Dafina Buçaj is an experienced privacy attorney with a broad background in data privacy, cybersecurity, and public policy.
At Octillo, Dafina counsels and advises clients on the development and implementation of enterprise-wide data security and privacy programs and regulatory compliance under federal, state, and international privacy regulations. A large portion of her practice is dedicated to helping global organizations create right-sized data security and privacy programs to address compliance with numerous global regulations, including the GDPR, PIPIEDA, CASL, POPIA, LGDP, PIPL and other emerging privacy and security laws.
Dafina also reviews existing data security and privacy protocols, working with clients to mitigate legal risk by identifying vulnerabilities and implementing procedures and controls using practical, cost-effective solutions.
The scope of Dafina’s practice includes data privacy and security regulatory assessments, information privacy and security protocols and policies, external policies, data collection, vendor risk assessments, contract development and review, and threat mitigation plan development.
Prior to joining Octillo, Dafina served as Data Privacy and Security Manager for a major not-for-profit organization, where she spearheaded the development and implementation of a large-scale global privacy program, including a vendor risk management policy and procedures for cross-border data transfers, risk mitigation, and compliance with global privacy regulations. She has served in several prominent legal positions for the Government of Kosovo, including as legal Adviser to the Deputy Prime Minister and Minister of Justice and as a Legal Professional working with international organizations (OSCE, UNDP, USAID).
Dafina is currently pursuing a Doctor of Juridical Science (J.S.D.) degree from Loyola Law School with a focus in Cyber Law.
Dafina is a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional for the United States (CIPP/US) as certified by the International Association of Privacy Professionals (IAPP). She is fluent in English, French, and Albanian.