About this site

I'm Devika Subbaiah — a privacy and AI governance professional who has spent years figuring out what compliance actually looks like when you move beyond the framework and into the real work.

I specialise in privacy operations — helping organisations build programs that don't just tick boxes but actually function. My work spans GDPR, India's DPDPA 2023, the EU AI Act, Privacy Operations in real world, AI governance implementation and the messy, unglamorous reality of implementing all of these at once inside a real business.

Most privacy content online is written for lawyers or auditors. This site is for the people who have to actually build something — Privacy Managers, GRC leads, legal ops teams, and anyone responsible for making compliance and AI work in practice.

Here you'll find long-form explainers, honest takes on regulation, and practical frameworks you can actually use — drawn from real program-building experience, not theory.

No consultant-speak. No recycled compliance checklists. Just the stuff that actually matters.

If that sounds useful, subscribe below. You'll hear from me when I have something worth saying.

Access all areas

By signing up, you'll get access to the full archive of everything that's been published before and everything that's still to come. Your very own private library.

Fresh content, delivered

Stay up to date with new content sent straight to your inbox! No more worrying about whether you missed something because of a pesky algorithm or news feed.

Meet people like you

Join a community of other subscribers who share the same interests.

Start your own thing

Enjoying the experience? Get started for free and set up your very own subscription business using Ghost, the same platform that powers this website.