Job Title: Data Privacy Specialist
Job Purpose:
The purpose of this role is to assist in implementing the Data Protection and Privacy Programme, ensuring compliance with relevant laws and regulations, and promoting a culture of data privacy and protection within the organization.
Key Result Areas:
1. Assist in Formulating the Data Protection and Privacy Compliance Framework for EKFC across various regions, entities, and operations to identify and rectify gaps and risks within the continuously developing privacy management system.
2. Design, update, and manage company policies to ensure compliance with relevant data privacy laws and regulations.
3. Provide advice and guidance to management and employees on data protection matters to ensure informed decision-making and adherence to privacy standards.
4. Identify critical business processes within EKFC In line with ROPA Process (Record of Process Activities), conduct data protection impact assessments (DPIAs) and support in mitigating identified data protection risks.
5. Assess and monitor data protection and privacy practices of third-party vendors by conducting third-party privacy risk assessments and draft, negotiate, and review commercial agreements containing protected information.
6. Manage and respond to data subject requests for access, rectification, erasure, and restriction of their personal data while maintaining a register of data requests to ensure timely and accurate processing.
7. Maintain records of all data processing activities and implement the data breach management plan, including reporting data breaches to regulatory authorities and liaising with data protection authorities when necessary.
8. Collaborate with internal business functions to identify and implement organizational and technical safeguards to protect personal data and serve as a privacy advisor to all EKFC employees.
9. Organize and deliver data protection and privacy training and awareness programs for employees to ensure they understand their responsibilities regarding privacy and data protection.
10. Conduct regular audits and assessments to evaluate the effectiveness of data protection measures, stay abreast of regulatory developments and evolving best practices in compliance control, and prepare reports for Senior Management and external regulatory bodies as appropriate.
Job Context:
This role navigates complex regulatory landscapes and ensuring compliance with international and local data privacy laws. This position requires collaboration across various business functions and external partners to implement robust data protection measures and foster a culture of privacy awareness within the Company.
Knowledge, Skills & Minimum Experience:
Education Qualification:
Bachelor*s degree in Business Administration, Computer Science, Law or related fields.
Master*s degree in IT or Information Security *' (Preferred)
Certified International Privacy Professional/Europe by IAPP (CIPP/E)
Work Experience:
Minimum 5 years working in governance, risk, compliance and cyber security with extensive exposure to privacy implementation across industries and geo-locations.
Implementation experience of privacy tools such as OneTrust, Securiti etc. *' (Preferred)
Skills:
Excellent communication skills with the ability to explain sensitive or complex issues effectively.
High level of attention to detail/accuracy.
Ability to create and drive processes.
Excellent verbal and written command of the English language.
Ability to work both independently and in a collaborative team setting.
