Data Protection Executive officer - DataX - February 11, 2022
Responsibilities
Act as the primary point of contact within DATA X for members of staff, regulators, and any relevant public bodies on issues related to data protection, providing support as the Data Protection Officer across SCBX
Engage in regular dialog with regulators overseeing data privacy and data protection areas to understand current issues and concerns, and align DATA X’s data protection management program with regulatory needs
Develop and review a Data Protection Management Programme (DPMP) that covers policy, processes, and people for the handling of personal data at each stage of the data lifecycle
Enhance compliance processes based on an evaluation of gaps in DATA X’s business operations and data protection requirements, and clarify ethically questionable situations at various stages of data or information life cycle
Ensure that DATA X and all subsidiaries of SCBX’s policy is in accordance with Personal Data Protection Act ("PDPA") and codes of practice
Evaluate the existing data protection framework and identify areas of non or partial compliance and rectify any issues for DATA X and SCBX Subsidiaries
Coordinate, harmonize and present outcomes to SCBX’s Group Data Privacy Committee
Proactively conduct audits to ensure compliance and address potential issues
Provide expert advice and educate employees on important data protection compliance requirements (e.g. development of new data services)
Devise training plans and provide data protection advice and support for members of staff across DATA X and all subsidiaries of SCBX
Inform and advise the Data Controller or Data Processor on all matters related to data protection
Partners with the Data Governance Office to ensure data compliance
Promote a culture of data protection compliance across all units of DATA X
Maintain records of all data processing activities carried out by DATA X
Qualifications
Bachelor’s or Master’s Degree in Law, Technology or related fields.
Experience within a legal, compliance, audit and/or risk function department, with experience in dealing with Data Protection issues
Have significant hands-on privacy experience and expert knowledge of data protection law and practice for the purposes of implementing PDPA mandates
Experience with managing regulatory engagement
Strong project management skills
Ability to work well under pressure and manage sensitive and confidential information
Excellent verbal and written communication skills, with strong attention to detail
Ability to communicate complex privacy-related concepts and requirements in simple terms, including being able to translate regulator recommendations into internal guidelines and other documentation
Understand DATAx's mission and core operations, specifically its processing operations, information systems, and data security and data protection needs
Keep abreast of changes in law and technology that may change the threat landscape and, as a result, change DATAx's exposure to risk
Core Competencies
Data Protection Management – demonstrate the ability to design DATA X’s Data Protection management program in accordance with legal requirements
Business Risk Management – Able to forecast and assess existing and potential data risks which impact the operation and/or profitability of DATA X as well as the development and roll out organization-wide strategies and processes to mitigate risks
Cyber and Data Breach Incident Management – Able to detect and report cyber and data-related incidents to drive effective resolution
Integrity – use your strong ethical compass to navigate what are often uncharted territories