David Manek

David Manek leads data privacy, cybersecurity and artificial intelligence professionals dedicated to delivering complex compliance solutions for global corporations and their legal counsel. Mr. Manek specializes in the strategic oversight of large-scale, data-intensive regulatory change management initiatives, helping clients navigate the intersection of evolving privacy laws and operational business requirements.

At FTI Consulting, Mr. Manek is a preeminent advisor on the technical requirements of the California Consumer Privacy Act (“CCPA”), General Data Protection Regulation (“GDPR”), the EU AI Act and other emerging privacy and AI laws. He frequently serves as an outsourced Data Protection Officer (“DPO”) for multinational organizations. His expertise is particularly sought after in high-stakes regulatory matters, including California Attorney General investigations and complex litigation involving consumer privacy rights.

Mr. Manek’s technical proficiency encompasses the end-to-end data lifecycle. He has extensive experience in architecting large-scale data maps, developing defensible deletion programs and implementing “Privacy by Design” protocols that mitigate risk at the point of innovation. He is a specialist in data sharing strategies and designing target operating models for risk assessment processes such as privacy impact assessments.

Mr. Manek holds the CIPP/E and CIPM designations from the International Association of Certified Privacy Professionals (“IAPP”). He is a Certified AI Governance Professional (“AIGP”). Mr. Manek is highly proficient in leveraging the NIST Privacy Framework, the NIST AI Risk Management Framework and other specialized control frameworks to drive enterprise-wide compliance.

Relevant Experience:

• Led end to end data privacy assessments by mapping CCPA, GDPR and other regulatory requirements to the NIST Privacy Framework, producing risk based analyses and executive ready remediation roadmaps
• Designed and executed enterprise wide data inventory and mapping programs, enabling compliance with privacy rights response processes and operationalizing data lifecycle management across business units
• Developed scalable, risk aligned privacy impact assessment operating models — including intake triggers, workflow design and template creation — to streamline assessments across products, vendors and processes
• Directed comprehensive tracking technology assessments — identifying network transfers, analyzing pixels/cookies and producing actionable remediation recommendations aligned with regulatory expectations
• Led Responsible AI governance initiatives using frameworks such as NIST AI RMF and ISO 42001 to evaluate AI maturity, identify risks and design remediation roadmaps