Data Protection Officer

Data Protection Officer

Reporting to the Head of Technology, the Data Protection Officer (DPO) provides guidance and advice on YMG’s compliance with General Data Protection Regulation (GDPR) and local data protection laws across all countries, monitoring our adherence to GDPR standards and act as a point of contact with data protection authorities and data subjects.

  QUALIFICATIONS:

•  Bachelor’s degree in computer science, information security, law, or a similar discipline.
• A minimum of three (3- 5) years’ experience within a compliance, legal, audit and/or risk function, with recent experience in privacy compliance.
• PECB Certified Data Protection Officer certification or other GDPR certification would be an asset.

 SPECIALISED SKILLS, TECHNIQUES/LEARNED DISCIPLINE:

•  Expertise in data protection laws and practices, including a deep understanding of GDPR and a good understanding of other major privacy frameworks and evolving legislation worldwide.
• Experience in developing policy and compliance training.
• Knowledge of information technology and data management systems is required.
• Relevant work experience of monitoring compliance with regulatory requirements and engaging with regulatory bodies is required.
• Experienced in the operational application of privacy law.
• The ability to handle confidential and sensitive information with the appropriate discretion.
• Strong change and project management skills, including the ability to manage time well, prioritise effectively, and handle multiple deadlines.
• The ability to work unsupervised, exercise leadership, and influence change.
• Excellent verbal and written communication skills.
• Well-developed and professional interpersonal skills; the ability to interact effectively with people at all levels of the organisation.
• Detail-oriented with the ability to recommend and implement strategic improvements on a range of data privacy and data protection issues.
• Ethical, with the ability to remain impartial and report all cases of noncompliance.
• The ability to use independent judgment and discretion when making decisions.
• Experience in conducting data protection impact assessments.

 MAIN RESPONSIBILITIES:

•  Implementing measures and a privacy governance framework to manage data useed in compliance with the GDPR, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.
• Working with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
• Ensuring that Yello’s IT systems and procedures comply with all relevant data privacy and protection law, regulation, and policy (including in relation to the retention and destruction of data).
• Collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues and providing training on the subject matter.
• Collaborating with the Information Security function(s) to maintain records of all data assets and exports and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests.
• Deliver training across all business units to staff members who are involved in data handling or processing.
• Coordinating and conducting data privacy audits.
• Maintain records of all data processing activities of the company
• Serve as point of contact for data protection authorities.

   SPECIAL CONDITIONS ASSOCIATED WITH THE JOB:

•   Normal working environment.
• Required to work outside of normal office hours to solve problems as deemed necessary.
• Overseas travel to other offices may be required from time to time.

  These responsibilities may be reviewed and updated from time to time to keep aligned with the company’s needs

                                                       Application Deadline:  Tuesday, October 3, 2023