Richard Chudzynski

Leading the Eversheds Sutherland - Konexo Data Protection, Data Management, AI Governance and Data Regulatory practice in the Middle East, with a multi-disciplinary team through a legal/consultancy lens. Richard’s responsibility is to lead the practice by leading the delivery of strategic client data programs, assuring high quality output and innovation, setting and managing budgets and acting as a people manager and coach to the team. 

Key highlights include:

• DIFC Data Protection Commissioners Office - Support the DIFC in drafting the legal governance for AI Systems around Regulation 10.
• Richard led the assessment, implementation and operationalization of several subsidiaries of a KSA International Bank in their KSA PDPL program. This was an 18 month program which involved a multi-disciplinary team across a number of different sectors.
• GCC Data Regulator - Richard led the delivery and drafting of key Data Privacy artefacts for a National Regulator including the Regulators Handbook to data privacy, and introduction to the law and its operational and governance model.
• GCC Data Regulator – Develop, project manage and lead the Regulator’s Regulatory Data Privacy Sandbox (a first in the region) to help the KSA become a leader for data privacy compliance, innovation and experimentation, by supporting entities who are creating products and solutions that utilize personal data in innovative and safe ways.
• Leading Middle East Bank - Richard has led the privacy transformation of the leading bank in the Middle East to comply with the new Consumer Protection Regulations (UAE) as well as carrying out assessments across its international footprint. Richard also developed and is implementing the bank’s global data protection Governance Framework.
• Leading Middle East Bank - Richard is leading the legal support for an 18 month, multi million dollar privacy transformation across the Group, to include UAE Consumer Protection Regulations as well as the new UAE Federal Data Protection law.
• Leading the establishment of the first GCC national privacy regulator, from inception, to implement its data protection law. This enabled the client to make the case for expanding their budget and resources. The programme included developing its operating model including KPIs, official public guidelines, a notifications portal, public training initiatives, industry and international engagement initiatives, developing a national standard for compliance, drafting the Ministerial Decree in respect of the gaps in the law, and a multi-channel media strategy including promotional material and blogs.
• Establishing the privacy compliance programme for a GCC tourism department overseeing a global top 5 destination with over 15 million annual visitors including operating model, full Article 30 register, policy and procedures, training and awareness programme and guidance on ‘high risk’ DPIAs and other issues.
• Undertaking a privacy gap assessment and then establishing the global privacy program for a GCC flagship airline with an annual passenger count of 29 million compiling an Article 30 register and DPIAs, embedding new policies and procedures, privacy by design and default and undertaking personal data breach planning as well as advising on governance and specific processing of special category data.
• As member of a multi competence privacy team, Richard was the lead project manager and legal leader, performing a data privacy assessment covering a leading FS client in the Middle East, including design, maturity, gap analysis and road map for roll-out of a privacy policy, data breach procedure and data protection framework.

• Kingdom of Saudi Arabia Personal Data Protection Law Series
• Celebrating Data Privacy Day 2024 - co authored with Marea O’Toole
• Reflections from RISK GCC
• Oman PDPL handbook
• Musings from Max Schrems - A chat with the UAE Data Privacy Community - co authored with Lori Baker.
• Support UAE Data Privacy Working Group in preparing the official UAE Data Protection law Translation into English
• UAE Data Privacy Handbook
• KSA Data Privacy Handbook
• Bahrain Personal Data Protection Law Series covering, “Key Concepts, “Core Principles”, “Individual rights”, “Sanctions and penalties”, and “Cross Border Data Transfers”
• Developing and Implementing an Effective Data Privacy Compliance Program
• Force majeure privacy: insights into the imperative for data protection legislation – published in IAPP resource center, DIFC resource center, Journal of Data Protection and Privacy, Sedona Conference web page
• The DIFC’s New Data Protection Law: Lessons to be learned for future national data protection laws
• Kuwait – Data Protection in the Financial Sector – published guidance for One Trust Data Guidance
• Regulating the Internet of Things in the UAE
• Health Care Data Protection – A new Federal Law

• Nominated and shortlisted for the Giovanni Butarelli Award: for Excellence in Global Privacy Leadership (2023/24)

• Qualified Solicitor England and Wales (2005)

• Solicitor England and Wales Qualified 
• Certified Information Privacy Professional/Europe (CIPP/E), IAPP
• Certified Information Privacy Manager (CIPM), IAPP
• Fellow of Information Professionals (FIP)
• AI Governance Trained