Data Privacy and Protection Manager

Job description / Role

Design and Develop
• Understand the organization and environment and then Designs and Develops the overall Data Privacy and Protection Regulatory Framework.
• Establishes, advises, and coordinates Client’s Data Privacy & Protection compliance framework.
• Designs, implements, and maintains an adequate integrated incident response and data breach notification procedure as required in line with Client’s policies, standards, and procedures.
• Develops, coordinates and provides guidance, assessments, training, and monitoring of the compliance and Data Privacy/Protection control environments within the business units.
• Develops and implements Data Classification Standards in line with internal policies and global frameworks by working with and managing senior stakeholders.
• Work with the business, including product and technology teams, to design innovative privacy solutions as part of pragmatic advice and conducting Privacy Impact Assessments.
• Develop and lead training and awareness sessions with the business to promote a culture of privacy and advise business and sector leads to understand how privacy requirements affect their area.
• Develops and implements the integrated Trusted Authenticated Identities and Privacy framework by working with other stakeholders.
• Identifies roles for citizens, processes, and technologies required for trusted identification, authentication, and authorization within the Trusted Identity Ecosystem.
• Develops a Trust Framework that defines the rights and responsibilities of Client’s staff in the Identity Ecosystem.
Implement, Operate and Manage
• Supports the Compliance, Legal, Data Governance, Physical Security and Cyber Security Teams, respectively, in strengthening Client’s compliance and data privacy and protection efforts.
• Monitors and communicates relevant developments globally and more specifically in the region relating to Data Privacy and Protection.
• Leads the design, creation, coordination, and implementation of policies, procedures, and training addressing Data Privacy and Data Protection issues in Client’s while serving on and supported by the Cyber Security team.
• Provides guidance and negotiates data provisions contained in advertising, marketing, and commercial agreements, including data rights agreements, data protection agreements, and data provisions.
• Assists compliance and legal team members on advising senior leadership on data policy issues and in connection with compliance matters for data and privacy laws and regulations, including GDPR, the California Consumer Privacy Act, and other data protection, data retention, data security, and data breach regulations.
• Develops and performs project-based, privacy-related impact assessments and audits cross-functionally on an adhoc basis and periodically to ensure high compliance to global Data Privacy and Protection requirements within Client.
• Review and analyze new products and services, including online and mobile applications, for compliance with applicable privacy laws.
• Create dashboard views to critical Data Privacy and Protection risk metrics to drive alerts, progress and continuous improvement.
• Works with internal Departments and stakeholders to ensure that Client’s internal staff, its Customers and third parties are all covered within the Data Privacy and Protection standards.
• Works with other entities to understand their solutions and key projects to evaluate and monitor data privacy and protection compliance, paying attention to details, while understanding the big picture
• Manages other duties as assigned related to Data Privacy and Protection by Identifying and executing against key milestones in a fast-paced, team-oriented environment.
• Collaborate with relevant business stakeholders on continuous improvement initiatives designed to improve the performance and maturity of Client’s privacy program
• Foster partnerships with the business as a Data Privacy and Protection trusted advisor and subject matter expert
• Maintain knowledge of applicable privacy laws, regulations, standards, and advancements in technologies
• Manage and take ownership of privacy incidents to completion.
• Support and conduct Issue Response Management and complaint handling for privacy issues, deviations and non-compliance within area of responsibility.
• Acts as point of contact with data subjects, supervisory authorities and internal teams
• Identifies and evaluates Client’s data processing activities
• Provides advice and conducts Data Protection Impact Assessments (DPIAs) and Data Inventorization
• Monitors data management procedures and compliance within Client’s
• Participates in meetings with managers to ensure privacy by design at all levels
• Maintains records of processing operations
• Ensures Client’s addresses all queries from data subjects within legal timeframes (e.g. delete their information from databases)
• Liaises with other organizations that process data on Client’s behalf
• Writes and updates detailed guides on data protection policies
• Performs privacy audits and determines whether we need to alter Client’s procedures to comply with regulations
• Offers consultation on how to deal with privacy breaches
• Follow up with changes in law and issue recommendations to ensure compliance
• Provide oversights and SME input to the design, build and implementation of technology tools that support the Information Classification and Protection strategy, objectives and operational requirements.
• Develops Data Classification Standards for Client’s
• Develop DLP incident management and escalation workflows
• Develop employee communication strategies and security awareness training
• Conduct Data Classification DLP tool training with staff and others
• Develop DLP policy
• Document DLP processes and procedures
• Strategize incident retention
• Develop methods for risk reduction (reports and dashboards)
• Monitor and tune program process
• Owns and manages Data Classification and DLP tool configuration, ensuring appropriate governance and change control arrangements are operating across the business.
• Knowledge and experience of establishing and running monthly information protection technology boards, acts at chairperson.