Privacy-Ops

I Work in Privacy. But Most of My Job Isn’t About Compliance.

Devika

03 Apr 2026 — 1 min read

When people hear “privacy,” they usually think of:

Policies.
Consent.
Regulations.
Checklists.

And for a long time, I did too.

But the more I’ve worked closely with products and teams,
the more I’ve realised:

Privacy work doesn’t really start with compliance.

It starts with questions.

Questions like:

Should we collect this data at all?

What happens if this feature is misused?

Would a user actually expect this?

Are we solving a problem… or creating a new one?

There’s no template for these.

No clear right or wrong.

Just trade-offs.

And that’s the part of privacy that doesn’t get talked about enough.

Because it’s not as clean as frameworks or regulations.

It’s messy. Context-driven.
And deeply tied to how products are built.

Over time, I’ve found myself spending less time asking:

“Are we compliant?” …and more time asking:

“Are we comfortable with this decision?”

That shift changes how you approach everything:

Conversations with product teams
Risk discussions
Even how you interpret regulations

This space — where privacy meets real-world decisions —
is what I find most interesting.

And probably what I’ll be writing more about here.

The Tool That Predates Every Privacy Law — and May Just Outlive Them All

A story about engineers, regulators, and a humble diagram that keeps showing up at the right time. It's the 1970s. There are no privacy laws. No GDPR. No data protection authorities. No DPIAs. The word "compliance" isn't keeping anyone up at night. But in

Your GDPR programme is your DPDPA head start. But only if you know which parts to carry forward

Every DPDPA playbook I have seen starts at zero. Gap assessments built as if the organisation never heard of privacy. Policy templates drafted as if consent frameworks don't already exist. Implementation timelines that completely ignore the three years of GDPR muscle the organisation spent building. I understand why.

"Same thing, different name." — The myth that's quietly breaking DPDPA implementations.

Built for privacy professionals who live inside the frameworks, not just around them. Practical analysis on GDPR, India's DPDPA, cross-jurisdictional compliance, and the operational layer most legal blogs skip.

Your RoPA is not a spreadsheet. It's the backbone of your entire privacy program

Let me tell you what most RoPA guides won't. They'll tell you what goes in a Record of Processing Activities. They'll list the fields. They'll show you a template. And then they'll leave you alone with a blank spreadsheet, a

Questions like:

Read more

The Tool That Predates Every Privacy Law — and May Just Outlive Them All

Your GDPR programme is your DPDPA head start. But only if you know which parts to carry forward

"Same thing, different name." — The myth that's quietly breaking DPDPA implementations.

Your RoPA is not a spreadsheet. It's the backbone of your entire privacy program