Sarah Diez bastide
Joinville le pont
Summary
I'm a CIPP/E accredited data protection and privacy counsel. With over 7 years of legal experience working in-house within B2B SaaS/tech companies and pharmaceutical industries, I have a strong background in global privacy and data protection across Europe and emerging markets. I can demonstrate expertise in regulatory compliance (GDPR, CCPA, ePrivacy, AI laws), contract negotiation, privacy program management, and incident response. I’m also skilled in developing policies and procedures, overseeing DPIAs, managing data subject rights requests, and advising on AI, marketing, and tracking technologies.
Curiosity, learning, relationship building and creativity are some of my values.
I need to be sponsored to work in the UK.
Overview
7
7
years of professional experience
1
1
Certification
Work history
Group Data Protection Officer
PayFit
Paris
06.2024 - Current
- Registered DPO for France, Spain and UK;
- Provides legal advice to all three PayFit legal entities on privacy and data protection matters whether they act as a controller (e.g. HR, marketing, finance) or on behalf of customers, as a processor (i.e. product related advice);
- Creates essential privacy procedures (e.g. Data Subject Right Requests management, DPIAs, ROPAs, etc);
- Ensures any new product development complies with applicable AI and data protection laws;
- Develops and provides role based training on privacy and data protection (e.g. HR, training on retention to product teams);
- Responds to data protection authorities queries;
- Advises on and takes necessary steps in addressing privacy incidents (e.g. notification to authorities and data subjects, or customers) and complaints from users, customers, or others data subjects;
- Keeps various contract templates up to date (e.g. customer and procurement Data Protection Addendum);
- Ensures Privacy Policies for all markets and data subjects are compliant and up to date (e.g. Customer Privacy Notice, Employee Privacy Notice, Candidate Privacy Notice);
- Ensures that any tracking, use of cookies or similar technologies, and direct marketing is carried out in compliance with ePrivacy regulations;
- Negotiates contracts with prospects, and completes privacy due diligence processes where required, in collaboration with the security team;
- Responds to data subject rights requests.
Senior legal counsel privacy
Sage
London
04.2021 - 05.2024
- Part of the Global Privacy Office, I was the main point of contacts for DPOs in Europe (i.e. France, Belgium, Germany, Austria, Spain, Portugal). I reported to and assisted the Chief Data Protection Officer for any privacy and data protection activity, globally (Europe, South Africa, North America);
- Participated in audits, globally, of compliance of various Sage affiliates with data protection regulations (including GDPR, POPI Act, CCPA);
- Drafted and implemented data protection procedures and guidance (e.g. Direct Marketing, Use of cookies and similar technologies, International transfers)
- Ensured any new product development complied with applicable AI and data protection laws, notably by carrying out DPIAs where necessary;
- Ensured any project involving the use of personal data was compliant with applicable data protection laws, notably by carrying out a DPIA, where necessary;
- Developed and provided general and role based training on privacy and data protection (e.g. on direct marketing and the use of cookies and similar technologies, or on compliant secondary use of personal data);
- Advised on and took necessary steps in addressing privacy incidents (e.g. notification to authorities and data subjects, or customers), including complex incidents with a global impact;
- Led advising globally on tracking, including using cookies and similar technologies or APIs such as the Google API or the Meta CAPI;
- Provided tailored privacy advice to the Sage AI team, on compliant creation, training and use of AI algorithms ( mostly machine learning, and then LLMs);
- Was responsible for compliance with the transparency principle at group level, making sure privacy Policies for all markets and data subjects were compliant and up to date (e.g. Customer Privacy Notice or the Employee Privacy Notice) - Notably led a project to update the Employee Privacy Notice globally (18 markets with employees) in 2023, and the full revamp of the UK Customer Privacy Notice in 2024;
- Worked on the creation of a Customer Trust and Security Hub, with contents to help customers carry out their due diligence, and videos to explain the basics of data protection for small businesses (which were a target);
- Responded to data subject rights requests, including complex employees and ex employees DSARs.
Legal Counsel Privacy
Sanofi
Paris
12.2019 - 04.2021
- Implemented Privacy Principles within the group (Privacy by Design, Transparency, Accountability,...);
- Coordinated Privacy project in Africa / Middle East / some European countries (training and coordinating activities of local privacy officers on ROPAs, DPIAs, etc);
- Carried out DPIAs and created specific DPIA templates using OneTrust;
- Drafted / helped negotiating data protection agreements (Processing agreement, Joint Controllership Agreements, Controller to controller),
- Drafted awareness and training contents, as well as guidance on various topics (e.g. profiling and automated decision making);
- Led advising on web compliance topics : cookies consent, privacy policies, risk assessment of digital projects,
- Advised internal clients on R&D related topics (e.g. clinical trials, studies using health data) and Real World Evidence
- Manages data subject right requests.
Junior Legal Counsel
Pfizer
Paris
01.2018 - 09.2019
- Drafted and negotiated contracts of services, partnerships, sponsorships, licenses, clinical trial agreements, data sharing agreements;
- Provided general legal support to several Business Units (e.g. commercial law, IP, competition law);
- Data protection: update of contract templates with a DPA, carried out DPIAs, created and implemented a security policy with the IT team
Education
Master Degree - European Business Law
Université Paris Nanterre
Master (First year) - European law
Université Paris 1 Panthéon-Sorbonne
Licence - Politics
Université de Namur
Licence Degree / Bachelor - Law
Université de Montpellier
Skills
GDPR
UK GDPR and Data Protection Act 2018
ePrivacy and PECR
POPIA (South Africa)
OneTrust
Tech Industry
SaaS B2B
Project Management
Incident response
Languages
French
Native
English
Fluent
Certification
Certified Information Privacy Professional (CIPP/E) Certified Information Privacy Professional (CIPP/E)
IAPP - June 2022
OneTrust Certified Privacy Professional
OneTrust - March 2020
Affiliations
- Reading
- Yoga
- Swimming
- Photography (argentic and digital)
Timeline
Group Data Protection Officer
PayFit
06.2024 - Current
Senior legal counsel privacy
Sage
04.2021 - 05.2024
Legal Counsel Privacy
Sanofi
12.2019 - 04.2021
Junior Legal Counsel
Pfizer
01.2018 - 09.2019
Master Degree - European Business Law
Université Paris Nanterre
Master (First year) - European law
Université Paris 1 Panthéon-Sorbonne
Licence - Politics
Université de Namur
Licence Degree / Bachelor - Law
Université de Montpellier
Similar Profiles
JULIEN POUZERGUEJULIEN POUZERGUE
Account Executive at PayFitAccount Executive at PayFit
Daphné LaisnéDaphné Laisné
CONSEILLERE RELATION CLIENT at IZI CONFORTCONSEILLERE RELATION CLIENT at IZI CONFORT
Claire MercadielClaire Mercadiel
Responsable Exploitation Sûreté Sécurité du Siège at NAResponsable Exploitation Sûreté Sécurité du Siège at NA
ERIC PERNOTERIC PERNOT
Family carer at Family MembersFamily carer at Family Members
TOBECHUKWU OTUOKERE.TOBECHUKWU OTUOKERE.
Group Data Protection Officer at Reddington MultiSpecialist HospitalGroup Data Protection Officer at Reddington MultiSpecialist Hospital