Hire Talent

Vicente Pomares Arias

Privacy Specialist

Dublin, County Dublin, Ireland

15+ Years Exp

Summary

Vicente Pomares Arias is a CIPP/E Certified Privacy Specialist with 15 years of experience designing, implementing, and managing comprehensive global data protection programs across multiple industries and jurisdictions. He provides strategic guidance on GDPR, CCPA, HIPAA, ePrivacy, PIPEDA, and other regulations, ensuring full compliance. Vicente has led assessments of privacy practices, identified gaps, and developed tailored remediation roadmaps, policies, procedures, and internal controls. Skilled in Product and IT Privacy, Due Diligence, and AI Compliance, he conducts DPIAs, risk assessments, and oversees international data transfers while optimizing DSAR processes and records of processing activities. Proficient in Agile privacy workflows, stakeholder coordination, and privacy by design, he builds and mentors high-performing teams, delivers awareness programs, and liaises with regulatory authorities, managing audits, investigations, and inspections in alignment with ISO 27001 and NIST CSF frameworks.

Technical Skills

Detailed View

Governance Framework

Product Privacy Review and Assessment

Incident Response

Agile Methodology

Data Privacy

Vendor Due Diligence Program

GDPR

Kanban

ISO27701

ISO 27001 Standard

IT Privacy

GenAI models

ISO42001

HIPPA

NIST AI RMF 1.0

Work Experience

Lead Corporate Counsel, Data Protection, Trust, Safety, and AI Governance

VPA LLP

Full Time | 29/07/2024 - Present

Ireland

GDPR & Data Privacy Compliance

Conducting comprehensive evaluations of corporate clients’ data privacy frameworks across private sector operations to ensure regulatory compliance.
Analyzing and benchmarking data governance strategies, risk management practices, and compliance controls against GDPR and industry best practices.
Designing, refining, and optimizing data protection policies, procedures, templates, registers, and operational processes for full compliance.
Drafting, reviewing, and negotiating a wide spectrum of contracts including NDAs, commercial agreements, SaaS contracts, partnerships, DPAs, and SCCs.
Applying Product Privacy Review and Assessment skills to evaluate necessity, proportionality, and lawful basis of data processing, ensuring GDPR compliance and privacy by design.
Leading the delivery of data protection projects, enabling clients to embed GDPR and other regulatory requirements into business operations effectively.
Drafting and negotiating Data Processing Agreements (DPAs) covering GDPR obligations, breach notifications, sub-processing, and international transfers, demonstrating Due Diligence Program expertise.
Advising client teams on Data Protection Impact Assessments (DPIAs), Transfer Impact Assessments (TIAs), and Necessity/Proportionality Tests for business transformations and emerging technologies.
Initiating DPIAs in Agile sprints, identifying high-risk processing and tagging backlog items for assessment, using Agile Methodology for DPIAs expertise.
Assessing and strengthening incident response frameworks, ensuring rapid and compliant handling of data breaches.
Providing expert guidance throughout complaints and administrative actions before regulatory authorities, managing DSARs, disputes, and legal processes.
Overseeing legal teams to navigate complex litigation before Circuit and High Courts regarding data protection matters.

AI Governance & Regulatory Compliance (EU AIA, ISO 42001, NIST AI RMF 1.0)

Developing and implementing AI strategies for clients, integrating generative AI to enhance products and operational efficiency.
Establishing best practices for AI ethics and compliance, aligning AI initiatives with regulatory and ethical frameworks.
Collaborating with product and technology teams to embed AI capabilities into new and existing offerings, ensuring responsible deployment.
Ensuring compliance with prohibited AI practices, transparency obligations, and user information requirements for high-risk and general-purpose AI systems, applying AI Compliance expertise.

Digital Services & Online Safety Compliance (EU DSA, Terrorist Content Online Regulation, Online Safety Code)

Designating and managing points of contact for intermediary services to maintain regulatory compliance.
Appointing and notifying legal representatives for service providers outside the EU/EEA, ensuring proper jurisdictional compliance.
Drafting comprehensive statements, terms, instructions, and misuse policies for digital platforms and online services.
Developing internal complaint-handling procedures, reviewing interfaces, and ensuring traceability of notices, actions, and traders related to illegal content.
Defining and implementing a Privacy Information Management System (PIMS), setting scope, leadership, roles, and policies aligned with ISO/IEC 27701 and 27001, demonstrating IT Privacy expertise.
Conducting risk assessments for functionalities of very large online platforms and services (VLOPs/VLSEs).
Advising on judicial and administrative orders for illegal content, balancing content moderation with fundamental rights.
Managing transparency reporting, compliance submissions, and responding to investigation proceedings, including hearings and inspections.

Corporate Legal & Investigations

Leading the drafting and negotiation of employment, consultancy, and data protection agreements in compliance with GDPR and EU/EEA labor laws.
Conducting investigations into misconduct, fraud, harassment, discrimination, safeguarding issues, and operational failings while adhering to legal and investigative best practices.
Preparing and presenting detailed investigation reports, recommendations, and preventive measures to senior management and stakeholders.
Performing rigorous quality control on eDiscovery workflows, ensuring data consistency, completeness, and compliance with technical and legal standards.
Identifying and resolving discrepancies in review sets and document productions, maintaining the integrity of legal and technical deliverables.

Head of Data Protection

Alshaya Group

Full Time | 22/09/2021 - 05/06/2024

United Arab Emirates

Served as the Data Protection Officer, leading data privacy and protection initiatives across multiple countries, including KSA, UAE, Qatar, Bahrain, Oman, DIFC, ADGM, Kuwait, Egypt, Turkey, and Morocco, ensuring regulatory adherence and organizational compliance.
Conducted thorough assessments of data protection practices to identify gaps, vulnerabilities, and areas of non-compliance, delivering actionable insights for risk mitigation.
Designed, developed, and executed strategic compliance programs that aligned business objectives with global data protection laws and regulatory frameworks.
Drafted, reviewed, and negotiated a wide range of contracts and agreements (NDAs, commercial, SaaS, partnership, DPAs, SCCs, employment contracts), embedding data protection considerations throughout organizational dealings.
Assessed risks, mapped data flows, and documented findings collaboratively during sprint planning and execution as part of Agile Methodology for DPIAs responsibilities.
Evaluated and implemented data protection tools and platforms such as OneTrust, enhancing organizational privacy capabilities.
Led incident response efforts for data breaches and privacy events, ensuring prompt escalation, remediation, and regulatory notifications.
Managed data subject access requests (DSARs), internal complaints, and external administrative processes with efficiency and regulatory compliance.
Refined and maintained data protection documentation, including privacy notices, DPAs, consent forms, and internal policies, ensuring clarity, accuracy, and compliance.
Assessed and mitigated third-party and cross-border privacy risks, including contractual safeguards and compliance monitoring, as part of IT Privacy responsibilities.
Advised subsidiaries and regional offices on evolving regulations, including the Digital Services Act, NIS2, and GDPR updates, providing guidance for operational alignment.
Conducted LIAs, DPIAs, and other risk assessments to ensure Data Protection by Design and Default principles were embedded in business processes.
Streamlined Records of Processing Activities (ROPA), improving organizational clarity, efficiency, and regulatory adherence.
Developed and oversaw global personal data mapping and international transfer strategies, strengthening binding contractual controls and compliance.
Led the design and rollout of data protection training programs, promoting awareness and accountability across the organization.
Aligned privacy and data protection initiatives with ISO27701, NIST 800 CSF, and ISO27001 frameworks, ensuring compliance and operational excellence.
Conducted and managed investigations into misconduct, fraud, harassment, discrimination, and other workplace risks, ensuring legal compliance and adherence to investigative best practices.
Prepared detailed investigative reports, including findings, recommendations, and preventive measures, and presented them to senior management.
Oversaw quality control of eDiscovery processes, validating data consistency, completeness, and compliance with technical and legal standards.
Built, mentored, and inspired a high-performing team of privacy professionals, fostering a culture of expertise, accountability, and continuous improvement.
Acted as a trusted liaison with regulatory bodies, maintaining strong relationships and proactive compliance engagement.
Led negotiation and drafting of employment, consultancy, and data protection agreements, ensuring compliance with GDPR, regional privacy laws, and MENAT labor regulations.

Associate Data Protection, Settlements & Litigation, Corporate Clients

VPA LLP

Full Time | 27/05/2020 - 11/08/2021

Ireland

Developed and implemented strategies that persuaded corporate clients to recognize and address the impact of data protection laws, regulations, and emerging trends, elevating the maturity of their data protection programs.
Redesigned and optimized data protection governance frameworks for complex global organizations across multiple industries, ensuring comprehensive oversight and regulatory compliance.
Engineered and deployed innovative technology and process solutions to minimize risks of data compromise and strengthen organizational privacy posture.
Utilized Product Privacy Review and Assessment experience to identify, assess, and mitigate privacy risks through technical and organizational measures such as encryption, access controls, and pseudonymization.
Conducted audits, reviews, and continuous improvement of privacy processes, ensuring regulatory compliance and ISMS integration under IT Privacy management.
Streamlined, drafted, and operationalized policies and procedures, delivering training to ensure alignment with regulatory requirements and organizational objectives.
Advised clients on drafting, reviewing, and negotiating commercial agreements with embedded data protection considerations, effectively mitigating compliance and operational risks.
Monitored audits, compliance, and defined data return/deletion procedures, liability, and indemnification clauses through Due Diligence Program management.
Proposed, prioritized, and validated mitigation measures within Agile workflows, ensuring DPO and stakeholder sign-off, reflecting Agile Methodology for DPIAs experience.
Analyzed and applied global legal and regulatory requirements concerning data location, cross-border transfers, and access restrictions to guide compliance strategies.
Prepared and negotiated contracts, including NDAs, commercial, SaaS, partnership, DPAs, SCCs, and employment agreements, ensuring full regulatory adherence.
Guided clients through Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), Data Protection Agreements, and Data Transfer Impact Assessments (TIAs), ensuring thorough compliance and risk mitigation.
Collaborated with diverse corporate stakeholders, delivering tailored privacy solutions in dynamic, high-pressure environments.
Directed litigation strategies, managing cases in Commercial and Civil Courts, resolving disputes with Supervisory Authorities, and handling claims related to data breaches and privacy violations.

Global Data Protection Officer - Exclusive Assignment

Xapo Bank

Full Time | 08/01/2019 - 07/04/2020

Gibraltar

Led the design and implementation of a comprehensive global data protection compliance program, addressing evolving regulatory requirements across multiple jurisdictions.
Developed, enforced, and continuously refined data protection policies and procedures aligned with risk levels to ensure robust organizational safeguards.
Provided strategic guidance to internal teams and leadership on GDPR, ePrivacy Directive, CCPA, HIPAA, PIPEDA, and other key global privacy regulations.
Collaborated with internal stakeholders across governance forums, strategic projects, and operational initiatives to drive the execution of data protection programs.
Designed, implemented, and oversaw internal controls to meet security and privacy requirements while mitigating operational and regulatory risks.
Streamlined reporting of data protection incidents and optimized client notification processes for accuracy, compliance, and timeliness.
Advised on personal data localization, international data transfer protocols, and assessed vendor compliance with global privacy standards.
Drafted, reviewed, and negotiated a wide range of contracts including NDAs, commercial agreements, SaaS contracts, DPAs, SCCs, and employment agreements to ensure privacy compliance.
Delivered actionable recommendations to close regulatory compliance gaps and strengthened organizational data protection frameworks.
Maintained and enhanced the organization’s register of processing activities for transparency and regulatory adherence.
Conducted thorough Due Diligence Program assessments of processors and sub-processors, reviewing policies, technical/organizational measures, and compliance certifications.
Oversaw data subject access request processes, ensured timely fulfillment, and provided guidance on litigation strategies when required.
Acted as the primary liaison with data protection authorities, managing investigations, complaints, and inspections effectively.
Led, mentored, and managed a team of privacy professionals to execute impactful DPIAs, LIAs, and TIAs, collaborating closely with business, product, engineering, and legal teams.
Proposed, prioritized, and validated mitigation measures within Agile workflows, ensuring DPO and stakeholder sign-off, reflecting Agile Methodology for DPIAs experience.
Identified, assessed, and mitigated potential privacy risks, implementing best practices in line with industry standards such as ISO 27001 and NIST CSF.
Championed data protection awareness by developing and delivering training programs, campaigns, and educational initiatives, embedding privacy considerations into core business processes.

National Data Protection Officer-Exclusive Assignment

B. Braun Group

Temporary | 28/03/2018 - 05/12/2018

Bluebell, Dublin, Ireland

Conducted thorough assessments of current data protection practices, identifying gaps and misalignments with regulatory requirements.
Evaluated and reorganized existing processes to bridge gaps between organizational practices and global privacy regulations.
Developed and implemented innovative remediation recommendations based on assessment findings.
Updated and maintained the data protection remediation roadmap to ensure alignment with evolving regulatory demands.
Proactively restructured and unified Records of Processing Activities (ROPA), executing comprehensive data mapping exercises in collaboration with Information Security teams.
Led and facilitated Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and Transfer Impact Assessments (TIAs) for existing and new projects, mitigating potential privacy risks.
Transformed and simplified responses to data incidents, including escalation procedures, remediation actions, and notifications to regulators and affected data subjects.
Streamlined the management and fulfillment of Data Subject Access Requests (DSARs), providing guidance on litigation matters before courts.
Developed, implemented, and maintained local data protection notices, Data Processing Agreements, consent forms, policies, and procedures.
Drafted, reviewed, and negotiated a wide range of contracts, including NDAs, commercial agreements, SaaS contracts, partnership agreements, DPAs, SCCs, and employment contracts, ensuring privacy compliance.
Led and expanded the Data Protection Team and Privacy Ambassadors, fostering a culture of privacy awareness.
Coordinated internal GDPR compliance activities, assigning responsibilities, conducting compliance reviews of data processing practices, and delivering awareness and training programs for staff involved in data operations.
Liaised with the Data Protection Commissioner’s Office and collaborated decisively with the Health Service Executive to ensure regulatory alignment.
Ensured compliance with EU and country-specific laws and regulations governing clinical trials, including the EU Clinical Trials Regulation (CTR) and European Medicines Agency (EMA) rules.
Identified potential legal and regulatory risks in clinical trial operations and proposed effective mitigation strategies.

Consultant Data Protection, Corporate Clients

VPA LLP

Full Time | 20/01/2016 - 10/04/2018

Dublin, Ireland

Led comprehensive assessments of corporate clients’ data privacy practices, identifying gaps, risks, and opportunities to enhance regulatory compliance.
Directed workshops and reviews of privacy governance frameworks, aligning organizational practices with strategic and regulatory requirements.
Evaluated and addressed compliance gaps, delivering actionable recommendations to strengthen data protection and privacy programs.
Developed and executed tailored remediation roadmaps, ensuring effective resolution of identified privacy and security risks.
Designed, implemented, and continuously refined privacy governance elements—including policies, procedures, standards, frameworks, training programs, and privacy notices—for global clients across diverse industries, ensuring adherence to international privacy regulations.

Education

Primary, Secondary, Middle Years and Baccalaureate Diploma Education

Colegio de Fomento Aitana

Bachelor's Degree in Law

Universitat d'Alacant

Major in Attorney in Law, International Law and Legal Studies

Master of Laws-LLM

Universidad Nacional de Educación a Distancia – U.N.E.D

Major in Data Protection Specialisation and Certified Subject Matter Expert

Certifications

CIPP/E

IAPP

Certificate Of Completion_Mastering Responsible AI From Concept to Auditing

LinkedIn | Issued On : 29/07/2024

Learning Data Governance

LinkedIn | Issued On : 30/07/2024

MLOps Essentials: Model Deployment and Monitoring

LinkedIn | Issued On : 31/07/2024

MLOps Essentials: Model Development and Integration

LinkedIn | Issued On : 10/07/2024

MLOps Essentials: Monitoring Model Drift and Bias

LinkedIn | Issued On : 08/07/2025

CertificateOfCompletion_Generative AI Skills for Creative Content Opportunities Issues and Ethics

LinkedIn | Issued On : 05/06/2024

CertificateOfCompletion_Introduction to Generative AI with GPT

LinkedIn | Issued On : 04/06/2024

CertificateOfCompletion_Introduction to Prompt Engineering for Generative AI

LinkedIn | Issued On : 04/06/2024

CertificateOfCompletion_Responsible AI Principles and Practical Applications

LinkedIn | Issued On : 03/06/2024

Foundations of Responsible AI

LinkedIn | Issued On : 05/06/2024

Responsible AI: Principles and Practical Applications

LinkedIn | Issued On : 04/06/2024

Hire Faster. Innovate Faster.

Hyqoo AI streamlines the entire process, moving seamlessly from precise skill matching to interviews and onboarding. The moment your request enters the system, our intelligent algorithms spring into action, identifying the ideal talent with laser focus. With Hyqoo AI, you spend less time searching and more time building your dream team. Get the best talent, faster, and focus on innovation