Data Protection Specialist - DataX - February 4, 2022
Liaise between DATA X, supervisory, authorities, and subsidiaries
Liaise between DATA and data subject regarding the data subject's rights
Act as the primary point of contact within the organization for members of staff, regulators, and any relevant public bodies on issues related to data protection
Give advice and appropriate recommendations to business unit and subsidiaries regarding data protection
Verify and ensure data protection compliance within the organization
Provide advisory and support regarding PDPA matters such as DPIA, privacy incident management, training and awareness etc.
Make decision on privacy incidents that required regulators notification
Accountable for PDPA activities done by DPO office and other PDPA related activities such as Legitimate Interest Assessment etc.
Coordinate the investigation of all personal data breaches; working with the business, IT, Information Security and others to swiftly address the issue, diagnose the cause and extent of the problem, develop remediation actions including managing communication with relevant impacted individuals and the supervisory authority
Ensure the records of data processing activities are up-to-date
Bachelor’s or Master’s Degree in Law, Technology or related fields.
Have an in-depth understanding of PDPA
Have significant hands-on privacy experience and expert knowledge of data protection law and practice for the purposes of implementing PDPA mandates
Experience in risk management and risk escalation is advantage
Understanding of all personal data processes and activities within the organization
Ability to communicate complex privacy-related concepts and requirements in simple terms, including being able to translate regulator recommendations into internal guidelines and other documentation
Understand DATA X's mission and core operations, specifically its processing operations, information systems, and data security and data protection needs
Keep abreast of changes in law and technology that may change the threat landscape and, as a result, change DATA X's exposure to risk
Be independent of any involvement with determining the purposes and means of processing data