Sonia Siddiqui, FIP



Senior Counsel, Global Data Privacy & Security

Sonia is a DC-based Manager in Grant Thornton’s Privacy and Data Protection practice. Sonia supports client needs in the development of privacy solutions based on their unique business needs.

Sonia has several years of experience assisting clients in various industries including telecommunications, healthcare, and technology. She has provided project management support and subject matter expertise on projects involving GDPR readiness assessments, implementation efforts, data inventorying, third party management, privacy governance and policy development.

Sonia has managed global teams to support privacy program implementation relating to GDPR, CCPA, GAPP, HIPAA and other regulatory privacy frameworks. She has advised C-suite, legal, marketing, sales, IT, and engineering teams on data strategy and customer, vendor, and employee privacy issues. Additionally, Sonia has worked closely with product counsels and key stakeholders to understand privacy requirements and communicate them across the enterprise to various teams, including product teams, system owners and engineers.

Sonia has extensive experience in GDPR and CCPA assessments and remediation activities including compliance reviews, strategy and governance, implementation roadmaps, PIA/DPIA development, application and system reviews, data inventory assessment, third party risk management, incident response plans, policy development, data mapping, and training and awareness development. Sonia regulatory participates in privacy events, conferences, and working groups to share her expertise on various privacy related issues.

Previously, Sonia was a consultant with the Center of Health and Homeland Security in Baltimore, MD. Her responsibilities included the development of policies designed to integrate privacy into business practices, and supported regulatory and financial reporting for various clients. Additionally, Sonia has worked with regional health centers to develop and manage their corporate privacy policies, advise on enterprise-wide projects designed to enhance HIPAA audit readiness, and conduct awareness and training workshops to enhance enterprise knowledge on privacy-related considerations.

She has a BA in Political Science from University of Maryland – Baltimore County, and a Juris Doctor from the University of Maryland. Sonia is a Certified Information Privacy Professional (CIPP/US).


Contributions by Sonia Siddiqui

  • Data Minimization: The holy grail of mitigating data privacy risks
    Speaker at Virtual Washington, DC KnowledgeNet: October 20, 2020
  • The Impact of the "Schrems II" Case on Privacy Shield and Data Transfers
    Speaker at Virtual Chicago KnowledgeNet: August 26, 2020
  • Speaker at IAPP Global Privacy Summit 2020 - Canceled
  • Understanding and Implementing International Data Transfers
    Speaker at Virtual Chicago KnowledgeNet: March 19, 2020
  • Final Days Before GDPR: What Else Can You Do?
    Speaker at Phoenix KnowledgeNet: March 22, 2018