Summary
Overview
Work history
Education
Skills
Websites
REGULATORY & SECTOR EXPERTISE
Timeline
Generic

Samantha Ferreira-Pontes

Crawley Down,UK

Summary

Senior Ethics, Compliance, and Data Protection leader with extensive experience embedding ethical decision-making, cyber-aware governance, and accountability across complex, safety-critical operational environments. Trusted adviser to General Counsel, Executive Committees, Boards, and Audit Committees, balancing regulatory risk, cyber risk, and operational realities with commercial priorities. Proven leader in enterprise ethics and compliance programmes, privacy governance, investigations, and emerging technology oversight including AI, surveillance technologies, and high-risk processing. Experienced in designing and leading enterprise-wide ethics, compliance, and data protection programmes that embed accountability, transparency, and responsible technology use across complex operational organisations.

Overview

14
14
years of professional experience

Work history

Data Protection & Privacy Operations Lead (EMEA/APAC)

Columbia Threadneedle Investments – Global Privacy Office
London
2022.08 - 2026.03

Key Responsibilities Impact Highlights

Lead regional privacy and data protection governance across multiple jurisdictions in a highly regulated global asset management environment. Partner closely with legal, technology, cyber security, HR, marketing, and digital teams to ensure responsible data governance across complex operational systems. Promote a strong speak-up culture, ensuring concerns are investigated thoroughly and transparently.

· Lead regional and global privacy, ethics, and data protection governance, aligning programmes with business strategy and evolving regulatory expectations.

· Embed privacy-by-design and ethical decision-making into operational processes, technology deployments, and digital initiatives.

· Act as senior escalation point for privacy incidents, investigations, and regulatory risk matters, ensuring fair and defensible outcomes.

· Establish governance frameworks for AI-enabled systems and automated decision-making, embedding proportionality, bias awareness, and meaningful human oversight.

· Govern high-risk surveillance and monitoring technologies including CCTV, biometrics, behavioural analytics, and workforce monitoring, ensuring privacy-by-design and ethical oversight in complex operational environments.

· Partner with IT Security on cyber incidents, data loss events, and operational resilience, including eDiscovery, access control governance, and DLP programmes

· Design and operate risk-based privacy, ethics, and cyber controls including approval gates, assurance testing, and audit reporting.

· Deliver clear risk reporting to General Counsel, Executive Committees, Boards, and Audit Committees.

· Delivered governance and compliance programmes across multiple jurisdictions and regulatory regimes.

· Designed and delivered engaging ethics, data protection privacy, AI, and cyber awareness training to 10,000+ employees globally .

Reduced compliance and data risk exposure by 25% through strengthened governance, tooling, and cross-functional collaboration.

  • Orchestrated team training for improved operational efficiency.

Global Information Governance Manager

Equiom Group (Asset Management)
2021.06 - 2022.06

Key Responsibilities and Impact

Owned the design and implementation of a global information governance and data protection framework spanning multiple international jurisdictions.

· Developed and implemented five-year strategy covering privacy, compliance, and ethical data use.

· Led internal audits and compliance assessments to measure policy adherence, identifying risks and driving improvement programmes.

· Acted as subject matter expert on privacy and compliance for senior leadership, HR, IT, and marketing teams.

· Oversaw third-party risk management, due diligence, and vendor compliance monitoring.

· Drove adoption of governance standards across diverse international business units.

· Strengthened regulatory posture and audit readiness across global operations.

Embedded a pragmatic, business-aligned governance culture supporting operational growth.

GDPR/Privacy Specialist (Contract – Reporting to CRO)

Huntswood
2020.10 - 2021.02

· Delivered GDPR maturity assessments and remediation programmes for FTSE 100 financial services clients.

· Provided specialist advice on DSAR management, breach response, investigations, and regulatory reporting.

· Designed governance frameworks and delivered training for senior stakeholders.

Project Lead – Compliance (Data Retention Strategy & SMCR)

Equiniti
Crawley, West Sussex
2019.01 - 2019.10

Led enterprise-wide compliance and governance programmes across five corporate entities.

· Implemented data classification frameworks, retention strategies, and Records of Processing Activities.

· Delivered governance improvements aligned with SMCR accountability requirements.

· Partnered with C-suite stakeholders to embed ethical data governance and accountability frameworks.

GDPR Consultant

EY – Financial Services Clients (including Data Privacy Manager, Lloyd's Bank)
London
2017.11 - 2018.11
  • Delivered strategic GDPR consultancy for major banking and asset management clients.
  • Delivered end-to-end GDPR implementation programmes.
  • Appointed Data Privacy Manager at Lloyd's Bank during GDPR launch.
  • Advised on consent, digital advertising, surveillance, and high-risk processing.
  • Developed governance frameworks, investigations protocols, and training.
  • Key Achievements & Responsibilities

Programme & Project Leadership – Data Governance

NHS CCGs & International Health Organisations
2012.01 - 2017.01

NHS CCGs & International Health Organisations 2012 – 2017

Led information governance and ethical data-sharing initiatives in complex public-interest environments.

· Developed secure health data sharing frameworks and governance structures .

· Delivered programmes balancing public trust, regulatory compliance, and operational delivery .

· Supported national and international health organisations implementing ethical data governance.

Education

Bachelor of Arts - International Studies

The Open University
Milton Keynes
2006 - 2011

Master of Laws - Commercial Law with Information Technology Law & Commerce

University of Reading
Reading
09/2019 - 07/2020

CIPP/E -

International Association of Privacy Professionals

Skills

Ethics & Compliance Leadership: Lead enterprise ethics and compliance programmes; champion speak-up culture and investigations; report to Board and Audit Committees
Data Protection & Privacy Governance: Expertise in GDPR, UK DPA, PECR, and global privacy laws; develop data protection strategy and risk management; implement privacy-by-design and DPIAs
Technology & Data Risk Oversight: Govern AI ethics and technology frameworks; manage surveillance tech (CCTV, biometrics, workforce monitoring); oversee cyber-aware data risk and incident response
Assurance & Regulatory Engagement: Conduct audits, assurance, control testing; lead regulatory engagement and reporting; manage third-party risk and vendor compliance
Leadership & Culture: Lead cross-functional teams (legal, cyber, IT, HR, operations); deliver global compliance training; embed ethics and integrity into culture
Infrastructure & Operational Tech Governance: Oversee surveillance technologies, operational systems, and high-risk processing in complex environments
Governance & Board Engagement: Advise General Counsel, Executive Committees, and Boards on ethics, data protection, and emerging tech risks; present risk assessments and compliance updates; manage escalation of high-risk incidents and regulatory matters; support senior leadership balancing compliance, risk, and operations

Websites

REGULATORY & SECTOR EXPERTISE

  • Privacy, Data Protection & Regulatory Compliance
  • UK & EMEA: GDPR, UK DPA, PECR, NIS2, DUAA, Swiss FADP
  • Global: CCPA/CPRA, APAC privacy laws, emerging AI regulation
  • Emerging Regulation: EU AI Act, UK AI governance principles, ethical AI guidance

Timeline

Data Protection & Privacy Operations Lead (EMEA/APAC)

Columbia Threadneedle Investments – Global Privacy Office
2022.08 - 2026.03

Global Information Governance Manager

Equiom Group (Asset Management)
2021.06 - 2022.06

GDPR/Privacy Specialist (Contract – Reporting to CRO)

Huntswood
2020.10 - 2021.02

Project Lead – Compliance (Data Retention Strategy & SMCR)

Equiniti
2019.01 - 2019.10

GDPR Consultant

EY – Financial Services Clients (including Data Privacy Manager, Lloyd's Bank)
2017.11 - 2018.11

Programme & Project Leadership – Data Governance

NHS CCGs & International Health Organisations
2012.01 - 2017.01

Bachelor of Arts - International Studies

The Open University
2006 - 2011

Master of Laws - Commercial Law with Information Technology Law & Commerce

University of Reading
09/2019 - 07/2020

CIPP/E -

International Association of Privacy Professionals
Samantha Ferreira-Pontes