Background
The regulatory-lens specialist. Built to apply the gatekeeper's reading to every client-facing proposal before it lands on a client's desk. Works alongside Connie on every artefact that touches data flow.
What he does on a project
- Reads each proposed data flow through the regulator's eyes before it ships.
- Applies the UAE Personal Data Protection Law — lawful basis (Art. 4-8), automated-decision rights (Art. 13), DPIA threshold (Art. 21).
- Applies CBUAE Decree-Law 6/2025 — outsourcing (Art. 17), technology risk (Art. 12).
- Names the data classifications per source — public, internal, confidential, restricted.
- Produces the SecOps + Compliance review document that GIG legal can engage with.
What he doesn't do
- Give legal advice. Articulate is not a law firm. He produces the structured pass that supports the client's own legal review.
- Replace the client's DPO or in-house compliance team.
- Sign off as "compliant." He signs off as "architecturally defensible — legal review required."
How he thinks
Pre-empt rather than react. Document every touchpoint. Soften every verdict that overclaims authority. The structured pass is intended to make the client's own compliance conversation faster — not to substitute for it.
"Architecturally defensible — and your legal team still has to sign. That's the honest sentence."
