Sonia Cheng leads the EMEA Information Governance Privacy & Security (IGPS) practice and is a world-renowned expert in Information Governance and GDPR, handling high-stakes regulatory challenges with data at their heart. Throughout her distinguished career of over 22 years, she has led hundreds of engagements with Global 500 firms with a focus on financial services, insurance, healthcare and life sciences.
Ms. Cheng’s diverse, hands-on experience enables her to solve clients’ most pressing challenges at the intersection of data and regulation. Her domain expertise and extensive stakeholder management, technology and change management experience enables her to successfully navigate highly complex matters. She previously led the European Information Governance practice at IBM, holding senior leadership roles in global services, product management and business development for legal, retention, privacy and analytics solutions. During her tenure at IBM, Sonia was the co-inventor and holds a patent in IT Storage optimisation.
Prior to IBM, Ms. Cheng led professional services at PSS Systems and technology consulting roles at Wells Fargo, Citigroup and Morgan Stanley. Sonia was also a co-founder of a Silicon Valley based technology non-profit organization which provided technology transformation services to NGOs. She is a frequent speaker and published thought leader and has been featured as a Who’s Who Legal Top Expert in Information Governance and Privacy in 2019 and 2020.
- Led complex EU/US breach response for consumer firm involving system output of nearly 800 million lines of fragmented system output. She led a team to rapidly identify the most sensitive sources of personal data, support breach notification in a phased approach to meet regulatory requirements.
- Led high profile breach response for technology firm requiring in depth analysis, identification of data subjects, categories of personal and sensitive personal data in accordance to the GDPR and US notification laws. Developed methodology to apply machine learning & analytics to accelerate response.
- Led the segment’s largest complex EU merger investigation involving identification and remediation of commercially sensitive data. Conducted rapid enterprise-wide data mapping initiative. Developed and implemented defensible methodologies to address legal requirements; Designed O365 classification solution for 200TB+ data in email, fileserver and SharePoint.
Executive Education, London Business School Leadership Programme
Certified Data Privacy Solutions Engineer (CDPSE), ISACA
OneTrust Certified Professional (OTCP)
Exterro Certified Professional
B.S., Operations Research and Industrial Engineering, Cornell University
T: +44 20 3727 1783
London EC1A 4HD