Saswati Soumya Sahu is a Partner at ANB Legal and the Founder of the Law Offices of Saswati Soumya Sahu. With a practice focused on data protection, AI governance, and the regulation of emerging technologies, she advises clients on complex compliance, technology contracts, and cross border privacy frameworks. In this interview, she reflects on her journey from early legal influences to building an independent practice, navigating high stakes technology matters, and pursuing dual qualification, while also sharing how structured upskilling through LawSikho supported her professional transition and contributed to shaping future ready legal strategies at the intersection of law, innovation, and public policy.
This interview has been published by Anshi Mudgal and The SuperLawyer Team
Before your legal career took shape, what were the instances that first drew you to the field of law?
My journey into law began during my school years in Odisha, where I worked closely with remote villages to understand their grievances regarding water quality as a child scientist. Pursuing BBA LLB at Symbiosis Law School deepened this, as moot courts and research papers exposed me to tech-law intersections like cyber privacy, blending my science background with legal rigor. These experiences shifted my focus from pure business to law as a tool for ethical tech innovation. Early internships at Odisha Human Rights Commission and other corporates revealed how contracts safeguard ideas, solidifying my commitment. Family encouragement, seeing law as empowerment in a changing India, propelled me forward. Ultimately, law’s blend of intellect, ethics, and impact on society drew me in irresistibly.
In the initial phases of your career what were the experiences or pivotal moments that helped shape your career trajectory and laid foundation to your specialisation?
Post-graduation, my first role at DSK Legal involved due diligence for fintech mergers, exposing me to data-heavy contracts amid India’s digital boom. A turning point was advising a health-tech startup on HIPAA-like compliance during COVID, where I drafted their first policy, highlighting gaps in Indian law that sparked my privacy specialization. Mentoring juniors at ANB Legal built my tech-law acumen, as we navigated IP disputes. Pivotal was a client consulting project, handling global patient data flows, which fused health-tech with GDPR principles. These honed my drafting skills for shareholder agreements and cease-and-desist notices. Publications in leading newspapers on DPDP Act early drafts cemented my niche. Each experience layered practical expertise onto theory, steering me toward AI governance and cross-border privacy.
What was that turning point when you felt ready to build your own independent practice?
The turning point arrived in 2022 after leading a high-stake transaction, where I single-handedly structured privacy warranties saving the client millions in liabilities. Exhausted by firm hierarchies limiting my client vision, I realized my 7+ years across law firms and startup consulting equipped me for independence. A key trigger was turning down a general counsel offer to pursue NCA qualification, freeing me to blend Indian and Canadian expertise. Mentoring at IDIA and judging competitions built my personal brand, with inbound queries overwhelming my bandwidth. Launching Adtech Law Ace blog and Linkedin insights on AI ethics generated freelance leads, confirming market demand. At 30, with a Symbiosis network and fintech certification, I felt primed to scale impact on my terms, prioritizing tech startups underserved by traditional firms.
In your early days in independent practice, who was your first significant client, and what stayed with you from that experience?
My first significant client was a US-based startup scaling social network services amid DPDP Act rollout. They approached me via LinkedIn after my post on cross-border data transfers. I drafted their comprehensive privacy policy, vendor agreements, and AI consent frameworks, ensuring HIPAA-GDPR alignment. The project spanned 3 months, involving iterative audits that uncovered legacy data risks. What stayed was their trust, founders credited my work for securing funding without compliance hiccups. It taught resilience; late-night revisions amid tight deadlines mirrored startup chaos. Most enduring was the human element: protecting patient data ethically fuelled my purpose. This win validated solo practice, spawning referrals and reinforcing client-centric drafting over billable hours.
What was the moment that pushed you to look beyond the traditional path and work toward becoming dual-qualified in India and Canada?
A 2022 cross-border dispute at one of my clients’ involving Canadian patient data flows violating PIPEDA, exposed India’s regulatory silos against global norms. Advising on remediation, I saw dual qualification as essential for seamless India-Canada tech bridges, especially post my tech law diploma. A personal nudge came from a Symbiosis alum in Toronto sharing NCA success stories, amid my growing clients with North American ties. Canada’s progressive AI laws contrasted India’s evolving DPDP, pushing me beyond my limits. Gigs from Canadian startups sealed it. Preparing via LawSikho, I envisioned serving diaspora firms. This pivot transformed challenges into a competitive edge, enabling holistic privacy advisory across jurisdictions.
How did LawSikho support your transition and growth when you were preparing for your NCA qualification?
LawSikho was my anchor during NCA prep, offering structured courses that mapped Indian expertise to Canadian syllabi. Their live mentorship sessions dissected core subjects via practical hypotheticals and self practice exams mirroring the examination pattern and expectation. Access to recorded lectures and doubt-clearing forums fit my schedule, letting me study post-client calls. Notably, their NCA-specific bootcamp simulated exams, boosting my pass confidence. Networking connected me to dual-qualified mentors for strategy tips. Post-clearance, their freelancing team refined my pitches, landing Canadian compliance gigs. LawSikho’s blend of rigor, community, and applicability accelerated my transition from specialist to global practitioner.
Clearing the NCA exam is a major milestone. As your work evolved, what helped you refine your approach and build consistency and quality in your professional identity?
Post-NCA, consistency stemmed from a ritual: weekly deep dives into judgments on privacy, applying them to client briefs. Refining quality involved templates for privacy impact assessments, iterated from consultancy projects’ learnings, ensuring precision across 50+ matters. Linkedin posts recapping AI rules built my voice, garnering 5K+ views and feedback loops. Starting Pune Legal Hackers fostered peer reviews, sharpening cross-border arguments. Certifications in AI Ethics from University of Finland and Fintech Law from LawSikho standardized my deliverables. Quarterly audits of past work maintained excellence. This disciplined evolution crafted a reliable identity: the go-to for tech-privacy fusion, blending empathy with expertise.
What has been one of the most challenging matters you handled across your diverse technology and privacy practice, and how did you navigate it?
The toughest was a 2024 data breach for a Mumbai fintech, exposing 100K user profiles amid IT Rules scrutiny, risking fines. Clients panicked over multi-jurisdictional fallout (GDPR, CCPA echoes). I navigated by leading a 48-hour war room: forensic audit, drafting breach notifications, and cease-and-desist to vendors. Collaborated with ethical hackers for root-cause analysis, then restructured data flows with pseudonymization. Key was stakeholder alignment, weekly updates calmed investors. Precedents guided defenses. Outcome: zero penalties, fortified policies. It honed crisis mode, emphasizing proactive governance over reactive fixes.
How do you envision the future of your practice as technology, AI Governance, and global privacy laws continue to evolve?
My practice will pivot to AI governance hubs, advising on India’s anticipated Digital India Act alongside EU AI Act harmonization for startups. Expect explosive demand in health-adtech for bias audits and explainable AI contracts. I’ll expand to dual-qualified mediation for cross-border disputes, leveraging NCA edge. Vision includes mentoring via webinars on DPDP 2.0. Tech integration like AI-drafted clauses (with human oversight) will streamline services. Global collaborations with Canadian firms for Indo-Pacific data pacts. Ultimately, shaping ethical tech-law policy through thought leadership, ensuring innovation thrives compliantly. The future is borderless, niche-dominant practice.
Many young lawyers aspire to build a global career. What simple, honest advice would you share about staying consistent and growing in the legal field?
Start a niche early, pick one like privacy or AI, master it via 100 drafts before diversifying. Consistency trumps talent. Block 2 hours daily for upskilling (judgments, certifications) despite chaos. Build LinkedIn relentlessly, post weekly insights, comment thoughtfully, aim for 500 targeted connections yearly. Seek discomfort: freelance first, cold-pitch 10 founders weekly, learn from rejections. Network beyond law, tech meetups yield clients. Track wins in a journal for pitches; quantify impact always. Rest and recharge, burnout kills trajectories. Honest truth: global careers demand grit over glamour, persist 5 years, rewards compound. You’re your best investment, own it unapologetically.
Get in touch with Saswati Soumya Sahu –
