Noriswadi Ismail

Noriswadi Ismail
Managing Director

Global Data Privacy; Former Big4 GDPR Lead; DPO

Noriswadi Ismail is a Managing Director at Ankura, based in London. Noris oversees and grows the firm’s UK, EMEA, and Asia data privacy practice, focusing on data protection and privacy assessments, data privacy and security strategies, data privacy governance, including general data protection regulation (GDPR) reviews, and implementation and improvements. He also leads the team providing binding corporate rules (BCRs), project advisory and management services, data governance improvement, data privacy technology implementation, code of practice reviews, data subject access request (DSAR), data breach regulatory analyses, and customized data privacy and security training.

  • Experience

    Noris brings deep knowledge of global data privacy laws, regulations, strategies, governance, and business process improvements to his role, drawing on his international experience across a broad range of industries, including financial services, technology, entertainment, retail, education, not for profit, life sciences, automotive, consumer products, and energy, among others. He has delivered global data privacy projects for companies ranging in size from start-ups to Fortune 500 and FTSE 100 enterprises, as well as public-sector regulatory agencies. He is highly attuned to current frameworks and technologies, emerging trends, and best practices related to data privacy. Noris’ international experience encompasses Asia (China, India, Japan, and the ASEAN nations of Malaysia, Indonesia, Singapore, and the Philippines), Australia, New Zealand, the UK, Middle East, India, the Gulf Cooperation Council (GCC) Region and the European Union. He is a leading specialist in global data transfers between the countries of the European Economic Area and ASEAN regions and the US.

    Prior to joining Ankura, Noris co-led the EY data protection and privacy consulting practice based in London. He previously cofounded and served as managing consultant for Quotient Consulting, a data-privacy specialist firm with offices in London, Kuala Lumpur, and Singapore. Noris began his career as a lawyer, working at firms and as a general counsel and corporate secretary. His legal studies included research and advanced courses in intellectual property, IT, and telecommunications law at universities in the UK, US, Japan, and Malaysia.

    In addition to his professional positions, Noris has served on the Asia Advisory Board of the International Association of Privacy Professionals and as a board member and scientific director of the European Privacy Association. He also cofounded the first data protection academy in Malaysia and Southeast Asia, where he was executive director and head of the advisory board.

    Noris was a guest lecturer on Europe, US, and Asia data protection in HTW Berlin – University of Applied Sciences’ Master of Project Management and Data Science program, and virtual guest lecturer for MBA program in College of Business Administration, Prince Sultan University, Kingdom of Saudi Arabia on global data breach; emerging themes and trends. Noris was also the US Fulbright Professional Exchange Fellow in Fordham and George Washington Universities, the UK British Chevening Scholar Alumni and the Association for Overseas Technical Scholar Alumni of Japan.

    Noris’ professional experience includes:

    • Interim DPO – Served as Interim DPO for EY UK & Ireland data protection office, based in London. Noris worked and engaged closely with EY business support global teams (general counsel, risk management, marketing, procurement and wider client facing and non-client facing teams involved in complex data processing activities across EY entities globally).
    • Global GDPR Assessment, Implementation & Improvement – Leadership of more than 30 projects/program of Fortune 500 and FTSE 100 enterprises. Workstreams: Data protection impact assessment, training and awareness, records of processing activities, policies and procedures (standard operating procedures), DSAR request, global data transfer, data security, cookies and data protection/privacy by design.
    • BCR – Leadership of BCR projects/program of leading global organizations in the UK key activities/deliverables: Project management (aligning with data protection authority, law firms, and vendors’ project team detailed BCR activities, timeline/deadline) and BCR Audit (data privacy and cybersecurity).
    • Data Breach Response – Co-led data breach regulatory and risk-based analysis for a leading industrial product organization, globally headquartered in London, having operations and entities in the US (20 States), Europe (Germany and the Netherlands), and Asia (China).
    • Global Data Privacy & Cybersecurity Training – Clocked more than 10000 hours of training and customized workshops ranging from C-Suite, senior leadership, management, functional, and variety of stakeholders. Partnered with IAPP, leading law firms, conference organizers, tech vendors, and risk consulting firms globally.
    • Global Data Privacy Governance Framework – Co-led data privacy governance review for leading global retailer, life science, energy, financial services and telecommunications’ organizations. Led workshops and stakeholders’ interviews aimed to assess existing governance and suggest cost effective and pragmatic baseline linked to the organizations’ business and digital strategies, operating model and prioritized/focused data processing activities. Partnered with leading law firms globally.
    • Code of Practice (CoP) Review – Led CoP review for a leading utility/electricity/energy organization in Asia.
    • Global Data Privacy Public Consultation – Led and engaged with global data protection authorities in wide range of data privacy consultations in the UK, Europe, Middle East, and Asia. Partnered with leading law firms, universities, focused groups, and risk consulting firms globally.

  • News & events
    • Global Data Privacy Update: India Personal Data Protection Bill 2019, 12/02/2020, London, United Kingdom, with Salman Waris, Managing Partner, TechLegis; David Manek, Senior Managing Director; Ankur Sheth, Senior Managing Director; Tomi Taggart, Managing Director; Amber Gosney, Senior Director, Ankura
    • Artificial Intelligence, Data Privacy & Cyber Security Assurance, PrivSec Global, 12/01/2020, London, United Kingdom/New Delhi, India/Sydney, Australia, with Ryan Rubin, Senior Managing Director, Ankura, Joao Torres Barreiro, Global Chief Privacy Officer, Willis Towers Watson, Salman Waris, Managing Partner, TechLegis; Alec Christie, Partner, Digital Law, Mills Oakley
    • Best Practice Advice on Data Sharing Requests Policy, PrivSec Global, 11/30/2020, London, United Kingdom/Nigeria/Abu Dhabi, UAE/Egypt, with Dr. Ololade Shyllon, Privacy Policy Manager, Middle East and Africa, Facebook; Mohammed Embaby, Senior Privacy & Data Protection Lead, Vodafone Egypt; Stevan Stanojevic, Group Data Privacy Manager, Etihad Aviation Group; Olumide Babalola, Digital Rights Attorney & Data Protection and Privacy Practitioner
    • Global Data Privacy & Cybersecurity during COVID-19: Lessons Learned, 11/19/2020, University of Greenwich, International Business Society, London, United Kingdom, with Carlo Shyrbi, Vice President, International Business Society
    • Global Data Privacy & Cybersecurity Insurance 2020 Roundtable, 09/015/2020, London, United Kingdom, with Patrick Smith, Airmic; Ryan Rubin, Senior Managing Director, Ankura; Tony Kriesel, Senior Claims Underwriter, Hiscox
    • Egypt’s New Personal Data Protection Law, 09/08/2020, Egypt/UAE/Kingdom of Saudi Arabia/London, United Kingdom, with Nick O’Connell, Partner, Al Tamimi & Company; Ayman S. Nour, Partner, Al-Tamimi & Company
    • Post Covid -Financial Risk: Forum with Risk and Compliance Practitioners, 08/13/2020, London, United Kingdom/Kuala Lumpur, Malaysia, with Abdu Razak Shakor, Managing Director, Esperanza; Nora Amin, Head of Compliance, National Bank of Egypt (UK) Limited; Farid Aziz Ibrahim, Head of Pricing, QBE European Operations, QBE
    • Middle East Special: Data Protection and Cybersecurity in Flux Across GCC, 07/30/2020, London, United Kingdom/Dubai, United Arab Emirates, with Vivienne Artz, Global Chief Privacy Officer, Refinitiv; Ryan Rubin, Senior Managing Director, Ankura; Nick O’Connell, Partner, Al Tamimi & Company
    • Global Data Privacy Landscape Podcast, 07/29/2020, London, United Kingdom, with Pragasen Morgan, Partner, Ernst & Young LLP
    • BCR 2020 and Beyond, 06/04/2020, London, United Kingdom, with Ashley Winton, Partner, McDermott Will & Emery; Paul Jordan, Managing Director Europe, IAPP; Thanas Loli, Global Head of Data Privacy & EMEA DPO, Northern Trust; Dr. Guido Reinke, Data Protection Officer – Group Strategy, Risk & Compliance, Knight Frank
    • Global Data Privacy Webinar – India Personal Data “Protection Bill & GDPR”, 06/05/2020, with Salman Waris – TechLegis Advocates & Solicitors, Partner, Head of TMT & IP Practice; Ashwin Jayaram, CEO & Co-Founder, Cybourn; Tiberiu Anghel, Co-Founder & Chief Strategy Officer, CyBourn; Mikhail Lastovskiy, Managing Director, Risk Forensics & Compliance, Ankura
    • “Technology & Risk Masterclass,” 05/28/2020, with Alexandru Stanescu, SLV Legal, Partner; Tiberiu Anghel, Chief Strategy Officer, Cybourn; Mikhail Lastovskiy, Managing Director, Risk Forensics & Compliance, Ankura; Amber Gosney, Senior Director, Technology, Privacy and Cyber Risk Advisory, EMEA, Ankura; Felix Crisan, Co-Founder and CTO, Netopia Payments (MobilPay), Co-founder; Tracey Stretton, Managing Director, Data & Technology, Ankura
    • “Cybersecurity & Data Protection Virtual Workshop,” 05/11/2020, with Andrew Fawcett, Senior Counsel, Technology, Media & Telecommunications, Al-Tamimi & Company; Amber Gosney, Senior Director, Technology, Privacy and Cyber Risk Advisory, EMEA, Ankura; Andrew Catley, Director, Cybersecurity, EMEA, Ankura; Gavin McKay, Cybersecurity, EMEA, Ankura
    • Addleshaw Goddard & Ankura Globalising Data Privacy Event: A Focus on Asia, 01/21/2020, with Helena Brown, Partner, Head of Data, Addleshaw Goddard; Ivan Chang, Legal Director, Addleshaw Goddard
    • AIRMIC Academy, London, 12/04/2019, “De-Risking Global Data Privacy & Cybersecurity Risks in 2020″
    • Shaping Cyber Technology. The Beauty and The Risk, Bucharest, Romania, 11/20/2019, Keynote Speech: Data Privacy; “Data Privacy. Mission Impossible”
    • INBA, 8th Annual International Conference 2019 Celebrating 70th Constitution Day, New Delhi, India, 11/26/2019, “GDPR and Lessons Learnt and What to Expect in 2020 and Beyond” with Salman Warris, Partner, Head of TMT & IP Practice, TechLegis; Ashwin Jayaram, CEO, Cybourn; Deepak Talwar, National Security Officer, Microsoft; Aditi Mittal, Legal Counsel, Siemens; Vinayak Godse, Vice President, Data Security Council of India
    • C-Integrity Shanghai 2019, Shanghai, China, 11/06/2019, “Data Localisation Uncertainty and Complexity – Risk Based Approach; and Data Privacy – Integrating GDPR and New China Regulation” with Kate Chan, Senior Managing Director, APAC, Ankura; Henry Rui, Head of Compliance, VTB Shanghai; Thomas Song, Head of Compliance, I-Mab, Biopharma;
    • Crowell & Moring Event, London, 10/18/2019, “The ICO Bares [its] Sharp Teeth: What You Need to Know About GDPR One Year On” with Jeff. L. Poston, Partner; Ambassador Robert Holleyman, Partner; Maarten Stassen Partner; Laurence Winston, Partner, Crowell & Moring
    • Big Picture Seminar: Sustaining Resilience in a Global Marketplace, University of Greenwich Business School, 10/16/19
    • Al Tamimi & Co Higher Education Conference 2019, Dubai, UAE, 10/10/2019, with Martin Hayward, Head of Technology, Media & Telecommunications, Al Tamimi & Company; Fiona Robertson, Senior Counsel & Head of Media, Al Tamimi & Company; Joe Hazzam, Head of Communications, Marketing and External Relations, The British University in Dubai
    • Addleshaw Goddard & Ankura APAC Data Privacy Roundtable, 07/26/2019, with Ankur Sheth, Senior Managing Director, Cybersecurity, Ankura; Fred Chan, Managing Director, Data Consulting & Cybersecurity; Ivan Chang, Legal Director, Addleshaw Goddard; Jason Lau, IAPP Hong Kong Regional Leader & Chief Information Security Officer; Jeanette Whyte, Senior Policy Manager, GSMA
    • Ankura Breakfast Talk, 7/23/2019, “Global Data Privacy & Security, Transforming reactive to proactive,” with Ankur Sheth, Senior Managing Director, Ankura; Edwin Lee, Partner, GLT Law; and Dr. Sivasangaran Nadarajah, S.Nadarajah & Co
    • Ankura-Bristows Webinar, 5/28/2019, “GDPR 1st anniversary: are we proactive to improve?” with Robert Bond, Partner, Bristows; Richard Patterson, Managing Director, Cybersecurity, Ankura; and Winnie Chang, Founder & Managing Director, OrionW LLC
    • IAPP Global Privacy Summit, 5/3/2019, “Harnessing Privacy, Security and Transparency to Enable Data Innovation,” Washington DC, With Dana Simberkoff, Chief Risk, Privacy and Information Security Officer, Avepoint; and JoAnn Stonier, EVP, Chief Data Officer, Mastercard
    • Ankura Data Privacy Roundtable: Global Trends, 4/25/2019, “Data Protection Officer: Global Benchmarking and Insights,” London, with Ashley Winton, Partner, McDermott, Will & Emery; Adrian Leung, Data Protection Officer, Equifax
  • Insights & innovation
  • In the community