We are looking for a Data Protection Officer (DPO) to ensure NIUM is compliant with the General Data Protection Regulation (GDPR.)
Reporting into our CISO, Data Protection Officer responsibilities include advising on our compliance with GDPR and local data protection laws, monitoring our adherence to GDPR standards and acting as a point of contact with supervisory authorities and data subjects. You will also create policies that enforce compliance with legislation and deliver GDPR training to our staff to increase awareness of data protection measures.
To be successful in this role, you should have in-depth knowledge of GDPR and local data protection laws and be familiar with our industry and the nature of its data processing activities. You should also know how to perform audits to our current procedures.
Ultimately, you will facilitate GDPR compliance through transparent data protection policies, systems and procedures.
Responsibilities
- Act as point of contact with EU residents, supervisory authorities and internal teams.
- Identify and evaluate the company’s data processing activities.
- Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs).
- Monitor data management procedures and compliance within the company.
- Participate in meetings with managers to ensure privacy by design at all levels.
- Maintain records of processing operations.
- Ensure we address all queries from data subjects within legal timeframes (e.g. delete their information from our databases).
- Liaise with other organisations that process data on our behalf.
- Write and update detailed guides on data protection policies.
- Perform audits and determine whether we need to alter our procedures to comply with regulations.
- Offer consultation on how to deal with privacy breaches.
- Arrange for training on GDPR compliance for employees.
- Follow up with changes in law and issue recommendations to ensure compliance.
Requirements
- 10+ years experience in data protection and legal compliance.
- Solid knowledge of GDPR and national data protection laws.
- Knowledge of data processing operations in the company’s sector is preferable.
- Familiarity with computer security systems and the management of confidential information.
- Ethical, with the ability to remain impartial and report all non-compliances.
- Excellent organisational skills and attention to detail.
- Knowledge of global data protection policy e.g CCPA would be beneficial but not required.