Data Protection Officer

Got a head full of ideas?

Good.

We are looking for a reliable Data Protection Officer to join our Technical Compliance team.

Responsibilities

The General Data Protection Regulation (GDPR) has established the concept of a Data Protection Officer (DPO) in Europe.

The Data Protection Officer (DPO) will be involved in all issues which relate to the protection of personal data and will have the independence to fulfil statutory responsibilities.

Therefore, the new DPO’s responsibilities will be:

  • Monitors compliance with the GDPR and applicable Data Protection laws for EM group, in different jurisdictions.
  • Monitor compliance of the organization with all legislation in relation to data protection, including in audits, awareness-raising activities as well as training of staff involved in processing operations.
  • Conducts Data Protection Impact Assessment (DPIA) risk analysis for EM group.
  • Handles all data subject access requests.
  • Records all our Data processing activities and updates them regularly, having in mind all group operations and development.
  • Contact point for all internal and external Data Protection requests (such as DD forms, RFPs for new leads, info for drafting of DP contract appendices).
  • Review and draft data protection clauses in client service agreements, non-disclosure agreements, and data controller and processor agreements with clients and suppliers.
  • Keep up to date your expert knowledge of GDPR, LGPD, and other upcoming privacy regulations, including guidance issued by supervisory authorities and relevant legal decisions that may impact our processing of personal data.
  • Act as point of contact with supervisory authorities, clients, suppliers and internal teams on data protection matters.
  • Identify and evaluate the company’s data processing activities and maintain records of processing operations.
  • Monitor data management procedures and compliance within the company.
  • Draft new and amend existing data protection policies, audit, procedures, processes and guidelines, where required, in consultation with key stakeholders to ensure organizational compliance.
  • Perform audits and determine whether the company needs to alter its internal procedures to comply with regulations.
  • Liaise with other organizations that process data on the company’s behalf.
  • Prepare and maintains (or ensures maintenance of) data protection related documentation, including records of personal data processing, Data Protection Impact Assessments (DPIAs), data incident/breach record; and conducts periodic compliance assessments of these.
  • Work together with IT, information security, human resources, sales, legal, marketing, and other business units as well as participates in meetings with managers as is relevant to ensure incorporation of a privacy by design approach into data processing procedures.
  • Handle complaints or requests by the institutions, the data controller, data subjects within legal timeframes, and/or introduce improvements on his/ her own initiative.
  • Offer consultation on how to deal with privacy breaches.
  • Give advice and recommendations to the company about the interpretation or application of the data protection rules and follow up with changes in law.
  • Approve the standard data processing agreements and assist the legal team in reviewing the third party data agreements to ensure that they are compliant with relevant data protection legislation and regulation.
  • Develop and maintain policies, standards, playbooks and standard operating procedures that support global privacy and data protection compliance requirements within the group.
  • Arrange for training on GDPR compliance for employees.

Requirements

  • At least 2 years’ experience in a similar DPO role (must have).
  • Background and expertise in legal, data compliance, data protection audit or IT security.
  • Expert knowledge of data protection law and practices (must have).
  • Working knowledge and demonstrated experience with complex regulatory. frameworks/requirements in terms of Data Protection and ISMS.
  • Understanding of IT systems and their connection to data collection and processing.
  • Experience in organizing and managing audits (internal auditor skills, external audits management skills).
  • Experience with implementation of data protection processes and internal policies.
  • General knowledge of information security: infrastructure security, application security.
  • Other regulatory requirements such as PCI and experience with standards work in security, such as ISO.
  • Integrity and high professional ethics.
  • Organizational skills with attention to detail.
  • Ability to handle confidential information.
  • Strong judgment, confident to make independent decisions and the ability to engender trust as well as ethical, with the ability to remain impartial and report all non-compliances.
  • Capacity to organize and prioritize.
  • Exceptional communication skills and ability to interact with all stakeholders, executives, employees, and clients.
  • Dynamic personality.
  • Independent and self-managing.
  • Identity and Access Management knowledge – nice to have.
  • Bachelor’s degree in technical studies – nice to have.
  • CISSP Certification – nice to have.
  • CIPP/E and/or CIPM certificate – nice to have.
Apply for this job now! HR team will never use any personal information it receives from you for any purpose beyond recruitment, employment or reference checks, and strongly believes in the importance of keeping the personal information private.

Benefits

  • Health Insurance.

  • Daily catered lunch.

  • Fruit day.

  • Massage at work.

  • Gym membership.

  • Weekly incentives.

  • Ever-growing online library.

  • Internal & external training.

  • We hold team-building activities and office parties throughout the year.

  • Flexible schedule.

  • A fun entertainment corner.