Log In
Sign Up
Job Description
As the Head of Data Privacy, you play a crucial role in ensuring the organization’s compliance with privacy regulations, protecting individuals’ personal information, and building trust with customers and stakeholders. You are responsible for developing and implementing privacy policies, managing privacy risks, and fostering a privacy-conscious culture across the organization.
KEY ACCOUNTABILITIES:
Data Privacy Strategy and Planning: Developing and implementing pragmatic short/medium and long term data privacy strategies aligned with GEMS’s goals and more importantly maturity.
Policy and Compliance: Developing, implementing, and maintaining privacy policies, standards, privacy notices and procedures to comply with applicable privacy regulations.
Privacy Impact Assessments: Conducting data protection impact assessments (DPIAs) to identify privacy risks and recommend measures to mitigate those risks. Ensuring privacy considerations are incorporated into new projects, systems, and processes.
Privacy by Design: Promoting privacy by design principles throughout the organization. Collaborating with product development, IT, and other teams to embed privacy controls and considerations into systems, processes, and projects from the outset.
Privacy Audits and Assessments: Conducting privacy audits and assessments to evaluate compliance with privacy regulations and internal policies. Identifying gaps or weaknesses and recommending remediation actions to ensure ongoing compliance.
Data Subject Rights: a. Managing processes to handle data subject rights requests, including rights to access, rectify, erase, restrict processing, data portability, and object to processing.
b. Oversight over parents complaints related to data privacy of children
c. Ensuring requests are handled promptly, accurately, and in compliance with privacy regulations
Regulatory touch point: Serve as point of contact for data protection matters within the organization and act as a liaison with regulatory authorities regarding data protection issues.
Privacy Incident Management: Establishing incident response processes and procedures to handle privacy breaches or incidents. This needs to happen with wider collaboration across CISO/IT areas.
Privacy Governance: Embed privacy governance on newly setup data governance chain of command and in the stage gate delivery processes.
Data Privacy Training and Awareness: Developing and delivering privacy training programs to educate employees on privacy policies, best practices, and their roles and responsibilities in protecting personal information. Raising privacy awareness across the organization. This needs to be embedded as part of wider Data Transformation initiative
Expected Qualifications:
Masters or Bachelors Degree from a reputed university in relevant subjects
Expected Experience:
Minimum of 10 years industry experience working in a data/information and privacy environment
Job-Specific Knowledge & Skills:
3 Years experience in a Data Protection lead role. Experience of managing a small data privacy delivery function
In-depth knowledge of data protection laws and regulations, such as PDPL/GDPR, and a strong understanding of privacy principles and best practices.
Experience in developing and implementing data protection policies, procedures, and strategies within an organization.
Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
Be able to confidently liaise with Stakeholders.
Excellent organizational, verbal, and written communication skills
