Wole Folayanka

Key Responsibilities & Achievements

• Lead GDPR, HIPAA, CCPA, HITECH, PIPEDA, and U.S. state privacy law compliance assessments, including PIAs, DPIAs, and regulatory risk reviews across EHR, research, telehealth, and enterprise systems.
• Serves as a key stakeholder in privacy incident intake, investigation, risk-of-harm analysis, breach determination, and regulatory notification, partnering closely with Legal and Cybersecurity teams.
• Maintains data mapping, data inventories, Records of Processing Activities (ROPA), and data classification frameworks using OneTrust and RSA Archer.
• Collaborated with InfoSec and IT teams to implement data loss prevention (DLP), encryption, access controls, and data minimization policies.
• Supports policy development aligned with OCR/HHS, ISO 27001, and NIST CSF frameworks.
• Coordinated third-party risk assessments, DSAR workflows, and vendor privacy reviews.
• Co-lead audit readiness initiatives for HIPAA, SOC 2, and HITRUST certifications.
• Analyzed compliance data to verify adherence to applicable regulatory standards and internal policies.
• Develops and roll out staff compliance training programs, fostering organizational privacy awareness.
• Conducts routine audits to identify process risks, recommending and tracking corrective actions.
• Partner with cross-functional teams to streamline compliance reporting, improving reporting accuracy and cycle time.
• Monitors evolving privacy and data protection regulations, updating internal policies and procedures to ensure ongoing compliance.

• Privacy Program Governance & Operations
• HIPAA, GDPR, CCPA/CPRA, HITECH, PIPEDA, and U.S. State Privacy Laws
• Privacy Impact Assessments (PIAs) & Data Protection Impact Assessments (DPIAs)
• Privacy Incident Response, Breach Management & OCR/HHS Reporting
• Data Mapping, Records of Processing Activities (ROPA) & Data Inventory Management
• Data Classification & Information Governance
• Data Subject Access Request (DSAR) Management
• Third-Party Privacy Risk Management & Vendor Assessments
• Business Associate Agreements (BAAs) & Data Processing Agreements (DPAs)
• Privacy Policies, Procedures, SOPs & Governance Frameworks
• Privacy Key Performance Indicators (KPIs), Key Risk Indicators (KRIs) & Metrics
• Audit & Regulatory Support (OCR, ISO 27001, SOC 2, HITRUST, NIST)
• Cookie Consent Management & Online Tracking Governance
• Privacy by Design & Privacy by Default
• Emerging Technology & AI Privacy Reviews
• Security & Privacy Controls Collaboration (DLP, Encryption, Access Controls)
• Privacy Training, Awareness & Workforce Education
• Cross-Functional Collaboration (Legal, IT, Security, Compliance)
• Privacy Tools & Platforms: OneTrust, RSA Archer, Navex (EthicsPoint)

Conducted Privacy Impact Assessments (PIAs) for systems, products, applications, cloud services, and customer-facing platforms, identifying privacy risks and recommending mitigating controls prior to implementation.
• Supported enterprise privacy compliance across retail and digital banking operations in alignment with GLBA, CCPA, and applicable U.S. state privacy and breach notification laws.
• Advised business, product, and marketing teams on privacy by design, data minimization, purpose limitation, and lawful processing of customer and employee financial information.
• Reviewed and advised on privacy provisions in contracts, including vendor agreements, service provider contracts, and data-sharing arrangements, ensuring alignment with banking regulatory requirements.
• Managed consumer and employee privacy rights requests (DSARs), ensuring accurate responses, identity verification, and fulfillment within statutory timelines.
• Coordinated privacy incident intake, investigation, and breach response, supporting internal escalation, documentation, and regulatory notification obligations in accordance with GLBA and state breach laws.
• Performed third-party and data-sharing privacy assessments, evaluating vendors, affiliates, and service providers for compliance with contractual and regulatory privacy requirements.
• Executed cross-border data transfer and data-flow reviews for global banking operations, assessing risks related to international processing and shared services.
• Reviewed data retention and records management practices and tracked privacy metrics to monitor compliance trends and operational effectiveness.
• Prepared and coordinated documentation for regulatory examinations, audits, and internal reviews, collaborating with Legal, Compliance, Risk Management, Information Security, and Technology teams

• Supported SQL Server versions from 2008 to 2019.
• Monitored and tuned system performance to ensure 99.9% uptime.
• Automated backups, index maintenance, and integrity checks with agent jobs to reduce manual effort.
• Designed SQL Audit and Security Policies to maintain compliance with internal and external standards.
• Performed Database backup and restore
• Implemented Transparent Data Encryption and Dynamic Data Masking to enhance data security in both in-transit and at-rest scenarios, safeguarding sensitive customer information.
• Implemented Row Based Access Control, and backup automation
• Performed security audits and implemented SQL Server Auditing policies to track access and ensure compliance with regulatory standards
• Spearheaded the implementation of SQL Server security protocols, managing user roles, logins, and permissions to ensure database access control and mitigate unauthorized access in production environments.
• Designed Log Shipping, Database Mirroring, and Replication solutions for data continuity and disaster recovery.
• Performed daily monitoring of SQL Server Agent Jobs to ensure timely execution of data loads, system alerts, and automated backups, preventing potential disruptions in business operations.
• Ensured database compliance with HIPAA
• Operating Systems: Windows Server, Linux