Roxana Niculescu

I've spent the last decade making compliance work in the real world — not just on paper. That means sitting in rooms with engineers, product managers, and executives and translating "what does GDPR actually require here" into something they can act on. It means building privacy programs from scratch, running them across multiple jurisdictions simultaneously, and training over 1,000 professionals along the way. My background spans fintech, crypto, banking, SaaS, and consultancy. I've been a DPO, a VP, a founder, and a certified trainer. What stays constant is the approach: understand the regulation deeply, understand the business equally well, and find the path that protects both. Right now I'm Senior DPO at Bitvavo in Amsterdam, owning the end-to-end privacy programme in one of Europe's leading crypto exchanges — a heavily regulated, fast-moving environment where the regulatory landscape changes faster than most compliance teams can keep up. What I work with day-to-day: → GDPR, EU AI Act, UK GDPR. → DPIAs, LIAs, RoPA, TIAs, DSARs, breach management, RoPA. → Third-party due diligence, vendor risk, DPA negotiation → Regulatory engagement (AP, supervisory authorities) → Compliance training design and delivery I'm also CIPM certified (IAPP) and a certified trainer — which means I don't just build frameworks, I build the capability in teams to actually use them. If you're building a compliance function, scaling a privacy program, or just need someone who can make sense of the regulatory noise — let's talk.