AMANDA N. GRIGOROPOULOU

• University of Essex, Masters in Law (L.L.M.), specialized in European Banking and Syndicated Loans (1997).
• National and Kapodistrian University of Athens, Law School, Law Degree (LL.B.) 1996.

Designed and delivered classroom and e-learning training programs (certified trainer):

• Nomiki Bibliothiki: Regulatory compliance for credit servicers and credit purchasers, as transposed into national law 5072/2023 from the EU Directive 2021/2167.
• Counter fraud practices, detection methods and control enhancement techniques for a major Greek systemic Bank and its Group subsidiaries.
• Information and cyber security awareness program for a major Greek systemic Bank.
• Personal data protection training program and regular privacy and security awareness raising campaigns, for a major Group of companies in debt servicing.
• Internal audit and corporate governance frameworks and methodologies for major retailers and financial institutions.

• The Data Conference (BOUSSIAS), current challenges faced by DPOs (2023).
• Data Protection & Privacy Law Forum: Digital justice during the pandemic of Covid-19 (2021)

• Syndicated Loans – a new frame for corporate financing in UK and European Markets (Master Thesis in the framework of Postgraduate Studies Program in European Union Law, 1997).

• Served as Data Protection Officer in major financial institutions, having developed, implemented and maintained an accountability based privacy compliance framework, from governance, roles and procedures to systems, controls and methodologies. Provided comprehensive and pragmatic advisory to business, focusing on the design of innovative and compliant business initiatives and systems, as per privacy, digital and regulatory obligations dictated by relevant authorities (Data Protection, Bank of Greece). Liaised with affiliates and stakeholders globally and cross-functionally ensuring compliance requirements are homogenously and timely implemented. Co-developed the Privacy Code of Conduct for Hellenic Banking Association. Chaired the Data Protection Committee of the Hellenic Loan Servicers’ Association, co-developed the Corporate Governance Code for non-listed companies for Hellenic Capital Market Commission.
• Served as the Head of Digital Regulatory Compliance for a major systemic Bank, establishing and maintaining Bank’s compliance with digital regulations (PSDII, PCIDSS, e-Privacy etc.), managing complex projects undergoing digital transformation, and monitoring the compliance of trading partners with security and privacy regulatory requirements. Experience in managing data breaches and security incidents, investigating root causes and recommending remediating measures.
• Served as a Forensic Audit Manager for a major systemic Bank leading financial crime investigations, quantum of damages, forensic valuations and court testimonies. Developed automated monitoring and assessment mechanisms to assess personnel compliance with internal codes and policies, as well as with banking regulations. Coordinated financial crime investigation activities in foreign subsidiaries to ensure the adoption of Group’s methodology, procedures, policies, and alignment to Group’s strategic goals.
• Served as an Internal Audit professional for major consulting firms in Greece and in the UK, providing various assurance and advisory services for major financial institutions, retailers, manufacturers (internal audit, business improvement, corporate governance). Provided a broad range of internal audit services (co-sourcing or outsourcing) from the preparation of detailed audit plan through to reporting to the Audit Committees.

• DPO Executive- Data Protection Officer (ISO/IEC 17024), ΤÜV AUSTRIA HELLAS- DPO ACADEMY, 2017
• Certified Internal Auditor (CIA), Institute of Internal Auditors (IIA), 2004
• Certified in Risk Management Assurance (CRMA), Institute of Internal Auditors (IIA), 2008

Greek, English, French, German

IT and Digital Law, Personal Data Protection Law, Banking Law, Corporate Governance, Financial Crime Law (anti-corruption, anti-bribery, fraud), European Union Law