Data Privacy
Implementing and integrating data governance & privacy practices, in line with regulatory requirements, across the Group to enhance privacy maturity, and ensure compliance with privacy laws and regulations when processing personal information.
Key Responsibilities
Responsibility
Core activities
Framework
Privacy Assessments
- Conduct and maintain privacy processes including data protection impact assessments (DPIA) and Data Processing Assessments (DPA) .
- Support the ongoing effort to update record of processing assessments (ROPA) for IT applications.
- Maintain records of processing activities (ROPA) and safeguards such as privacy by design, to ensure compliance to regulatory requirements.
- NO
POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs
Privacy Policies and Procedures
- Help mature policies, processes, and procedures to manage data processing (e.g., purpose, scope, roles, and responsibilities) consistent with risk strategy, to protect personal and sensitive data-
- Understand the current state of privacy maturity within and maintain measurement of the impact of the Privacy Program on maturity-
NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII
Personal Data Governance
- Implement and integrate data privacy and governance practices across to address regulatory compliance and protect sensitive information.
- Facilitate the management and governance of personal data to protect individuals privacy, increase manageability and enable the implementation of privacy principles (for example data quality, data minimisation, data retention)
Varonis Implementation however towards data classification and labelling
NIST, ISO
Remark
Third Party Privacy Assessment
- Assess privacy posture of new vendors and detail associated privacy risks.
- Support business on details Data Processing Agreements.
- GAP analysis of technical and organizational measures (TOMS).
- Audit clause reviews.
- Sub processor risk analysis.
SOCI, SOCII, Sox
No experience of conducting the assessment.
Have been part of reviewing DPA.
Policy & Procedure Management
- Assist in the review and maintenance of the repository of IT policies and procedures. Ensure IT policies and procedures are updated as and when required, while ensuring privacy impacts are considered.
POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs
Data protection policy, privacy notice.
To conduct and facilitate reviews of IT privacy controls based on standard methodologies and an understanding of technical infrastructure, IT & privacy risk and cyber security
- Facilitate reviews of IT risk compliance work programs with technical teams
- Carry out reviews to a professional standard
- Issue agreed review finding reports
- Facilitate the remediation process for gaps / weaknesses identified
- Identify areas of improvement
- Evaluate the design and the effectiveness of current security controls from an IT Risk & Compliance perspective
NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII
Cross competency collaboration
Work with Legal Compliance on privacy matters relating to personal data processing.
- Collaborate with key business functions on IT privacy matters (Security, Legal, Procurement, HR, IT)- No
Assist with evidence provision and query response turnaround - No
POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs
Assist with the ongoing monitoring of the IT Compliance Programs
- Ongoing Monitoring of compliance to IT control & security requirements for designated systems- No
Assist with the remediation process for gaps / weaknesses identified No
CobIT, SOx 404, ISO27001, ISO27018, ISO27017, ISO27005, ISO31000, NIST
Assist with the review and monitoring of the IT privacy risk assessments & reviews
Assist with IT privacy risk assessments and reviews people systems-
IAPP, ISO27001, ISO27017, ISO27701, Region Specific Regulatory Requirements, GDPR, CCPA, POPIA, LGPD Brazil, SCCs
