Presentations and Training sessions conducted January 2021 to December 2021: Data Protection, Cyber Security Presentations :Human Sciences Research Council: Artificial Intelligence (AI) and Data Series, South African Human Rights Commission: Promoting a culture of Privacy amidst technology developments, Information Regulator: Codes of Conduct, The Coalition on the African Declaration on Internet Rights and Freedoms (AfDec), Statistician General, UNISA, University of the North West, SAWLA, British High Commission, DPME, Michalsons, ENS, Cliffe Dekker Hofmeyer, DLA Piper, Institute of Security Studies (ISS), Media Development and Diversity Agency, US Embassy, SCISS: ICT Security Workshop, IWFSA (International Women’s Forum South Africa) Leadership Development Digital Conversation, Mobius Service, OSISA, National Consumer Commission, Institute For Retirement Funds, AT & T, Gauteng Legislature, University of Pretoria, Governance, State Capacity Institutional Development Forum, University of Pretoria, US Department of Commercial Service, Competition Commission ,Roundtable with US Commercial Service and US Companies : Meeting with U.S. companies and the American Chamber of Commerce. Trans border Information flows, Data Protection Compliance Toolkits British High Commission, Cybersecurity Policy Exercise of South Africa and Pre-Workshop with GIZ Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH (German: Society for International Cooperation) & the Cybercrimes Act Workshop. Participation Global Privacy Forum, PrivSec.
 

Doctor of Laws (LLD) in Information Communication Technology [spectrum, broadband, universal access], Data Protection, Cyber security.
University of South Africa, Pretoria, SA, Expected Completion: 2022
Master of Laws (LLM) in Commercial Law – Specialisation in Banking Law and Advanced Electronic Commercial Law
University of South Africa, Pretoria, SA
Baccalaureus Legum (LLB)
University of Kwazulu-Natal, Durban, SA
Bachelor of Social Science in Law and Industrial Psychology
University of Kwazulu-Natal, Durban, SA